Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 17-12-2017 Gestart door Sandra (21-12-2017 14:47:49) Gestart vanaf C:\Users\Sandra\Desktop Windows 10 Home Versie 1709 16299.125 (X64) (2017-12-20 19:29:05) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-964534832-1966221913-2303924523-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-964534832-1966221913-2303924523-503 - Limited - Disabled) Gast (S-1-5-21-964534832-1966221913-2303924523-501 - Limited - Disabled) Sandra (S-1-5-21-964534832-1966221913-2303924523-1001 - Administrator - Enabled) => C:\Users\Sandra WDAGUtilityAccount (S-1-5-21-964534832-1966221913-2303924523-504 - Limited - Disabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.) 12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-cd7d0ae8-75ce-4ea2-b060-a29f00380d82) (Version: 3.0.2.118 - WildTangent) Hidden abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated) abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated) Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated) Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated) Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3002 - Acer Incorporated) Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.01.3001 - Acer Incorporated) Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software) Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform) COMODO Firewall (HKLM\...\{1BF90AC2-E077-4EC0-810B-003DC9D65C91}) (Version: 10.0.2.6420 - COMODO Security Solutions Inc.) COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: - ) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.) Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.0.14.0 - Dashlane SAS) Freedome VPN (source) (HKLM-x32\...\{83A4BF20-6745-437C-98D8-3C4B94D174EB}) (Version: 1.16.0612 - Acer) Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.) Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.) Home Makeover (HKLM-x32\...\WTA-76c0df3e-7b57-4cb2-9110-c11786d6eb22) (Version: 3.0.2.59 - WildTangent) Hidden HP Dropbox Plugin (HKLM-x32\...\{714EA650-B1EC-4731-A7BF-50BB65C7C1A4}) (Version: 36.0.31.53050 - Hewlett-Packard Co.) HP ENVY 4520 series Basissoftware van het apparaat (HKLM\...\{2FE26F6F-9DFF-4700-BE09-D7BEDC190F3C}) (Version: 36.0.72.54013 - Hewlett-Packard Co.) HP ENVY 4520 series Help (HKLM-x32\...\{13BB4F7C-E718-43F9-9BF8-4F824436C7D0}) (Version: 36.0.0 - Hewlett Packard) HP Google Drive Plugin (HKLM-x32\...\{30FEB472-BC59-4966-8B0C-F8C2045D413E}) (Version: 36.0.31.53050 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4352 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1094 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{A501AF33-9AEA-4703-BC2F-D4B86458899D}) (Version: 17.1.1531.1764 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{4c8b7360-62a2-4339-b745-41323055d0bb}) (Version: 18.20.0 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.424651.94 - Comodo) Jewel Match 3 (HKLM-x32\...\WTA-ea169dba-f7bc-4909-8d34-1e39d11a8fa4) (Version: 2.2.0.97 - WildTangent) Hidden Jewel Match Snowscapes (HKLM-x32\...\WTA-d9d627dd-006f-44dd-8719-0cccd521cef4) (Version: 3.0.2.118 - WildTangent) Hidden Magic Academy (HKLM-x32\...\WTA-c91694be-915c-4d89-820c-1a829af3f4e4) (Version: 2.2.0.97 - WildTangent) Hidden Malwarebytes versie 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft Office 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.8730.2127 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-964534832-1966221913-2303924523-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Polar Bowler 1st Frame (HKLM-x32\...\WTA-06046762-dca3-4333-97da-dcb0b27896bf) (Version: 3.0.2.59 - WildTangent) Hidden Productverbeteringsonderzoek voor HP ENVY 4520 series (HKLM\...\{9898E457-1F48-416B-8104-0272E2891EC1}) (Version: 36.0.72.54013 - Hewlett-Packard Co.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7667 - Realtek Semiconductor Corp.) Rory's Restaurant (HKLM-x32\...\WTA-399dc2ea-39a8-4565-b8bc-85bcaa966474) (Version: 3.0.2.126 - WildTangent) Hidden Runefall (HKLM-x32\...\WTA-7877e8f5-db95-4270-a3f9-90503688df21) (Version: 3.0.2.126 - WildTangent) Hidden Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.16 - WildTangent) Hidden WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.1.1.14 - WildTangent) Hidden Windows Driver Package - Intel Corporation (iagpioe) System (05/21/2015 604.10120.2652.361) (HKLM\...\AF9226384B030787C4D0F761A23F48F7649D6D17) (Version: 05/21/2015 604.10120.2652.361 - Intel Corporation) Windows Driver Package - Intel Corporation (iai2ce) System (06/30/2015 604.10146.2643.2818) (HKLM\...\42CFE5B10021C15BFC08687E1D339C8BB3D32DDA) (Version: 06/30/2015 604.10146.2643.2818 - Intel Corporation) Windows Driver Package - Intel Corporation (iauarte) System (05/21/2015 604.10120.2653.391) (HKLM\...\1D4FF76A05A14FF5BA3636A41E0AB237F3A55E14) (Version: 05/21/2015 604.10120.2653.391 - Intel Corporation) ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-24] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-24] (AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-24] (AVAST Software) ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-11-21] (COMODO) ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-11-21] (COMODO) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-24] (AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Geen bestand ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-01-13] (Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-24] (AVAST Software) ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-11-21] (COMODO) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {10039199-8D99-48DC-98D0-8A9B7B87FBF5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-18] (Microsoft Corporation) Task: {134D0AD7-410B-4DE6-9CCC-74A203FED35C} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: ) Task: {1CE79039-BF99-4CB0-813A-86E689A61D59} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO) Task: {207CB5DE-F49F-4964-8F71-36A201B014BB} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO) Task: {21EA6122-386D-4FE9-8283-C633E9DB38A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd) Task: {2212F127-19F5-4216-B39A-8DEAC66989F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {2EE516ED-39C8-45CD-9B48-55A1E88E789E} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-01-20] () Task: {39B0D1EA-C77C-4C89-A226-D62E89B63CD8} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2017-11-21] (COMODO) Task: {6D42EF14-79F3-4C27-863F-FE9E4B60BA86} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [2016-10-25] (Hewlett-Packard Development Company, LP) Task: {6E88C5D1-78E3-4DE3-A879-B1112F51B724} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation) Task: {7020175E-EB72-4DE2-9F83-675D6BC6E651} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation) Task: {8B727A2D-6A39-45E2-88EB-C715642EC497} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-24] (AVAST Software) Task: {900E89CC-B16D-4228-8139-B224AFA746DC} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-01-20] () Task: {9116142B-ABF4-4E59-9DDC-CFB0F3FF6A72} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-11-21] (COMODO) Task: {92CDAFAB-6A9D-466B-BA0D-3ADDC6DF6029} - System32\Tasks\SafeZone scheduled Autoupdate 1476286673 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe Task: {92F23D6B-1328-4307-8252-B290760B4C83} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-18] (AVAST Software) Task: {93C25E00-419D-4136-A487-F5E3CD96E326} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-01-20] () Task: {9BF95B97-FEC8-4ABB-96A5-9335CF977F33} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-11-24] (Acer) Task: {A214D979-F1E7-418A-B0F8-F4FFC2EFAFA4} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO) Task: {A55A4FF2-AD47-469A-B673-9A6F42B3FDF9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd) Task: {A6641107-2F03-423F-812A-E33AC7B4FF2B} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-02-02] (Acer Incorporated) Task: {B145D0CB-5489-4232-B5AA-E0748FFA4093} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] () Task: {C155570D-1506-4D57-B35E-EC63D59CAC4C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software) Task: {C3095AAE-8077-4DC2-8B5C-2FD284704555} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-10-12] (Acer Incorporated) Task: {C30A2682-BBCC-46FA-9302-B83F3B4129CB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-18] (Microsoft Corporation) Task: {DC60E23F-D623-40AD-A185-5414E0DF0A17} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation) Task: {E186D145-BE90-4457-BD4F-993A1994A086} - \Microsoft\Windows\UNP\RunCampaignManager -> Geen bestand <==== AANDACHT Task: {E7934BDC-E434-4413-B114-7CF6596BE63B} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-11-24] (Acer Incorporated) Task: {E7B7CF11-EDCD-49DE-8BD6-A988CC561B40} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO) Task: {E892AE21-FE97-4A0B-98F1-1CB66FA5784F} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] () (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ==================== Geladen Modules (gefilterd) ============== 2017-11-21 20:23 - 2017-11-21 20:23 - 000156864 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll 2017-11-21 20:22 - 2017-11-21 20:22 - 000241856 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll 2017-11-21 20:22 - 2017-11-21 20:22 - 000106688 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll 2017-12-18 14:39 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2016-02-05 08:56 - 2016-01-13 00:40 - 000384120 _____ () C:\WINDOWS\system32\igfxTray.exe 2017-12-20 21:56 - 2017-11-26 13:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-12-20 21:55 - 2017-11-26 13:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-06-08 16:12 - 2015-05-14 08:10 - 000030976 _____ () C:\OEM\Preload\FubTracking\FubTracking.exe 2016-01-20 19:50 - 2016-01-20 19:50 - 004644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe 2017-12-07 22:41 - 2017-12-07 22:41 - 000102088 _____ () C:\Users\Sandra\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll 2017-11-24 17:47 - 2017-11-24 17:47 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-11-24 17:47 - 2017-11-24 17:47 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll 2017-07-06 17:50 - 2017-07-06 17:50 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-11-24 17:48 - 2017-11-24 17:48 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-11-24 17:48 - 2017-11-24 17:48 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-11-24 17:47 - 2017-11-24 17:47 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-09-22 15:14 - 2017-09-22 15:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll 2017-09-22 15:17 - 2017-09-22 15:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll 2017-09-22 15:17 - 2017-09-22 15:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll 2017-09-22 15:16 - 2017-09-22 15:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll 2017-12-20 20:02 - 2017-12-20 20:02 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll 2017-03-20 14:24 - 2017-03-20 14:24 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll 2017-03-20 14:21 - 2017-03-20 14:21 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll 2017-10-02 14:56 - 2017-10-02 14:56 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll 2017-10-02 14:56 - 2017-10-02 14:56 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.) AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiD711.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpinkinsD711.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpinkstsD711LM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HPScanTRDrv_EN4520.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HPWia2_EN4520.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ibtproppage.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SET3D5D.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ibtusb.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET17B1.tmp:$CmdTcID [64] AlternateDataStreams: C:\Users\Sandra\Downloads\cmd_fw_installer_6113_c7.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Sandra\Downloads\cmd_fw_installer_6113_c7.exe.kzonbu7.partial:$CmdZnID [26] AlternateDataStreams: C:\Users\Sandra\Downloads\OpenOfficePortable_4.1.2_Patch_1_MultilingualAll.paf.exe:$CmdTcID [64] ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.) ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.) ==================== Hosts inhoud: =============================== (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.) 2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-964534832-1966221913-2303924523-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{DCB74D36-4602-4247-B662-999B16474889}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{689BC11E-6814-42D1-95A7-E300E38A118B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{94E89F79-C30D-4645-BAAE-031C8D11A217}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{1D3A9B7C-E51D-4943-87B6-124DA4F6A58C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{64BD1B35-1750-49BC-9E2F-D28DFCD81032}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AD1E1658-D1BB-454C-80C8-2CC5E7445E45}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe FirewallRules: [{FDC37BBE-8A5A-402D-92C7-CDD1962B3DFD}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe FirewallRules: [{59948178-E359-4618-8A68-4E637B4B89B3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{B1598C2E-DF3E-46F5-B29E-ABBD23DC2567}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{5A016586-8886-4B18-BB4E-67802637834E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{6032BBA3-5272-4047-92D1-009091E3995B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{E2977F2D-A783-4689-9BDC-271CBB5118B3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{5F536456-9BE2-4ADB-888A-FA442C3FCD13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{5E1513FF-8EBA-4233-9790-5F51098CD4C8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{0E381AB2-2D41-416B-AE3E-A55FACC5C1EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{8A50108D-E857-4C80-8F29-10B536A28CB7}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe FirewallRules: [{BC824302-8819-4BEB-A902-A4C2DD3583B2}] => (Allow) LPort=5357 FirewallRules: [{4BEB6180-37DB-4641-A0AA-1AAF7D2EA7E7}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe ==================== Herstelpunten ========================= 20-12-2017 20:47:54 Windows 10 versie 1709 ==================== Defecte Apparaatbeheer Apparaten ============= ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (12/20/2017 09:48:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-IEIV3RN4) Description: Het pakket Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App is beëindigd omdat het onderbreken te lang duurde. Error: (12/20/2017 08:22:53 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: ) Description: Kan de status van clusterknooppunt niet ophalen. De geretourneerde foutcode: 0x8007085A Error: (12/20/2017 08:22:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Gebeurtenisprovider CisWmi heeft geprobeerd query SELECT * FROM CisFileRatingChange te registreren, waarvan doelklasse CisFileRatingChange in naamruimte //./ROOT/cis niet bestaat. De query wordt genegeerd. Error: (12/20/2017 08:22:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Gebeurtenisprovider CisWmi heeft geprobeerd query SELECT * FROM CisStatusChange te registreren, waarvan doelklasse CisStatusChange in naamruimte //./ROOT/cis niet bestaat. De query wordt genegeerd. Error: (12/20/2017 08:22:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Gebeurtenisprovider CisWmi heeft geprobeerd query SELECT * FROM CisNotification te registreren, waarvan doelklasse CisNotification in naamruimte //./ROOT/cis niet bestaat. De query wordt genegeerd. Error: (12/20/2017 08:22:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Gebeurtenisprovider CisWmi heeft geprobeerd query SELECT * FROM FwAlert te registreren, waarvan doelklasse FwAlert in naamruimte //./ROOT/cis niet bestaat. De query wordt genegeerd. Error: (12/20/2017 08:22:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Gebeurtenisprovider CisWmi heeft geprobeerd query SELECT * FROM DfAlert te registreren, waarvan doelklasse DfAlert in naamruimte //./ROOT/cis niet bestaat. De query wordt genegeerd. Error: (12/20/2017 08:22:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Gebeurtenisprovider CisWmi heeft geprobeerd query SELECT * FROM AvAlert te registreren, waarvan doelklasse AvAlert in naamruimte //./ROOT/cis niet bestaat. De query wordt genegeerd. Error: (12/20/2017 08:22:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Gebeurtenisprovider CisWmi heeft geprobeerd query SELECT * FROM CisAlert te registreren, waarvan doelklasse CisAlert in naamruimte //./ROOT/cis niet bestaat. De query wordt genegeerd. Error: (12/20/2017 08:22:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Gebeurtenisprovider CisWmi heeft geprobeerd query SELECT * FROM CisEvent te registreren, waarvan doelklasse CisEvent in naamruimte //./ROOT/cis niet bestaat. De query wordt genegeerd. Systeemfouten: ============= Error: (12/21/2017 02:36:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} en APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (12/21/2017 02:24:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} en APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (12/20/2017 10:39:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} en APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (12/20/2017 10:26:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: De Downloaded Maps Manager-service is bij het starten vastgelopen. Error: (12/20/2017 10:23:50 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: De server {E60687F7-01A1-40AA-86AC-DB1CBF673334} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (12/20/2017 10:23:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De AppX Deployment Service (AppXSVC)-service kan vanwege de volgende fout niet worden gestart: De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord. Error: (12/20/2017 10:23:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: AppX Deployment Service (AppXSVC). Error: (12/20/2017 10:22:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De AppX Deployment Service (AppXSVC)-service kan vanwege de volgende fout niet worden gestart: De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord. Error: (12/20/2017 10:22:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: AppX Deployment Service (AppXSVC). Error: (12/20/2017 10:22:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De AppX Deployment Service (AppXSVC)-service kan vanwege de volgende fout niet worden gestart: De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord. CodeIntegrity: =================================== Date: 2017-12-21 14:44:58.808 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-12-21 14:28:25.251 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-12-21 14:28:23.705 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-12-21 14:28:07.199 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-12-21 14:24:25.931 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-12-21 14:24:23.986 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-12-21 14:24:23.528 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-12-21 14:24:06.783 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-21 14:24:06.777 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-21 14:23:24.408 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\guard32.dll because the set of per-page image hashes could not be found on the system. ==================== Geheugen info =========================== Processor: Intel(R) Celeron(R) CPU N3050 @ 1.60GHz Percentage geheugen in gebruik: 50% Totaal fysiek RAM-geheugen: 3921.52 MB Beschikbaar fysiek RAM-geheugen: 1953.53 MB Totaal Virtueel geheugen: 4689.52 MB Beschikbaar Virtual geheugen: 2659.83 MB ==================== Schijven ================================ Drive c: (Acer) (Fixed) (Total:930.91 GB) (Free:865.79 GB) NTFS ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 69C9EDCE) Partition: GPT. ==================== Eind van Addition.txt ============================