Solved PC hacked

[Stello72]

My PC is probably hacked
I did the frst setup and send it with te message.

How can I fix it

 

[Stello72]

There are so many things that not supposed to be On my computer.
Unknown user accounts
Printer was USB, now seems to work On direct WiFi .
Browsers are changed And programs install themselfs.
I have Udp flood And tcp scans On router. And many more problems.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

Please, observe forum rules.
All logs have to be pasted not attached.

 

[Stello72]

Broni, I am glad You want to help me.
Will follow your instructions For the removal

Thnx Stello

 

[Stello72]

Hello Broni, Thanks for your mail, I am not certain what to do now...Is there something I must do or just wait for your message to do something?

 

[Stello72]

Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 22.04.2018 01
Gestart door Gebruiker (18-09-2018 11:06:43)
Gestart vanaf C:\Users\Gebruiker\Downloads
Windows 10 Home Versie 1803 17134.286 (X64) (2018-05-23 00:26:15)
Boot Modus: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3489418135-4018434446-1041310367-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3489418135-4018434446-1041310367-503 - Limited - Disabled)
Gast (S-1-5-21-3489418135-4018434446-1041310367-501 - Limited - Disabled)
Gebruiker (S-1-5-21-3489418135-4018434446-1041310367-1001 - Administrator - Enabled) => C:\Users\Gebruiker
marce (S-1-5-21-3489418135-4018434446-1041310367-1003 - Administrator - Enabled) => C:\Users\marce
WDAGUtilityAccount (S-1-5-21-3489418135-4018434446-1041310367-504 - Limited - Disabled)
==================== Security Center ========================
(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Geïnstalleerde programma's ======================
(Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.)
. . (HKLM\...\{5321B911-50E8-4F81-843D-B66E8938579C}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{FD87084D-762B-4B64-B34E-95FEA079327A}) (Version: 3.5.0.3 - Intel) Hidden
Aangifte loonheffingen 2017 (HKLM-x32\...\Aangifte loonheffingen 2017) (Version: - Belastingdienst)
Aangifte loonheffingen 2018 (HKLM-x32\...\Aangifte loonheffingen 2018) (Version: - Belastingdienst)
Aangifte vennootschapsbelasting 2017 (HKLM-x32\...\Aangifte vennootschapsbelasting 2017) (Version: - Belastingdienst)
Administratieve Software van Davilex (HKLM-x32\...\{74610C10-BA84-456F-B3AD-0C5DFCB4212C}) (Version: 9.8.0.1370 - Davilex) Hidden
Administratieve Software van Davilex (HKLM-x32\...\InstallShield_{74610C10-BA84-456F-B3AD-0C5DFCB4212C}) (Version: 9.8.0.1370 - Davilex)
Advanced IP Scanner 2.5 (HKLM-x32\...\{738DCBE9-20A3-4CE6-84C7-E0A5B82F7617}) (Version: 2.5.3646 - Famatech)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.900 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{0b3ea660-ce3c-40c6-ae16-f08c84165d34}) (Version: 5.2.20361 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{9B252E0D-7B31-48A6-B01E-B5CCBA286E8E}) (Version: 1.1.0.168 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{6FA09B91-5D97-45A9-95E9-50F635C98043}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{325A005F-D9DB-42DD-A154-C2CC592AF472}) (Version: 12.9.24.3 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.31.0 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{ABE95EB9-5EA1-42A3-8009-BA7602127ED6}) (Version: 1.4.25 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Intel(R) Computing Improvement Program (HKLM\...\{96FD0BEE-6848-48BB-AA99-A2033DB7F4E4}) (Version: 2.2.03942 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000070-0200-1043-84C8-B8D95FA3C8C3}) (Version: 20.70.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{3252578f-e595-4827-a6ed-0a278bbbdae8}) (Version: 3.5.0.3 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{bb524cb9-b65f-4f06-97f4-48c851e87a57}) (Version: 20.80.0 - Intel Corporation)
Malwarebytes versie 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office 2016 voor Thuisgebruik en Studenten - nl-nl (HKLM\...\HomeStudentRetail - nl-nl) (Version: 16.0.10730.20102 - Microsoft Corporation)
Microsoft Office 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.10730.20102 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.10730.20102 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\OneDriveSetup.exe) (Version: 18.151.0729.0006 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (HKLM-x32\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM-x32\...\{C6E88BEF-D9C5-4664-BCC0-02522D4C2998}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Nmap 7.70 (HKLM-x32\...\Nmap) (Version: 7.70 - Nmap Project)
Npcap 0.99-r2 (HKLM-x32\...\NpcapInst) (Version: 0.99-r2 - Nmap Project)
NVIDIA Grafisch stuurprogramma 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Opera Stable 55.0.2994.61 (HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\...\Opera 55.0.2994.61) (Version: 55.0.2994.61 - Opera Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.17134.21306 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 2.02.53 (30-5-2018) - HP Printing Korea Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 2.00.01.24 - HP Printing Korea Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.01.18 (31-5-2018) - HP Printing Korea Co., Ltd.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.28 - Samsung Electronics Co., Ltd.)
Samsung Printerdiagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.28 - HP Printing Korea Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.32 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 3.31.81.01:10 - Samsung Electronics Co., Ltd.)
Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) Hidden
Software voor Intel® Chipset-apparaten (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
SQL Server 2014 Common Files (HKLM-x32\...\{BFB3B874-8033-4F5E-BE47-0AED2541E57C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM-x32\...\{F78A23CD-E9A0-46E3-88E2-CF2CC93AE7BA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM-x32\...\{71E418D7-C0C5-455A-A248-1A3C3839EEEF}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM-x32\...\{A1ED7C85-A91A-4788-B0CC-86FA19C042E8}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM-x32\...\{1D1E4532-6A52-471B-B006-EA04A2BBFCE9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM-x32\...\{AA2D8197-6678-4242-9222-3A03993E89B3}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{894F30EB-3F0A-422F-9225-EB00DC9414EA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Stijlvol stuurprogrammapakket (HKLM-x32\...\Samsung Stylish UI Pack) (Version: 1.01.74.00 (9-2-2015) - Samsung Electronics Co., Ltd.)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
WhatsApp (HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\...\WhatsApp) (Version: 0.3.557 - WhatsApp)
Windows 10-upgradeassistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
ZoneAlarm Antivirus (HKLM-x32\...\{86FCCB14-C149-4AAA-86F0-FBF2D16EF958}) (Version: 15.3.064.17729 - Check Point Software Technologies Ltd.) Hidden
==================== Aangepaste CLSID (gefilterd): ==========================
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll -> Geen bestand
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Geen bestand
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\igfxDTCM.dll [2018-01-15] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll -> Geen bestand
==================== Geplande Taken (gefilterd) =============
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
Task: {00043DB7-37A3-4561-B765-403B9D47BC43} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {075FEF3D-CE82-4D4B-B7D5-EEFA3EA62030} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-01] (Microsoft Corporation)
Task: {08FAE170-FBC3-4B27-9BCF-9A3EA18AAC35} - System32\Tasks\S-1-5-21-3489418135-4018434446-1041310367-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {0A7AA876-862F-4F81-AA4B-B73950FA632C} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndScanForUpdates
Task: {17D346E0-9B35-4ADC-89C3-6C585C7C0797} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\sp81220.exe <==== AANDACHT
Task: {185CFBC6-FD5A-4B12-B952-78B721681F6E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-07-19] (NVIDIA Corporation)
Task: {2398B1DD-F8AD-4FAE-B899-1ABCE9C4D37F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-08] (Microsoft Corporation)
Task: {2413B3C5-E2E0-47EA-AC97-DD7825B7EEF7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {2BB0F5BD-F59B-4A53-B042-655716E556F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {32D028B8-B3F9-484F-B6C7-5C0B6F1AF402} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {33BFF485-9160-478F-8C74-1D4A0BF60DBB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-15] (Microsoft Corporation)
Task: {3AB199EC-52F1-499C-A8C1-97E6AE553433} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {3D94704B-9E93-48A0-BE1A-EFE3FE2A85B2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
Task: {430852CB-A87C-492E-A659-075C7BF1710C} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndContinueUpdates
Task: {47079627-5E0E-436A-808F-3D8F6CC8073C} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {47AE4165-7CB8-4252-9E5F-054C5CE57F51} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {4BCCC35C-6773-4CAD-B7D2-B0C52F0C9785} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
Task: {4E4A0189-45AD-481E-9F49-DF9F1D4949A0} - System32\Tasks\HPCeeScheduleForGebruiker => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {541BA5BF-1736-4A3E-B1E5-CE1C9EE13043} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdates
Task: {65A34F07-723D-4150-B109-13BD1AE3DFAA} - System32\Tasks\Microsoft\Windows\InstallService\SmartRetry
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {67006E35-E0CC-4931-B153-BBAF3210CBCA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {70FD0933-646C-436A-99F2-52F298239E18} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-09-15] (Microsoft Corporation)
Task: {78BABCCD-20B8-49B7-B4F8-87490C41C875} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdatesAsUser
Task: {7B9369C9-157E-4148-88AA-A9A1FFD4A896} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-01] (Microsoft Corporation)
Task: {7C01ED0F-EC8C-4C30-8035-DF0222AC062D} - System32\Tasks\S-1-5-21-3489418135-4018434446-1041310367-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {7DEC53A3-3866-4C74-BED6-3DD638D77E26} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-15] (Microsoft Corporation)
Task: {7E486E4D-9FB0-45D9-B7E1-70095DE54AE7} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\windows\explorer.exe /NOUACCHECK
Task: {7FED1AD3-8455-4565-9937-34E12F4F05C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {8AC53369-D7E7-432F-93F2-0BD62CAEBE07} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {8E7D01B9-B5B9-41DC-BA70-AD7260A2401B} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {8F255F88-A87A-495F-B828-A4AFEC70BDB0} - System32\Tasks\Microsoft\Windows\DirectX\DXGIAdapterCache => C:\WINDOWS\system32\dxgiadaptercache.exe [2018-04-12] (Microsoft Corporation)
Task: {981A9686-DFCA-436D-995C-0291BD86EEC3} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {9A5C8E67-84FD-4671-A331-40A0D76F5552} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe [2016-08-05] ()
Task: {9C5DD350-983E-485D-BF33-8D691B2CD014} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-01] (Microsoft Corporation)
Task: {A167F6E0-ED47-419C-807E-2A11ECBA98D4} - System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation
Task: {AA95B154-6C55-460B-9706-5D7815353B69} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {B05A67CD-06C3-453C-A38D-7BDA52590228} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {B420889A-CDF4-41D2-A3A1-D08B850DE7A1} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {BA8E146D-8FE8-4C83-AB4B-1BAD00F1B54A} - \Microsoft\Windows\UNP\RunCampaignManager -> Geen bestand <==== AANDACHT
Task: {BD103ABC-B85B-47CC-847D-9D8EF3DAA7FD} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Task: {C04A6EF3-6045-42F7-9606-7776FA09AE03} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-09-15] (Microsoft Corporation)
Task: {C2098BE2-A29A-4EB1-97F6-F0C57E086D4F} - System32\Tasks\Microsoft\Windows\Speech\HeadsetButtonPress => C:\WINDOWS\system32\speech_onecore\common\SpeechRuntime.exe [2018-05-20] (Microsoft Corporation)
Task: {C3761117-8746-498F-84CF-BCCE87C726E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {C5CD754B-02C9-455E-BE84-39A966AF4819} - System32\Tasks\EPM Preload => C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2DotNetHandler.exe [2018-05-21] ()
Task: {CE803927-047D-49F3-8F66-F687C741BA3C} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
Task: {D1CC320B-9A47-4DB4-AFE4-2BCE1A964E7A} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources
Task: {D9533A8F-B16A-4508-86B1-216EF5EC156A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-01] (Microsoft Corporation)
Task: {E7181FAE-3ADF-4F02-A62C-E7EEF3841BD0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {E76C2F3F-EB28-442E-A0C1-FE94A7361E7E} - System32\Tasks\HPCeeScheduleFormarce => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {E7F844B5-DDB4-403F-A588-060B332AF86C} - System32\Tasks\Opera scheduled Autoupdate 1535505639 => C:\Users\Gebruiker\AppData\Local\Programs\Opera\launcher.exe [2018-09-13] (Opera Software)
Task: {EA03913A-66C7-4EC2-9782-86D1FB1D22DA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
Task: {EC2F4C83-1D2A-4C05-8AD1-1AF34BC87CDB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {EF3AB5CB-92B5-4D02-B3C3-7C1C2639F4BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {FA268BCF-406E-4F39-B5C2-596A37AC7A13} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {FDB6DE91-F177-47B9-89E4-84693A2853A7} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {FF3142BC-0470-4388-A9DB-40935BCEF91A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {FF7D3BEF-D704-4CD0-ABB8-2670DA071458} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-08] (Microsoft Corporation)
(Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForGebruiker.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormarce.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Snelkoppelingen & WMI ========================
(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)

==================== Geladen Modules (gefilterd) ==============
2018-09-11 12:16 - 2017-06-14 14:57 - 000022528 _____ () C:\WINDOWS\System32\us005lm.dll
2017-09-28 10:17 - 2015-03-12 04:43 - 000022528 _____ () C:\WINDOWS\System32\us013lm.dll
2018-06-30 14:27 - 2018-06-30 14:27 - 000165064 _____ () C:\WINDOWS\system32\IntelWifiIhv04.dll
2018-07-12 07:11 - 2018-09-06 05:50 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-08-05 15:42 - 2016-08-05 15:42 - 000843800 _____ () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-18 06:19 - 2018-09-15 04:17 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2014-09-08 14:39 - 2014-09-08 14:39 - 000464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 14:38 - 2014-09-08 14:38 - 000051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2018-03-19 19:50 - 2018-03-19 19:50 - 000449608 _____ () C:\Program Files (x86)\Nmap\zenmap.exe
2018-09-18 02:37 - 2018-09-18 02:37 - 102216792 _____ () C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera_browser.dll
2018-09-18 02:37 - 2018-09-18 02:37 - 004832856 _____ () C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\libglesv2.dll
2018-09-18 02:37 - 2018-09-18 02:37 - 000116312 _____ () C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\libegl.dll
2018-09-13 15:55 - 2018-09-13 15:55 - 000134656 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\29507aa63ed4f226896b0019876d47cc\BRIDGECommon.ni.dll
2018-09-13 15:55 - 2018-09-13 15:55 - 000112128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\eb4f6183dec1b83dfd9dc4db93b4109e\BridgeExtension.ni.dll
2018-09-13 15:55 - 2018-09-13 15:55 - 000068608 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\097f941d67c09fde06d13dce128bb7f7\NativeInterop.ni.dll
2017-11-09 01:44 - 2017-11-09 01:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

 

[Stello72]

2018-03-17 04:41 - 2018-03-17 04:41 - 000058368 _____ () C:\Program Files (x86)\Nmap\py2exe\glib._glib.pyd
2018-03-17 04:41 - 2018-03-17 04:41 - 000113152 _____ () C:\Program Files (x86)\Nmap\py2exe\gobject._gobject.pyd
2018-03-17 04:41 - 2018-03-17 04:41 - 001882624 _____ () C:\Program Files (x86)\Nmap\py2exe\gtk._gtk.pyd
2018-03-17 04:41 - 2018-03-17 04:41 - 000100352 _____ () C:\Program Files (x86)\Nmap\py2exe\zlib1.dll
2018-03-17 04:41 - 2018-03-17 04:41 - 000279059 _____ () C:\Program Files (x86)\Nmap\py2exe\libfontconfig-1.dll
2018-03-17 04:41 - 2018-03-17 04:41 - 000538324 _____ () C:\Program Files (x86)\Nmap\py2exe\freetype6.dll
2018-03-17 04:41 - 2018-03-17 04:41 - 000143096 _____ () C:\Program Files (x86)\Nmap\py2exe\libexpat-1.dll
2018-03-17 04:41 - 2018-03-17 04:41 - 001294335 _____ () C:\Program Files (x86)\Nmap\py2exe\libcairo-2.dll
2018-03-17 04:41 - 2018-03-17 04:41 - 000230529 _____ () C:\Program Files (x86)\Nmap\py2exe\libpng14-14.dll
2018-03-17 04:41 - 2018-03-17 04:41 - 000069632 _____ () C:\Program Files (x86)\Nmap\py2exe\cairo._cairo.pyd
2018-03-17 04:41 - 2018-03-17 04:41 - 000263168 _____ () C:\Program Files (x86)\Nmap\py2exe\gio._gio.pyd
2018-03-17 04:41 - 2018-03-17 04:41 - 000111616 _____ () C:\Program Files (x86)\Nmap\py2exe\pango.pyd
2018-03-17 04:41 - 2018-03-17 04:41 - 000208384 _____ () C:\Program Files (x86)\Nmap\py2exe\atk.pyd
2018-03-17 04:41 - 2018-03-17 04:41 - 000017920 _____ () C:\Program Files (x86)\Nmap\py2exe\pangocairo.pyd
2018-03-17 04:41 - 2018-03-17 04:41 - 000046592 _____ () C:\Program Files (x86)\Nmap\py2exe\_socket.pyd
2018-03-17 04:41 - 2018-03-17 04:41 - 001410048 _____ () C:\Program Files (x86)\Nmap\py2exe\_ssl.pyd
2018-03-17 04:41 - 2018-03-17 04:41 - 001016832 _____ () C:\Program Files (x86)\Nmap\py2exe\_hashlib.pyd
2018-03-17 04:41 - 2018-03-17 04:41 - 000100255 _____ () C:\Program Files (x86)\Nmap\py2exe\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2018-03-17 04:41 - 2018-03-17 04:41 - 000136704 _____ () C:\Program Files (x86)\Nmap\py2exe\pyexpat.pyd
==================== Alternate Data Streams (gefilterd) =========
(Als een item is opgenomen in de fixlist, wordt alleen de ADS verwijderd.)

==================== Veilige Modus (gefilterd) ===================
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. De waarde van "AlternateShell" wordt hersteld.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"
==================== Bestandskoppeling (gefilterd) ===============
(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd.)

==================== Internet Explorer vertrouwde/beperkte toegang ===============
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd.)

==================== Hosts inhoud: ===============================
(Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.)
2016-07-16 13:47 - 2018-08-24 01:35 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Andere gebieden ============================
(Momenteel is er geen automatische fix voor dit onderdeel.)
HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\marce\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win7 blue 1920x1200.jpg
DNS Servers: 84.116.46.21 - 84.116.46.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is ingeschakeld.
==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==
MSCONFIG\Services: BTAGService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: Samsung Network Fax Server => 2
HKLM\...\StartupApproved\StartupFolder: => "Samsung Network PC Fax.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "CDAServer"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ZaAntiRansomware"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\...\StartupApproved\StartupFolder: => "Verzenden naar OneNote.lnk"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\...\StartupApproved\Run: => "STUISpeedLauncher"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_AD716DED1E4CC2DA20B001E2A7A0FC41"
==================== Firewall regels (gefilterd) ===============
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
FirewallRules: [{566BBB06-8DF1-4A1A-8766-968B2BE20EAD}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{BF0A877D-BE39-49EB-BBBD-69B2842FB43D}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{745DC163-0B07-48B9-93CD-4A0F17976F14}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{6E03A726-07D7-48F9-9BCB-92ADC5B12EE7}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{96FEE6A8-F88C-4B72-AAED-DA0F96536063}] => (Allow) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.44\opera.exe
FirewallRules: [{5D2769FA-C8AF-4010-AF1E-FA6DD50BA590}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe
FirewallRules: [{2AF7F1F3-E538-40DD-8F54-B9865737381A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EasyPrinterManagerV2.exe
FirewallRules: [{C09E98D2-992D-48AB-ACD1-72E878BE4992}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{46E3137C-DCAD-4B50-81FB-E6647F7FA1B1}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2AlertList.exe
FirewallRules: [{3D16E004-8EC5-403E-BEB1-F575495A91EE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2Migrator.exe
FirewallRules: [{7609442F-70D5-4B6A-B30B-B4974B8CB010}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{2BEFA32F-EE9E-4A26-B162-2802949447DE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe
FirewallRules: [{4339E2C7-3D98-4F11-BC33-EB15599A9A54}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe
FirewallRules: [{8F549A90-4D3F-4F9E-AD95-2F8AD5E6F49C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{E9A74B55-20C9-438E-B274-288272FFCF6B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{A5EC1F02-D0CE-46D9-899E-83ADBC3ED67E}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{E48467AE-D9FA-4B1E-80ED-17739A652027}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E4EDD943-F110-44F7-8FAF-72702639CD27}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
==================== Herstelpunten =========================
16-09-2018 06:31:54 Installatieprogramma voor Windows-modules
16-09-2018 06:32:35 Removed HP 3D DriveGuard.
17-09-2018 21:50:03 Installatieprogramma voor Windows-modules
17-09-2018 23:18:39 Herstelbewerking
==================== Defecte Apparaatbeheer Apparaten =============
Name: Npcap Loopback Adapter
Description: Microsoft KM-TEST-loopbackadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kmloop
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft GS Wavetable-synthesizer
Description: Algemene softwareoplossing
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Wide Vision HD
Description: USB-videoapparaat
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Eventlog fouten: =========================
Applicatiefouten:
==================
Error: (09/18/2018 10:23:08 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/18/2018 09:34:35 AM) (Source: MSSQLSERVER) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQLSERVER\Performance'. SQL Server performance counters are disabled.
Error: (09/18/2018 09:26:57 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-HPMDV)
Description: brave hendrikbrave hendrik-2147467263
Error: (09/18/2018 09:25:37 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-HPMDV)
Description: brave hendrikbrave hendrik-2147467263
Error: (09/18/2018 09:15:31 AM) (Source: MSSQLSERVER) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQLSERVER\Performance'. SQL Server performance counters are disabled.
Error: (09/18/2018 09:13:04 AM) (Source: MSSQLSERVER) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQLSERVER\Performance'. SQL Server performance counters are disabled.
Error: (09/18/2018 09:13:03 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 10419 ms
DPTF Build Version: 8.2.11000.2996
DPTF Build Date: Aug 10 2016 11:44:33
Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function: PolicyBase::takeControlOfOsc
Message: Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version: 8.2.11000.2996
DPTF Build Date: Aug 10 2016 11:44:33
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function: EsifServices:rimitiveExecuteSet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance: 255
ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]

Policy: Passive Policy 2 [2]
Error: (09/18/2018 09:13:03 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 10223 ms
DPTF Build Version: 8.2.11000.2996
DPTF Build Date: Aug 10 2016 11:44:33
Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function: PolicyBase::takeControlOfOsc
Message: Critical Policy: Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version: 8.2.11000.2996
DPTF Build Date: Aug 10 2016 11:44:33
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function: EsifServices:rimitiveExecuteSet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance: 255
ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]

Policy: Critical Policy [1]

Systeemfouten:
=============
Error: (09/18/2018 10:29:24 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-HPMDV)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
aan de gebruiker LAPTOP-HPMDV\Gebruiker SID (S-1-5-21-3489418135-4018434446-1041310367-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
Error: (09/18/2018 10:25:01 AM) (Source: DCOM) (EventID: 10028) (User: LAPTOP-HPMDV)
Description: DCOM kan niet communiceren met de computer 192.168.178.1 via een van de geconfigureerde protocollen; aangevraagd door 3974 (C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner.exe), tijdens activeren van CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820}.
Error: (09/18/2018 10:24:21 AM) (Source: DCOM) (EventID: 10028) (User: LAPTOP-HPMDV)
Description: DCOM kan niet communiceren met de computer 192.168.178.13 via een van de geconfigureerde protocollen; aangevraagd door 3974 (C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner.exe), tijdens activeren van CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820}.
Error: (09/18/2018 10:23:47 AM) (Source: DCOM) (EventID: 10028) (User: LAPTOP-HPMDV)
Description: DCOM kan niet communiceren met de computer LAPTOP-HPMDV.dynamic.ziggo.nl via een van de geconfigureerde protocollen; aangevraagd door 3974 (C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner.exe), tijdens activeren van CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820}.
Error: (09/18/2018 10:05:23 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-HPMDV)
Description: De server Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe!ContentProcess#{00051402-0001-0000-2F3C-0D0000000000} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
Error: (09/18/2018 09:52:35 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-HPMDV)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
aan de gebruiker LAPTOP-HPMDV\Gebruiker SID (S-1-5-21-3489418135-4018434446-1041310367-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
Error: (09/18/2018 09:51:21 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-HPMDV)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
en APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
aan de gebruiker LAPTOP-HPMDV\marce SID (S-1-5-21-3489418135-4018434446-1041310367-1003) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
Error: (09/18/2018 09:36:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Starten niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
Windows.SecurityCenter.WscBrokerManager
en APPID
Niet beschikbaar
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Windows Defender:
===================================
Date: 2018-09-18 11:04:31.935
Description:
C:\Windows\System32\notepad.exe mag %desktopdirectory%\ niet wijzigen door beperkte maptoegang.
Detectietijd: 2018-09-18T09:04:31.933Z
Gebruiker: LAPTOP-HPMDV\Gebruiker
Pad: %desktopdirectory%\
Procesnaam: C:\Windows\System32\notepad.exe
Handtekeningversie: 1.275.1423.0
Engine-versie: 1.1.15200.1
Productversie: 4.18.1807.18075
Date: 2018-09-18 11:03:05.322
Description:
C:\Users\Gebruiker\Desktop\FRST64.exe mag %desktopdirectory%\ niet wijzigen door beperkte maptoegang.
Detectietijd: 2018-09-18T09:03:05.322Z
Gebruiker: LAPTOP-HPMDV\Gebruiker
Pad: %desktopdirectory%\
Procesnaam: C:\Users\Gebruiker\Desktop\FRST64.exe
Handtekeningversie: 1.275.1423.0
Engine-versie: 1.1.15200.1
Productversie: 4.18.1807.18075
Date: 2018-09-18 09:26:27.290
Description:
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe mag %userprofile%\Desktop niet wijzigen door beperkte maptoegang.
Detectietijd: 2018-09-18T07:26:27.290Z
Gebruiker: LAPTOP-HPMDV\Gebruiker
Pad: %userprofile%\Desktop
Procesnaam: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Handtekeningversie: 1.275.1421.0
Engine-versie: 1.1.15200.1
Productversie: 4.18.1807.18075
Date: 2018-09-18 09:15:47.680
Description:
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe mag %userprofile%\Desktop niet wijzigen door beperkte maptoegang.
Detectietijd: 2018-09-18T07:15:47.677Z
Gebruiker: LAPTOP-HPMDV\Gebruiker
Pad: %userprofile%\Desktop
Procesnaam: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Handtekeningversie: 1.275.1414.0
Engine-versie: 1.1.15200.1
Productversie: 4.18.1807.18075
Date: 2018-09-18 09:13:53.947
Description:
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe mag %userprofile%\Desktop niet wijzigen door beperkte maptoegang.
Detectietijd: 2018-09-18T07:13:53.906Z
Gebruiker: LAPTOP-HPMDV\Gebruiker
Pad: %userprofile%\Desktop
Procesnaam: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Handtekeningversie: 1.275.1414.0
Engine-versie: 1.1.15200.1
Productversie: 4.18.1807.18075
Date: 2018-09-18 05:33:48.353
Description:
Windows Defender Antivirus heeft een fout aangetroffen bij het bijwerken van handtekeningen.
Nieuwe handtekeningversie:
Vorige handtekeningversie: 1.275.1397.0
Bron update: Microsoft-updateserver
Type handtekening: AntiVirus
Type update: Volledig
Gebruiker: NT AUTHORITY\SYSTEM
Huidige engineversie:
Vorige engineversie: 1.1.15200.1
Foutcode: 0x80240022
Foutbeschrijving: Er kan niet naar definitie-updates worden gezocht.
Date: 2018-09-18 05:33:48.353
Description:
Windows Defender Antivirus heeft een fout aangetroffen bij het bijwerken van handtekeningen.
Nieuwe handtekeningversie:
Vorige handtekeningversie: 1.275.1397.0
Bron update: Microsoft-updateserver
Type handtekening: AntiVirus
Type update: Volledig
Gebruiker: NT AUTHORITY\SYSTEM
Huidige engineversie:
Vorige engineversie: 1.1.15200.1
Foutcode: 0x80240022
Foutbeschrijving: Er kan niet naar definitie-updates worden gezocht.
Date: 2018-09-18 02:28:14.520
Description:
Windows Defender Antivirus heeft een fout aangetroffen bij het bijwerken van handtekeningen.
Nieuwe handtekeningversie:
Vorige handtekeningversie: 1.275.1120.0
Bron update: Microsoft-updateserver
Type handtekening: AntiVirus
Type update: Volledig
Gebruiker: NT AUTHORITY\SYSTEM
Huidige engineversie:
Vorige engineversie: 1.1.15200.1
Foutcode: 0x80240022
Foutbeschrijving: Er kan niet naar definitie-updates worden gezocht.
Date: 2018-09-18 02:28:14.520
Description:
Windows Defender Antivirus heeft een fout aangetroffen bij het bijwerken van handtekeningen.
Nieuwe handtekeningversie:
Vorige handtekeningversie: 1.275.1120.0
Bron update: Microsoft-updateserver
Type handtekening: AntiVirus
Type update: Volledig
Gebruiker: NT AUTHORITY\SYSTEM
Huidige engineversie:
Vorige engineversie: 1.1.15200.1
Foutcode: 0x80240022
Foutbeschrijving: Er kan niet naar definitie-updates worden gezocht.
Date: 2018-09-17 23:55:47.627
Description:
Windows Defender Antivirus heeft een fout aangetroffen bij het bijwerken van handtekeningen.
Nieuwe handtekeningversie:
Vorige handtekeningversie: 1.275.1120.0
Bron update: Microsoft Centrum voor beveiliging tegen malware
Type handtekening: AntiVirus
Type update: Volledig
Gebruiker: NT AUTHORITY\NETWORK SERVICE
Huidige engineversie:
Vorige engineversie: 1.1.15200.1
Foutcode: 0x80072ee7
Foutbeschrijving: De naam of het adres van de server kan niet worden omgezet
CodeIntegrity:
===================================
Date: 2018-09-06 08:03:45.252
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-06 05:46:10.808
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 17:20:43.679
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 17:20:38.742
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 16:35:08.250
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-04 20:41:01.853
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-23 00:19:16.798
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-22 16:18:10.850
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
==================== Geheugen info ===========================
Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage geheugen in gebruik: 49%
Totaal fysiek RAM-geheugen: 8081.79 MB
Beschikbaar fysiek RAM-geheugen: 4115.57 MB
Totaal Virtueel geheugen: 9361.79 MB
Beschikbaar Virtueel geheugen: 3700.05 MB
==================== Schijven ================================
Drive c: (harde schijf c) (Fixed) (Total:118.01 GB) (Free:27.5 GB) NTFS
Drive d: (harde schijf d) (Fixed) (Total:917.56 GB) (Free:905.86 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:13.95 GB) (Free:1.41 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)]
\\?\Volume{f6e7ab67-8d2d-4200-9b89-6b9ac7f6a336}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.44 GB) NTFS
\\?\Volume{1e978b4f-9b73-4e67-ae7f-048e97773a5e}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
==================== MBR & Partitietabel ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 928439D9)
Partition: GPT.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 1C30B674)
Partition: GPT.
==================== Eind van Addition.txt ============================

 

[Stello72]

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 22.04.2018 01
Gestart door Gebruiker (Beheerder) op LAPTOP-HPMDV (18-09-2018 11:06:16)
Gestart vanaf C:\Users\Gebruiker\Downloads
Geladen Profielen: Gebruiker & marce (Beschikbare Profielen: Gebruiker & marce)
Platform: Windows 10 Home Versie 1803 17134.286 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Opera)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool:
==================== Processen (gefilterd) =================
(Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.)
Kon geen toegang krijgen tot proces -> Registry
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\IntelCpHDCPSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\igfxEM.exe
() C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SgrmBroker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Nmap\zenmap.exe
(Opera Software) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe
(Opera Software) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera_crashreporter.exe
(Opera Software) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe
(Opera Software) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe
(Opera Software) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe
(Opera Software) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe
(Opera Software) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe
(Opera Software) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe
(Opera Software) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe
(Opera Software) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe
(Opera Software) C:\Users\Gebruiker\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Register (gefilterd) ===========================
(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [701984 2017-07-13] (HP Inc.)
HKLM-x32\...\Run: [ZaAntiRansomware] => "C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe"
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [137464 2018-07-30] (Intel)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\...\Run: [STUISpeedLauncher] => C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe [411136 2015-02-09] ()
HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\Run: [iCloudServices] => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\Run: [AvastBrowserAutoLaunch_AD716DED1E4CC2DA20B001E2A7A0FC41] => "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --onboarding-at-startup
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\RunOnce: [Uninstall 18.131.0701.0007\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\marce\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\...\RunOnce: [Uninstall 18.131.0701.0007] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\marce\AppData\Local\Microsoft\OneDrive\18.131.0701.0007"
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2018-03-05] ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2018-03-05] ()
Startup: C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk [2017-02-21]
ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restrictie <==== AANDACHT
==================== Internet (gefilterd) ====================
(Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.)
Tcpip\Parameters: [DhcpNameServer] 84.116.46.21 84.116.46.20
Tcpip\..\Interfaces\{cccd4820-07a8-4d3a-b8d6-2f56a5e1a308}: [DhcpNameServer] 84.116.46.21 84.116.46.20
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <==== AANDACHT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
HKU\S-1-5-21-3489418135-4018434446-1041310367-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-719f2e85&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-719f2e85&q={searchTerms}
SearchScopes: HKLM -> {222A1B43-876D-4FA4-B9A4-5A151AFB9792} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-719f2e85&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-719f2e85&q={searchTerms}
SearchScopes: HKLM-x32 -> {222A1B43-876D-4FA4-B9A4-5A151AFB9792} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3489418135-4018434446-1041310367-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3489418135-4018434446-1041310367-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3489418135-4018434446-1041310367-1001 -> {222A1B43-876D-4FA4-B9A4-5A151AFB9792} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3489418135-4018434446-1041310367-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL =
SearchScopes: HKU\S-1-5-21-3489418135-4018434446-1041310367-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3489418135-4018434446-1041310367-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3489418135-4018434446-1041310367-1003 -> {222A1B43-876D-4FA4-B9A4-5A151AFB9792} URL =
SearchScopes: HKU\S-1-5-21-3489418135-4018434446-1041310367-1003 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL =
SearchScopes: HKU\S-1-5-21-3489418135-4018434446-1041310367-1003 -> {7583038A-2DA4-453B-8E22-9880768FEB4D} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-15] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-05] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-05] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-12] (Microsoft Corporation)
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-12] (Microsoft Corporation)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (gefilterd) ====================
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
S3 BcastDVRUserService; C:\WINDOWS\System32\BcastDVRUserService.dll [1364992 2018-09-15] (Microsoft Corporation)
S3 BcastDVRUserService_3c47a; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
S3 BcastDVRUserService_3c47a; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
S3 BcastDVRUserService_e82ae; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
S3 BcastDVRUserService_e82ae; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
S3 BluetoothUserService; C:\WINDOWS\System32\Microsoft.Bluetooth.UserService.dll [464384 2018-04-12] (Microsoft Corporation)
S3 BluetoothUserService_3c47a; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
S3 BluetoothUserService_3c47a; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
S3 BluetoothUserService_e82ae; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
S3 BluetoothUserService_e82ae; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
S4 BTAGService; C:\WINDOWS\System32\BTAGService.dll [514048 2018-04-12] (Microsoft Corporation)
S3 BthAvctpSvc; C:\WINDOWS\System32\BthAvctpSvc.dll [395264 2018-04-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9658664 2018-09-08] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\WINDOWS\System32\Windows.Devices.Picker.dll [400896 2018-04-12] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll [312832 2018-04-12] (Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2018-07-30] (Intel)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2017-04-15] (Intel Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1319208 2017-07-05] (HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [461848 2016-08-05] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S4 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-07-06] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Bestand niet getekend]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
S3 LxpSvc; C:\WINDOWS\System32\LanguageOverlayServer.dll [199680 2018-04-12] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [197824 2014-02-21] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-08-03] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-06-29] (Realtek Semiconductor)
S3 Samsung Printer Dianostics Service; C:\windows\SysWOW64\\spdsvc.exe [508488 2018-05-24] ()
S3 SamsungUPDUtilSvc; C:\windows\SysWOW64\SecUPDUtilSvc.exe [143664 2018-09-11] ()
R2 SgrmBroker; C:\WINDOWS\system32\SgrmBroker.exe [163336 2018-04-12] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [454848 2014-02-21] (Microsoft Corporation)
R3 tzautoupdate; C:\WINDOWS\SysWOW64\tzautoupdate.dll [72192 2018-04-12] (Microsoft Corporation)
S3 VacSvc; C:\WINDOWS\System32\vac.dll [411256 2018-04-12] (Microsoft Corporation)
S3 WaaSMedicSvc; C:\WINDOWS\System32\WaaSMedicSvc.dll [392704 2018-08-09] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-01] (Microsoft Corporation)
S3 wisvc; C:\WINDOWS\SysWOW64\flightsettings.dll [729088 2018-06-08] (Microsoft Corporation)
S3 WpcMonSvc; C:\WINDOWS\System32\WpcDesktopMonSvc.dll [1456640 2018-05-20] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4060256 2018-08-03] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (gefilterd) ======================
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [53752 2018-05-15] (HP)
R1 afunix; C:\WINDOWS\system32\drivers\afunix.sys [39424 2018-04-12] (Microsoft Corporation)
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2018-04-12] (Microsoft Corporation)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (Apple Inc.)
S3 bindflt; C:\WINDOWS\system32\drivers\bindflt.sys [92056 2018-04-12] (Microsoft Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2017-04-15] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2017-04-15] (Intel Corporation)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [40960 2018-05-15] (HP)
S4 hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [33184 2018-04-12] (Microsoft Corporation)
S0 iaStorAVC; C:\WINDOWS\System32\drivers\iaStorAVC.sys [885144 2018-04-12] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [141848 2018-07-06] (Intel Corporation)
S0 ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [145816 2018-04-12] (Avago Technologies)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [528576 2018-07-16] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2018-07-16] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [220352 2018-07-16] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1191624 2018-07-16] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1086656 2018-07-16] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [236488 2018-09-02] (AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-09-02] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [258864 2018-09-02] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [109248 2018-09-02] (AO Kaspersky Lab)
S3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [177848 2018-09-02] (AO Kaspersky Lab)
S3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2018-04-12] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-09-18] (Malwarebytes)
S0 megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [82328 2018-04-12] (Avago Technologies)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8709656 2018-06-30] (Intel Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81688 2018-03-03] (Insecure.Com LLC.)
S4 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [81688 2018-03-03] (Insecure.Com LLC.)
S3 nvdimm; C:\WINDOWS\System32\drivers\nvdimm.sys [104448 2018-04-12] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_9172c4e962e5b3ee\nvlddmkm.sys [17200384 2018-07-04] (NVIDIA Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-03-01] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-05] (Realtek )
S3 RtNdPt640; C:\WINDOWS\system32\DRIVERS\RtNdPt640.sys [48192 2018-07-30] (Realtek Semiconductor Corp.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [878528 2018-05-13] (Realsil Semiconductor Corporation)
S3 RTTEAMPT640; C:\WINDOWS\system32\DRIVERS\RtTeam640.sys [70696 2018-07-30] (Realtek Corporation)
S3 RTVLANPT640; C:\WINDOWS\system32\DRIVERS\RtVlan640.sys [46632 2018-07-30] (Realtek Corporation)
R0 SgrmAgent; C:\WINDOWS\System32\drivers\SgrmAgent.sys [63896 2018-04-12] (Microsoft Corporation)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2018-08-24] (SlimWare Utilities, Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Apple, Inc.) [Bestand niet getekend]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-08-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-08-01] (Microsoft Corporation)
S3 WdmCompanionFilter; C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [21408 2018-04-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-01] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
U1 aswbdisk; geen ImagePath
S3 cpuz140; \??\C:\Users\GEBRUI~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== AANDACHT
S3 esihdrv; \??\C:\Users\marce\AppData\Local\Temp\esihdrv.sys [X] <==== AANDACHT
U3 iswSvc; geen ImagePath
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
S3 taphss6; \SystemRoot\System32\drivers\taphss6.sys [X]

 

[Stello72]

==================== NetSvcs (gefilterd) ===================
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
NETSVC: LxpSvc -> C:\Windows\System32\LanguageOverlayServer.dll (Microsoft Corporation)
==================== Een Maand Aangemaakt bestanden en mappen ========
(Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.)
2018-09-18 11:06 - 2018-09-18 11:06 - 000028803 _____ C:\Users\Gebruiker\Downloads\FRST.txt
2018-09-18 11:02 - 2018-09-18 11:02 - 002404864 _____ (Farbar) C:\Users\Gebruiker\Downloads\FRST64.exe
2018-09-18 09:29 - 2018-09-18 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office-hulpprogramma's
2018-09-18 09:14 - 2018-09-18 09:14 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play Audio Control.lnk
2018-09-18 09:14 - 2018-09-18 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-09-18 09:14 - 2017-06-29 18:55 - 003509256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 003507688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 001347136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 001016928 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000866640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000525768 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2018-09-18 09:14 - 2017-06-29 18:55 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2018-09-18 09:14 - 2017-06-29 18:52 - 005826560 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-09-18 09:14 - 2017-06-29 18:52 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-09-18 09:14 - 2017-06-29 18:52 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-09-18 09:14 - 2017-06-29 18:52 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2018-09-18 09:14 - 2017-06-29 18:51 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2018-09-18 09:14 - 2017-06-29 18:51 - 002210304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-09-18 09:14 - 2017-06-29 18:51 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2018-09-18 09:14 - 2017-06-29 03:05 - 012334923 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-09-18 09:13 - 2017-06-29 18:53 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2018-09-18 09:13 - 2017-06-29 18:53 - 001529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2018-09-18 09:13 - 2017-06-29 18:53 - 000609392 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2018-09-18 09:13 - 2017-06-29 18:53 - 000115120 _____ (Conexant System, Inc.) C:\WINDOWS\system32\Caf64api.dll
2018-09-18 09:13 - 2017-06-29 18:52 - 000574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2018-09-18 09:13 - 2017-06-29 18:52 - 000118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2018-09-18 09:13 - 2017-06-29 18:50 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-09-18 09:13 - 2017-06-29 03:05 - 000005604 _____ C:\WINDOWS\system32\cxapo.lncs
2018-09-18 09:13 - 2017-06-29 03:05 - 000000864 _____ C:\WINDOWS\system32\cxapo.prop
2018-09-18 06:37 - 2018-09-18 06:37 - 000003658 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-09-18 06:36 - 2018-09-18 06:36 - 000214298 _____ C:\Users\Gebruiker\Downloads\winfilefolder.DiagCab
2018-09-18 06:24 - 2018-09-18 09:34 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-09-18 06:19 - 2018-09-15 10:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-18 06:19 - 2018-09-15 10:32 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-18 06:19 - 2018-09-15 10:31 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-18 06:19 - 2018-09-15 04:57 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-18 06:19 - 2018-09-15 04:56 - 000269320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-18 06:19 - 2018-09-15 04:51 - 001220920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-18 06:19 - 2018-09-15 04:51 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-18 06:19 - 2018-09-15 04:50 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-18 06:19 - 2018-09-15 04:50 - 000567080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-18 06:19 - 2018-09-15 04:50 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-18 06:19 - 2018-09-15 04:49 - 009090064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-18 06:19 - 2018-09-15 04:49 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-18 06:19 - 2018-09-15 04:49 - 001097760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-18 06:19 - 2018-09-15 04:48 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-18 06:19 - 2018-09-15 04:48 - 000713504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-18 06:19 - 2018-09-15 04:33 - 006567984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-18 06:19 - 2018-09-15 04:33 - 001129760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-18 06:19 - 2018-09-15 04:33 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-18 06:19 - 2018-09-15 04:33 - 000567280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-18 06:19 - 2018-09-15 04:33 - 000357064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-09-18 06:19 - 2018-09-15 04:20 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-09-18 06:19 - 2018-09-15 04:19 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-18 06:19 - 2018-09-15 04:19 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-18 06:19 - 2018-09-15 04:17 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-18 06:19 - 2018-09-15 04:16 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-18 06:19 - 2018-09-15 02:59 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-18 06:19 - 2018-08-31 09:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-18 06:19 - 2018-08-31 09:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-18 06:19 - 2018-08-31 09:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-18 06:19 - 2018-08-31 09:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-18 06:19 - 2018-08-31 09:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-18 06:19 - 2018-08-31 09:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-18 06:19 - 2018-08-31 09:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-18 06:19 - 2018-08-31 09:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-18 06:19 - 2018-08-31 09:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-18 06:19 - 2018-08-31 09:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-18 06:19 - 2018-08-31 09:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-18 06:19 - 2018-08-31 09:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-18 06:19 - 2018-08-31 09:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-18 06:19 - 2018-08-31 09:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-18 06:19 - 2018-08-31 08:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-18 06:19 - 2018-08-31 08:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-18 06:19 - 2018-08-31 08:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-18 06:19 - 2018-08-31 08:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-18 06:19 - 2018-08-31 08:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-18 06:19 - 2018-08-31 08:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-18 06:19 - 2018-08-31 08:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-18 06:19 - 2018-08-31 08:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-18 06:19 - 2018-08-31 05:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-18 06:19 - 2018-08-31 05:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-18 06:19 - 2018-08-31 05:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-18 06:19 - 2018-08-31 05:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-18 06:19 - 2018-08-31 05:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-18 06:19 - 2018-08-31 05:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-18 06:19 - 2018-08-31 05:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-18 06:19 - 2018-08-31 05:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-18 06:19 - 2018-08-31 05:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-18 06:19 - 2018-08-31 05:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-18 06:19 - 2018-08-31 05:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-18 06:19 - 2018-08-31 05:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-18 06:19 - 2018-08-31 05:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-18 06:19 - 2018-08-31 05:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-18 06:19 - 2018-08-31 05:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-18 06:19 - 2018-08-31 05:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-18 06:19 - 2018-08-31 05:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-18 06:19 - 2018-08-31 05:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-18 06:19 - 2018-08-31 05:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-18 06:19 - 2018-08-31 05:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-18 06:19 - 2018-08-31 05:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-18 06:19 - 2018-08-31 05:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-18 06:19 - 2018-08-31 05:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-18 06:19 - 2018-08-31 05:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-18 06:19 - 2018-08-31 05:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-18 06:19 - 2018-08-31 05:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-18 06:19 - 2018-08-31 05:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-18 06:19 - 2018-08-31 05:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-18 06:19 - 2018-08-31 05:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-18 06:19 - 2018-08-31 05:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-18 06:19 - 2018-08-31 05:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-18 06:19 - 2018-08-31 05:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-18 06:19 - 2018-08-31 05:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-18 06:19 - 2018-08-31 05:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-18 06:19 - 2018-08-31 05:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-18 06:19 - 2018-08-31 05:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-18 06:19 - 2018-08-31 05:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-18 06:19 - 2018-08-31 05:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-18 06:19 - 2018-08-31 05:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-18 06:19 - 2018-08-31 05:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-18 06:19 - 2018-08-31 05:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-18 06:19 - 2018-08-31 05:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-18 06:19 - 2018-08-31 05:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-18 06:19 - 2018-08-31 05:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-18 06:19 - 2018-08-31 05:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-18 06:19 - 2018-08-31 05:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-18 06:19 - 2018-08-31 05:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-18 06:19 - 2018-08-31 05:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-18 06:19 - 2018-08-31 05:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-18 06:19 - 2018-08-31 05:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-18 06:19 - 2018-08-31 05:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-18 06:19 - 2018-08-31 05:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-18 06:19 - 2018-08-31 05:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-18 06:19 - 2018-08-31 05:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-18 06:19 - 2018-08-31 05:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-18 06:19 - 2018-08-31 05:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-18 06:19 - 2018-08-31 05:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-18 06:19 - 2018-08-31 05:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-18 06:19 - 2018-08-31 05:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-18 06:19 - 2018-08-31 05:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-18 06:19 - 2018-08-31 05:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-18 06:19 - 2018-08-31 05:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-18 06:19 - 2018-08-31 05:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-18 06:19 - 2018-08-31 05:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-18 06:19 - 2018-08-28 09:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-18 06:19 - 2018-08-28 08:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-18 06:19 - 2018-08-28 08:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-18 06:19 - 2018-08-28 08:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-18 06:19 - 2018-08-28 08:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-18 06:19 - 2018-08-28 07:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-18 06:19 - 2018-08-14 04:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-18 06:19 - 2018-08-14 04:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-18 05:39 - 2018-09-18 05:39 - 000195346 _____ C:\Users\Gebruiker\Downloads\wu170509.diagcab
2018-09-18 05:21 - 2018-09-18 05:21 - 264424269 _____ (Realtek Semiconductor Corp.) C:\Users\Gebruiker\Downloads\0009-64bit_Win7_Win8_Win81_Win10_R282.exe
2018-09-18 05:14 - 2018-09-18 05:14 - 133069552 _____ (Intel(R) Corporation) C:\Users\Gebruiker\Downloads\WiFi_20.80.0_PROSet64_Win10 (1).exe
2018-09-18 05:13 - 2018-09-18 05:13 - 133069552 _____ (Intel(R) Corporation) C:\Users\Gebruiker\Downloads\WiFi_20.80.0_PROSet64_Win10.exe
2018-09-18 04:48 - 2018-09-18 04:48 - 001289019 _____ C:\Users\Gebruiker\Downloads\windows10.0-kb4100347-v3-x64_8251e1f6e3d760e110b35af950f9acee5f4f6777.msu
2018-09-18 04:48 - 2018-09-05 00:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-09-18 04:19 - 2018-09-18 04:19 - 048105224 _____ (Microsoft Corporation) C:\Users\Gebruiker\Downloads\Windows-KB890830-x64-V5.64.exe
2018-09-18 04:11 - 2018-09-18 04:11 - 209322352 _____ (Microsoft Corporation) C:\Users\Gebruiker\Downloads\msert.exe
2018-09-18 02:14 - 2018-09-18 02:14 - 000000000 _____ C:\WINDOWS\cpepmon.mlf
2018-09-17 20:20 - 2018-09-18 06:38 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\ElevatedDiagnostics
2018-09-17 20:17 - 2018-09-17 21:48 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\NPE
2018-09-17 20:17 - 2018-09-17 20:17 - 009517144 _____ (Symantec Corporation) C:\Users\Gebruiker\Downloads\NPE.exe
2018-09-17 20:17 - 2018-09-17 20:17 - 000000000 ____D C:\ProgramData\Norton
2018-09-16 06:21 - 2018-09-18 09:35 - 000826398 _____ C:\WINDOWS\ntbtlog.txt
2018-09-16 06:02 - 2018-09-16 06:02 - 000000000 ___HD C:\$SysReset
2018-09-16 05:30 - 2018-09-18 09:29 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-09-16 05:30 - 2018-09-18 09:29 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-09-16 05:30 - 2018-09-18 09:29 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-09-16 05:30 - 2018-09-18 09:29 - 000002433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-09-16 05:30 - 2018-09-18 09:29 - 000002433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-09-16 05:30 - 2018-09-18 09:29 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-09-16 05:30 - 2018-09-18 09:29 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-09-15 04:13 - 2018-09-15 04:13 - 000437641 _____ C:\Users\Gebruiker\Downloads\KNMG-Richtlijn-Euthanasie-bij-een-verlaagd-bewustzijn.pdf
2018-09-13 06:53 - 2018-09-13 06:53 - 000000000 ____D C:\WINDOWS\pss
2018-09-13 06:19 - 2016-07-13 18:40 - 009891328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2018-09-13 06:15 - 2018-09-13 06:15 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-09-13 05:41 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2018-09-13 05:40 - 2017-06-29 18:55 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2018-09-13 05:40 - 2017-06-29 18:55 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2018-09-13 02:53 - 2018-09-13 02:53 - 000040840 _____ C:\Users\Gebruiker\Downloads\vacature.pdf
2018-09-11 21:06 - 2018-09-11 21:06 - 000003616 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2018-09-11 21:06 - 2018-09-11 21:06 - 000000000 ____D C:\Users\Gebruiker\My Online Documents
2018-09-11 21:06 - 2018-09-11 21:06 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Nero
2018-09-11 21:04 - 2018-09-18 01:51 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Seagate
2018-09-11 20:53 - 2018-09-11 20:53 - 010674176 _____ C:\Users\Gebruiker\Downloads\HFS4WIN.msi
2018-09-11 20:53 - 2017-08-31 11:43 - 000079832 _____ C:\WINDOWS\system32\Drivers\gpt_loader.sys
2018-09-11 20:53 - 2017-08-31 11:43 - 000066832 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\mounthlp.sys
2018-09-11 20:53 - 2017-08-31 11:43 - 000046552 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\csvol.sys
2018-09-11 15:53 - 2018-09-18 04:49 - 000000374 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGebruiker.job
2018-09-11 15:53 - 2018-09-18 03:39 - 000003282 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGebruiker
2018-09-11 15:49 - 2018-08-09 11:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-11 15:49 - 2018-08-09 11:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-11 15:49 - 2018-08-09 11:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-11 15:49 - 2018-08-09 11:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-11 15:49 - 2018-08-09 11:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-11 15:49 - 2018-08-09 11:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-11 15:49 - 2018-08-09 11:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-11 15:49 - 2018-08-09 11:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-11 15:49 - 2018-08-09 11:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-11 15:49 - 2018-08-09 11:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-11 15:49 - 2018-08-09 11:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-11 15:49 - 2018-08-09 11:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-11 15:49 - 2018-08-09 11:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-11 15:49 - 2018-08-09 11:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-11 15:49 - 2018-08-09 11:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-11 15:49 - 2018-08-09 11:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-11 15:49 - 2018-08-09 11:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-11 15:49 - 2018-08-09 11:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-11 15:49 - 2018-08-09 11:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-11 15:49 - 2018-08-09 11:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-11 15:49 - 2018-08-09 11:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-11 15:49 - 2018-08-09 11:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-11 15:49 - 2018-08-09 11:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-11 15:49 - 2018-08-09 11:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-11 15:49 - 2018-08-09 11:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-11 15:49 - 2018-08-09 11:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-11 15:49 - 2018-08-09 11:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-11 15:49 - 2018-08-09 11:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-11 15:49 - 2018-08-09 10:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-11 15:49 - 2018-08-09 10:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-11 15:49 - 2018-08-09 10:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-11 15:49 - 2018-08-09 10:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-11 15:49 - 2018-08-09 10:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-11 15:49 - 2018-08-09 10:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-11 15:49 - 2018-08-09 10:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-11 15:49 - 2018-08-09 10:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-11 15:49 - 2018-08-09 10:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-11 15:49 - 2018-08-09 10:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-11 15:49 - 2018-08-09 10:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-11 15:49 - 2018-08-09 10:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-11 15:49 - 2018-08-09 10:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-11 15:49 - 2018-08-09 10:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-11 15:49 - 2018-08-09 10:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-11 15:49 - 2018-08-09 10:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-11 15:49 - 2018-08-09 10:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-11 15:49 - 2018-08-09 10:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-11 15:49 - 2018-08-09 10:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-11 15:49 - 2018-08-09 07:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-11 15:49 - 2018-08-09 07:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-11 15:49 - 2018-08-09 06:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-11 15:49 - 2018-08-09 06:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-11 15:49 - 2018-08-09 06:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-11 15:49 - 2018-08-09 06:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-11 15:49 - 2018-08-09 06:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-11 15:49 - 2018-08-09 06:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-11 15:49 - 2018-08-09 06:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-11 15:49 - 2018-08-09 06:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-11 15:49 - 2018-08-09 06:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-11 15:49 - 2018-08-09 06:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-11 15:49 - 2018-08-09 06:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-11 15:49 - 2018-08-09 06:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-11 15:49 - 2018-08-09 06:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-11 15:49 - 2018-08-09 06:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-11 15:49 - 2018-08-09 06:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-11 15:49 - 2018-08-09 06:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-11 15:49 - 2018-08-09 06:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-11 15:49 - 2018-08-09 06:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-11 15:49 - 2018-08-09 06:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-11 15:49 - 2018-08-09 06:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-11 15:49 - 2018-08-09 06:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-11 15:49 - 2018-08-09 06:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-11 15:49 - 2018-08-09 06:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-11 15:49 - 2018-08-09 06:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-11 15:49 - 2018-08-09 06:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-11 15:49 - 2018-08-09 06:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-11 15:49 - 2018-08-09 06:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-11 15:49 - 2018-08-09 06:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-11 15:49 - 2018-08-09 06:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-11 15:49 - 2018-08-09 06:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-11 15:49 - 2018-08-09 06:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-11 15:49 - 2018-08-09 06:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-11 15:49 - 2018-08-09 06:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-11 15:49 - 2018-08-09 06:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-11 15:49 - 2018-08-09 06:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-11 15:49 - 2018-08-09 06:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-11 15:49 - 2018-08-09 06:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-11 15:49 - 2018-08-09 06:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-11 15:49 - 2018-08-09 06:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-11 15:49 - 2018-08-09 06:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-11 15:49 - 2018-08-09 06:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-11 15:49 - 2018-08-09 06:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-11 15:49 - 2018-08-09 06:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-11 15:49 - 2018-08-09 06:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-11 15:49 - 2018-08-09 06:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-11 15:49 - 2018-08-09 06:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-11 15:49 - 2018-08-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-11 15:49 - 2018-08-09 06:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-11 15:49 - 2018-08-09 06:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-11 15:49 - 2018-08-09 06:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-11 15:49 - 2018-08-09 06:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-11 15:49 - 2018-08-09 06:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-11 15:49 - 2018-08-09 06:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-11 15:49 - 2018-08-09 06:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-11 15:49 - 2018-08-09 06:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-11 15:49 - 2018-08-09 06:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-11 15:49 - 2018-08-09 06:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-11 15:49 - 2018-08-09 06:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-11 15:49 - 2018-08-09 06:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-11 15:49 - 2018-08-09 06:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-11 15:49 - 2018-08-09 06:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-11 15:49 - 2018-08-09 06:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-11 15:49 - 2018-08-09 06:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-11 15:49 - 2018-08-09 06:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-11 15:49 - 2018-08-09 06:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-11 15:49 - 2018-08-09 05:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-11 15:49 - 2018-08-09 05:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-11 15:29 - 2018-09-18 00:17 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak
2018-09-11 13:15 - 2018-09-11 13:26 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Belastingdienst
2018-09-11 13:15 - 2018-09-11 13:15 - 000000000 ____D C:\Users\Gebruiker\Documents\Belastingdienst
2018-09-11 12:54 - 2018-09-11 12:54 - 000000000 ____D C:\Users\Gebruiker\Documents\Davilex
2018-09-11 12:31 - 2018-09-11 12:32 - 000003512 _____ C:\WINDOWS\System32\Tasks\EPM Preload
2018-09-11 12:31 - 2018-09-11 12:31 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Samsung
2018-09-11 12:31 - 2017-02-27 14:13 - 000474624 _____ (Samsung Software Center) C:\WINDOWS\prinst.exe
2018-09-11 12:16 - 2018-09-14 00:39 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-09-11 12:16 - 2017-06-14 14:57 - 000158016 _____ C:\WINDOWS\system32\us005ci.exe
2018-09-11 12:16 - 2017-06-14 14:57 - 000089600 _____ (SS) C:\WINDOWS\system32\us005ci.dll
2018-09-11 12:16 - 2017-06-14 14:57 - 000022528 _____ () C:\WINDOWS\system32\us005lm.dll
2018-09-10 15:04 - 2018-09-10 15:04 - 000231626 _____ C:\Users\Gebruiker\Downloads\Jaarafrekening-2018-04-17T00_00_00.pdf
2018-09-10 15:04 - 2018-09-10 15:04 - 000231626 _____ C:\Users\Gebruiker\Downloads\Jaarafrekening-2018-04-17T00_00_00 (1).pdf
2018-09-10 15:03 - 2018-09-10 15:03 - 000237009 _____ C:\Users\Gebruiker\Downloads\Eindafrekening-2018-08-21T00_00_00.pdf
2018-09-08 12:33 - 2018-09-08 13:49 - 000000000 ____D C:\Users\Gebruiker\Desktop\gegevens
2018-09-08 08:50 - 2018-09-08 08:50 - 000000000 ___RD C:\Users\Gebruiker\Documents\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App
2018-09-07 15:57 - 2018-09-07 16:05 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\WhatsApp
2018-09-07 15:57 - 2018-09-07 15:57 - 000002297 _____ C:\Users\Gebruiker\Desktop\WhatsApp.lnk
2018-09-07 15:57 - 2018-09-07 15:57 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-09-07 15:57 - 2018-09-07 15:57 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\WhatsApp
2018-09-07 15:57 - 2018-09-07 15:57 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\SquirrelTemp
2018-09-07 15:55 - 2018-09-07 15:56 - 138489784 _____ (WhatsApp) C:\Users\Gebruiker\Downloads\WhatsAppSetup.exe
2018-09-06 23:32 - 2018-09-06 23:32 - 000000218 _____ C:\Users\Gebruiker\AppData\Local\recently-used.xbel
2018-09-06 06:50 - 2018-09-06 08:01 - 000000000 ____D C:\Users\marce\Downloads\exiftoolgui
2018-09-06 06:09 - 2018-09-06 06:09 - 000000000 ____D C:\Users\marce\AppData\LocalLow\Temp
2018-09-06 02:58 - 2018-09-06 02:58 - 000000000 ___SD C:\Users\Public\Documents\Check PointSystemRepositoryDo not!Remove
2018-09-06 02:58 - 2018-09-06 02:58 - 000000000 ___SD C:\Users\marce\Documents\-Check-PointFramework-Repository-Do Not-Remove
2018-09-06 02:58 - 2018-09-06 02:58 - 000000000 ___SD C:\Users\Gebruiker\Documents\Check PointProtectionFilesDon't0Discard
2018-09-05 22:23 - 2018-09-05 22:23 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Check Point
2018-09-05 17:51 - 2018-09-05 17:51 - 000000000 ____D C:\Users\marce\Downloads\Security.Monitoring
2018-09-05 15:43 - 2018-09-05 15:43 - 000000000 _____ C:\Users\marce\Downloads\3b2fd941-b362-42a4-a856-167cf9001daa.tmp
2018-09-05 15:11 - 2018-09-05 15:11 - 000086823 _____ C:\Users\marce\Downloads\Beschikking_VA_11-12-2016_00.00u (2).pdf
2018-09-05 15:08 - 2018-09-05 15:08 - 000083602 _____ C:\Users\marce\Downloads\Ontvangstbevestiging_Aangifte_inkomstenbelasting_2016_26-04-2017_02.24u.pdf
2018-09-05 15:02 - 2018-09-05 15:02 - 000086742 _____ C:\Users\marce\Downloads\Beschikking_VA_op_aangifte_05-06-2017_00.00u (4).pdf
2018-09-02 05:17 - 2018-09-14 03:47 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-09-02 05:17 - 2018-09-06 09:36 - 000003030 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-09-02 05:17 - 2018-09-06 09:36 - 000002664 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-09-02 05:17 - 2018-09-02 05:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-09-02 02:19 - 2018-09-02 02:19 - 000258864 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-09-02 02:04 - 2018-09-02 02:04 - 000236488 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-09-02 02:04 - 2018-09-02 02:04 - 000177848 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-09-02 02:04 - 2018-09-02 02:04 - 000109248 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-09-02 02:04 - 2018-09-02 02:04 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2018-09-02 01:58 - 2018-07-16 02:31 - 001191624 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2018-09-02 01:58 - 2018-07-16 02:31 - 000528576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kl1.sys
2018-09-02 01:58 - 2018-07-16 02:31 - 000152360 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2018-09-02 01:44 - 2018-09-02 01:44 - 036788280 _____ (Adlice Software ) C:\Users\Gebruiker\Downloads\RogueKiller_setup.exe
2018-08-29 03:42 - 2018-08-29 03:42 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\SlimWare Utilities Inc
2018-08-29 03:38 - 2018-09-02 00:12 - 000000496 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2018-08-29 03:22 - 2018-08-29 03:22 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts
2018-08-29 03:20 - 2018-09-18 02:37 - 000001504 _____ C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-browser.lnk
2018-08-29 03:20 - 2018-09-18 02:18 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2018-08-29 03:20 - 2018-09-06 09:36 - 000003676 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1535505639
2018-08-29 03:20 - 2018-08-29 03:20 - 000001453 _____ C:\Users\Gebruiker\Desktop\Opera-browser.lnk
2018-08-29 03:20 - 2018-08-29 03:20 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Opera Software
2018-08-29 03:20 - 2018-08-29 03:20 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Opera Software
2018-08-29 03:19 - 2018-09-18 02:16 - 000000000 ____D C:\ProgramData\CheckPoint
2018-08-29 03:18 - 2018-08-29 03:18 - 005274512 _____ (Check Point Software Technologies Ltd.) C:\Users\Gebruiker\Downloads\zafwSetupWeb_153_064_17729.exe
2018-08-29 03:15 - 2018-08-29 03:15 - 000005632 _____ C:\Users\Gebruiker\Downloads\NoShare.exe
2018-08-29 03:04 - 2018-08-29 03:04 - 000025600 ____R (Gibson Research Corp.) C:\Users\Gebruiker\Downloads\LeakTest.exe
2018-08-29 02:32 - 2018-08-29 02:32 - 000000037 _____ C:\Users\Gebruiker\.gtk-bookmarks
2018-08-28 22:39 - 2018-09-06 23:24 - 000000000 ____D C:\Users\Gebruiker\.zenmap
2018-08-28 22:38 - 2018-09-18 10:25 - 000001003 _____ C:\Users\Gebruiker\Desktop\Nmap - Zenmap GUI.lnk
2018-08-28 22:38 - 2018-08-28 22:38 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2018-08-28 22:37 - 2018-08-28 22:37 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2018-08-28 22:37 - 2018-08-28 22:37 - 000000000 ____D C:\WINDOWS\system32\Npcap
2018-08-28 21:40 - 2018-08-28 21:40 - 000684032 _____ (Speed Guide Inc.) C:\Users\Gebruiker\Downloads\TCPOptimizer.exe
2018-08-27 23:26 - 2018-08-27 23:26 - 000457512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000274072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000248624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000087352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000028472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_1.dll
2018-08-24 21:25 - 2018-08-24 21:28 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\PortForward.com
2018-08-24 02:00 - 2018-08-24 02:00 - 000198895 _____ C:\Users\Gebruiker\Downloads\scanlogd-2.2-win32.zip
2018-08-24 01:42 - 2018-09-17 19:57 - 000000000 ____D C:\Users\Gebruiker\AppData\LocalLow\Mozilla
2018-08-24 01:41 - 2018-09-02 02:33 - 000000881 _____ C:\Users\Gebruiker\Desktop\Start Tor Browser.lnk
2018-08-24 01:41 - 2018-08-24 01:41 - 000000929 _____ C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2018-08-24 01:41 - 2018-08-24 01:41 - 000000000 ____D C:\Users\Gebruiker\Desktop\Tor Browser
2018-08-24 01:40 - 2018-08-24 01:40 - 054090112 _____ C:\Users\Gebruiker\Downloads\torbrowser-install-7.5.6_nl.exe
2018-08-22 20:58 - 2018-08-22 22:35 - 000000000 ____D C:\Users\marce\Downloads\bluetoothview
2018-08-22 20:53 - 2018-08-22 22:35 - 000000000 ____D C:\Users\marce\Downloads\lastactivityview
2018-08-22 16:35 - 2018-08-22 16:35 - 000000000 ____D C:\Users\marce\AppData\Local\mbam
2018-08-22 14:56 - 2018-08-22 14:56 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\TeamViewer
2018-08-22 14:39 - 2018-08-22 14:39 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\mbam
2018-08-22 14:21 - 2018-08-22 14:21 - 000000000 ____D C:\Users\Gebruiker\Documents\FeedbackHub
2018-08-22 14:02 - 2018-08-22 14:02 - 000007589 _____ C:\Users\Gebruiker\AppData\Local\Resmon.ResmonCfg
2018-08-22 13:10 - 2018-08-22 14:07 - 000000022 _____ C:\Users\Gebruiker\Downloads\unhackmeb.zip
2018-08-22 12:51 - 2018-08-22 13:02 - 000000000 ____D C:\Users\Gebruiker\Documents\Fax
2018-08-22 12:51 - 2018-08-22 12:51 - 000000000 ___RD C:\Users\Gebruiker\Documents\Scanned Documents
2018-08-22 09:49 - 2018-09-11 15:31 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Wireshark
2018-08-22 08:46 - 2018-08-22 08:46 - 000000000 ____D C:\ProgramData\Emsisoft
2018-08-22 08:45 - 2018-08-22 08:57 - 000000000 ____D C:\EEK
2018-08-22 08:27 - 2018-08-22 08:27 - 000000000 ___HD C:\$AV_ASW
2018-08-22 07:49 - 2018-08-22 07:57 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\RdpGuard
2018-08-22 07:48 - 2018-08-22 07:48 - 002764408 _____ (NetSDK Software, LLC ) C:\Users\Gebruiker\Downloads\rdpguard-5-3-5.exe
2018-08-22 07:39 - 2018-08-22 15:20 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\TeamViewer
2018-08-20 10:47 - 2018-08-20 11:38 - 000000000 ____D C:\Users\marce\.zenmap
2018-08-20 10:47 - 2018-08-20 10:47 - 000000000 ____D C:\Users\marce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2018-08-20 10:46 - 2018-08-28 22:38 - 000000000 ____D C:\Program Files\Npcap
2018-08-20 10:46 - 2018-08-28 22:38 - 000000000 ____D C:\Program Files (x86)\Nmap
2018-08-20 10:45 - 2018-08-20 10:45 - 027530328 _____ (Insecure.org) C:\Users\marce\Downloads\nmap-7.70-setup.exe
2018-08-20 06:10 - 2018-08-20 06:10 - 000003565 _____ C:\Users\marce\Downloads\hidden (8).jfif
2018-08-20 06:06 - 2018-08-20 06:06 - 000003565 _____ C:\Users\marce\Downloads\hidden (7).jfif
2018-08-20 05:53 - 2018-08-20 05:53 - 000009357 _____ C:\Users\marce\Downloads\hidden (6).jfif
2018-08-20 05:43 - 2018-08-20 05:43 - 000012514 _____ C:\Users\marce\Downloads\hidden (5).jfif
2018-08-20 05:42 - 2018-08-20 05:42 - 000005903 _____ C:\Users\marce\Downloads\hidden (4).jfif
2018-08-20 05:42 - 2018-08-20 05:42 - 000004489 _____ C:\Users\marce\Downloads\hidden (3).jfif
2018-08-20 02:50 - 2018-08-20 02:50 - 000013450 _____ C:\Users\marce\Downloads\hidden (1).jfif
2018-08-20 02:50 - 2018-08-20 02:50 - 000010037 _____ C:\Users\marce\Downloads\hidden.jfif

 

[Stello72]

==================== Een Maand Gewijzigd bestanden en mappen ========
(Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.)
2018-09-18 11:06 - 2018-08-05 00:00 - 000000000 ____D C:\FRST
2018-09-18 10:25 - 2018-08-05 05:38 - 000000446 _____ C:\Users\Gebruiker\advanced_ip_scanner_MAC.bin
2018-09-18 10:25 - 2018-08-05 05:38 - 000000015 _____ C:\Users\Gebruiker\advanced_ip_scanner_Comments.bin
2018-09-18 10:25 - 2018-08-05 05:38 - 000000015 _____ C:\Users\Gebruiker\advanced_ip_scanner_Aliases.bin
2018-09-18 10:06 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-18 09:53 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-09-18 09:53 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-09-18 09:50 - 2017-11-21 16:48 - 000000000 ____D C:\Users\marce\AppData\Local\PlaceholderTileLogoFolder
2018-09-18 09:50 - 2017-11-21 16:29 - 000000000 ____D C:\Users\marce\AppData\Local\Packages
2018-09-18 09:50 - 2017-11-21 16:29 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Packages
2018-09-18 09:42 - 2018-06-25 19:47 - 000002401 _____ C:\Users\marce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-18 09:42 - 2018-05-23 02:26 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3489418135-4018434446-1041310367-1003
2018-09-18 09:42 - 2017-07-04 10:45 - 000000000 ___RD C:\Users\marce\OneDrive
2018-09-18 09:39 - 2018-05-23 02:19 - 001773794 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-18 09:39 - 2018-04-12 18:01 - 000784888 _____ C:\WINDOWS\system32\perfh013.dat
2018-09-18 09:39 - 2018-04-12 18:01 - 000162846 _____ C:\WINDOWS\system32\perfc013.dat
2018-09-18 09:39 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-18 09:35 - 2017-07-04 11:18 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-18 09:35 - 2017-07-04 10:43 - 000000000 __SHD C:\Users\marce\IntelGraphicsProfiles
2018-09-18 09:34 - 2018-05-23 02:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-18 09:34 - 2018-04-11 23:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-09-18 09:34 - 2017-02-07 14:22 - 000000000 __SHD C:\Users\Gebruiker\IntelGraphicsProfiles
2018-09-18 09:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-09-18 09:26 - 2017-02-07 14:22 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Synaptics
2018-09-18 09:14 - 2017-07-04 11:16 - 000494453 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-09-18 09:14 - 2017-01-21 19:16 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-09-18 07:09 - 2018-08-09 23:17 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-09-18 06:23 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-09-18 06:23 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-18 06:23 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-18 06:21 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-18 06:20 - 2018-08-15 22:48 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-09-18 05:20 - 2017-01-21 19:17 - 000000000 ____D C:\ProgramData\Intel
2018-09-18 05:17 - 2016-09-21 03:53 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-18 04:19 - 2017-02-07 15:35 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-09-18 03:51 - 2018-05-23 02:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-09-18 02:05 - 2017-02-25 14:34 - 000000000 ____D C:\Program Files (x86)\Google
2018-09-18 02:04 - 2017-02-25 14:34 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Google
2018-09-18 01:56 - 2018-05-23 02:26 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-09-17 23:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\registration
2018-09-17 23:11 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-09-17 21:45 - 2018-05-23 02:19 - 000000000 ____D C:\Users\Gebruiker
2018-09-16 06:34 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-09-16 06:34 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-09-16 06:34 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-09-16 06:33 - 2016-09-21 03:51 - 000000000 ____D C:\Program Files (x86)\HP
2018-09-16 06:15 - 2017-02-25 10:27 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\CrashDumps
2018-09-16 05:52 - 2017-02-07 14:22 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\ConnectedDevicesPlatform
2018-09-16 05:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-09-16 05:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-09-16 05:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-09-16 05:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-09-16 05:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-09-16 05:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-09-16 05:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-09-16 05:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-09-16 05:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-09-16 05:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-09-16 04:53 - 2017-11-21 16:47 - 000000000 ___HD C:\Users\marce\MicrosoftEdgeBackups
2018-09-16 04:16 - 2018-08-18 21:39 - 000000000 ____D C:\Users\marce\AppData\Local\ElevatedDiagnostics
2018-09-15 22:58 - 2016-09-21 03:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-09-15 17:09 - 2018-05-23 02:19 - 000000000 ____D C:\Users\marce
2018-09-15 01:16 - 2018-03-02 00:53 - 000000000 ___HD C:\Users\Gebruiker\MicrosoftEdgeBackups
2018-09-14 01:28 - 2017-12-09 11:37 - 000000000 ____D C:\ProgramData\Davilex Business
2018-09-14 01:15 - 2017-07-04 10:49 - 000000000 ____D C:\Users\marce\AppData\Roaming\Samsung
2018-09-14 01:02 - 2017-03-15 16:28 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-09-14 00:54 - 2018-08-07 18:19 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\D3DSCache
2018-09-14 00:49 - 2017-07-04 10:45 - 000000000 ____D C:\Windows10Upgrade
2018-09-14 00:45 - 2018-03-02 00:53 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\PlaceholderTileLogoFolder
2018-09-14 00:39 - 2018-03-02 00:53 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Apple Computer
2018-09-14 00:39 - 2017-09-01 04:20 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-09-14 00:39 - 2017-02-25 10:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2018-09-14 00:38 - 2017-02-25 10:43 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Samsung
2018-09-13 23:46 - 2017-03-15 16:28 - 000000000 ____D C:\Users\Gebruiker\Documents\Scan
2018-09-13 06:19 - 2017-01-21 19:16 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-09-13 06:15 - 2017-07-04 11:17 - 000000000 ____D C:\Program Files (x86)\Intel
2018-09-13 06:13 - 2017-07-04 11:17 - 000000000 ____D C:\Program Files\Intel
2018-09-13 05:22 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-12 22:08 - 2017-02-07 15:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-09-11 15:56 - 2018-05-23 02:15 - 000481200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-11 15:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-11 15:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-11 15:55 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-11 15:19 - 2018-07-12 00:43 - 000000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleFormarce.job
2018-09-11 15:03 - 2018-07-12 00:43 - 000003250 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormarce
2018-09-11 14:37 - 2017-07-19 02:50 - 000000000 ____D C:\Users\marce\AppData\Local\CrashDumps
2018-09-11 13:42 - 2017-09-17 15:02 - 000000000 ____D C:\Users\marce\AppData\Roaming\Belastingdienst
2018-09-11 12:32 - 2017-02-25 10:45 - 000000000 ____D C:\Program Files\Samsung
2018-09-11 12:32 - 2017-02-25 10:44 - 000000000 ____D C:\ProgramData\Samsung
2018-09-11 12:16 - 2017-02-25 10:43 - 000143664 ____N C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
2018-09-11 12:16 - 2017-02-25 10:43 - 000143664 ____N C:\WINDOWS\system32\SecUPDUtilSvc.exe
2018-09-11 11:31 - 2017-02-07 14:22 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\VirtualStore
2018-09-11 03:41 - 2018-08-10 05:36 - 000000000 ___HD C:\OneDriveTemp
2018-09-11 02:41 - 2018-05-23 02:26 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3489418135-4018434446-1041310367-1001
2018-09-11 02:41 - 2018-05-23 02:19 - 000002413 _____ C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-11 02:41 - 2017-02-07 14:23 - 000000000 ___RD C:\Users\Gebruiker\OneDrive
2018-09-10 15:04 - 2017-07-09 13:34 - 000000000 ____D C:\Program Files\CCleaner
2018-09-08 12:09 - 2016-07-29 14:33 - 000000000 ___RD C:\Users\Public\AccountPictures
2018-09-07 02:14 - 2017-07-04 11:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-09-07 02:10 - 2017-01-21 19:17 - 000000000 ____D C:\Intel
2018-09-07 02:07 - 2018-07-10 17:14 - 000000000 ____D C:\Users\marce\AppData\Local\D3DSCache
2018-09-07 01:59 - 2016-09-21 03:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-09-07 01:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-09-07 01:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-09-06 23:48 - 2018-08-01 06:02 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-09-06 08:39 - 2017-07-05 04:09 - 000000000 ____D C:\Users\marce\AppData\Roaming\IrfanView
2018-09-06 05:50 - 2018-07-12 07:10 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-09-06 05:13 - 2018-07-30 13:57 - 000000000 ____D C:\Users\marce\Downloads\0002-Diagnostic(2.0.2.12)_20160930_Win10Only
2018-09-05 01:04 - 2018-04-12 01:41 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-09-05 01:04 - 2018-04-12 01:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-04 20:39 - 2017-07-04 10:45 - 000000000 ____D C:\Users\marce\AppData\Local\NVIDIA Corporation
2018-09-02 11:04 - 2017-07-04 10:44 - 000000000 ____D C:\Users\marce\AppData\Roaming\HP
2018-09-02 11:04 - 2017-02-07 14:23 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\HP
2018-09-02 11:04 - 2016-09-21 03:52 - 000000000 ____D C:\ProgramData\HP
2018-08-29 04:01 - 2018-08-12 21:25 - 000000000 ____D C:\Program Files (x86)\PokerStars.EU
2018-08-29 04:01 - 2018-08-12 19:00 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\PokerStars.EU
2018-08-29 03:43 - 2018-08-13 09:37 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Easeware
2018-08-28 13:49 - 2017-02-07 14:22 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\NVIDIA Corporation
2018-08-27 22:39 - 2017-07-04 11:18 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-08-27 22:37 - 2017-07-04 11:18 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-08-27 22:37 - 2017-07-04 11:17 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-08-27 22:37 - 2017-07-04 10:43 - 000000000 ____D C:\Users\marce\AppData\Local\NVIDIA
2018-08-24 21:25 - 2017-05-13 15:39 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Downloaded Installations
2018-08-24 02:55 - 2018-08-09 23:17 - 000025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2018-08-24 01:36 - 2018-05-23 02:26 - 000002872 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-08-22 19:44 - 2018-08-03 10:23 - 000000538 _____ C:\Users\marce\advanced_ip_scanner_MAC.bin
2018-08-22 19:44 - 2018-08-03 10:23 - 000000031 _____ C:\Users\marce\advanced_ip_scanner_Aliases.bin
2018-08-22 19:44 - 2018-08-03 10:23 - 000000015 _____ C:\Users\marce\advanced_ip_scanner_Comments.bin
2018-08-20 23:47 - 2018-08-13 13:25 - 000000000 ____D C:\Users\marce\AppData\Roaming\Wireshark
2018-08-20 03:27 - 2018-08-13 02:06 - 000000000 ____D C:\Users\marce\AppData\Local\Adobe
2018-08-20 02:01 - 2018-03-02 14:40 - 000000000 ____D C:\Users\marce\AppData\Local\PokerStars.EU
2018-08-20 01:40 - 2017-11-21 16:47 - 000000000 ____D C:\Users\marce\AppData\Local\PackageStaging
2018-08-20 01:39 - 2018-08-09 16:48 - 000000000 ____D C:\WINDOWS\SysWOW64\rserver30
==================== Bestanden in de root van sommige mappen =======
2018-09-06 23:32 - 2018-09-06 23:32 - 000000218 _____ () C:\Users\Gebruiker\AppData\Local\recently-used.xbel
2018-08-22 14:02 - 2018-08-22 14:02 - 000007589 _____ () C:\Users\Gebruiker\AppData\Local\Resmon.ResmonCfg
2018-08-28 22:39 - 2018-08-28 22:39 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\zenmap.exe.log
Sommige bestanden in TEMP:
====================
2018-08-18 13:59 - 2018-08-16 06:04 - 011576808 _____ (SurfRight B.V.) C:\Users\marce\AppData\Local\Temp\HitmanPro.exe
2018-09-06 08:39 - 2016-08-21 12:17 - 000138720 _____ (Irfan Skiljan, IrfanView) C:\Users\marce\AppData\Local\Temp\iv_uninstall.exe
2018-09-05 15:56 - 2017-04-04 14:32 - 002790192 ____N () C:\Users\marce\AppData\Local\Temp\totaluninstaller2.exe
2018-08-20 02:01 - 2018-08-12 22:18 - 000382464 _____ (Rational Intellectual Holdings Ltd.) C:\Users\marce\AppData\Local\Temp\_unps.exe
==================== Bamital & volsnap ======================
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
LastRegBack: 2018-05-23 02:15
==================== Eind van FRST.txt ============================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[Stello72]

Thnx Broni, the 3 logs I got from RK will I post to you.
I wait for your message before I go further with Malwarebytes

 

[Stello72]

=========================================================
=== ===
=== RogueKiller Changelog ===
=== ===
=========================================================
-------------------
- Adlice Software -
-------------------
V12.13.1 09/17/2018
=================
- Added detections
V12.13.0 09/10/2018
=================
- Fixed a critical memory leak in core (buffer)
- Added detections
V12.12.34 09/03/2018
=================
- Added detections
V12.12.33 08/27/2018
=================
- Added detections
V12.12.32 08/20/2018
=================
- Added detections
V12.12.31 08/10/2018
=================
- Added detections
V12.12.30 08/06/2018
=================
- Added detections
V12.12.29 07/30/2018
=================
- Added detections
V12.12.28 07/23/2018
=================
- Added detections
V12.12.27 07/19/2018
=================
- Added detections
V12.12.26 07/09/2018
=================
- Added detections
V12.12.25 07/02/2018
=================
- Added detections
V12.12.24 06/25/2018
=================
- Added detections
V12.12.23 06/18/2018
=================
- Fixed a crash in Curl module
- Fixed Win32 API usage that broke XP compatibility
V12.12.22 06/18/2018
=================
- Added detections
V12.12.21 06/11/2018
=================
- Added detections
V12.12.20 06/04/2018
=================
- Added detections
V12.12.19 05/28/2018
=================
- Added detections
V12.12.18 05/22/2018
=================
- Added detections
V12.12.17 05/14/2018
=================
- Added detections
V12.12.16 05/04/2018
=================
- Added detections
V12.12.15 04/30/2018
=================
- Added detections
V12.12.14 04/23/2018
=================
- Added detections
V12.12.13 04/16/2018
=================
- Added detections
V12.12.12 04/09/2018
=================
- Added detections
V12.12.11 04/03/2018
=================
- Added detections
V12.12.10 03/26/2018
=================
- Added detections
V12.12.9 03/19/2018
=================
- Added detections
- Update Korean translation
V12.12.8 03/12/2018
=================
- Added detections
V12.12.7 03/05/2018
=================
- Added detections
V12.12.6 02/26/2018
=================
- Added detections
V12.12.5 02/19/2018
=================
- Added detections
V12.12.4 02/12/2018
=================
- Added detections
V12.12.3 02/05/2018
=================
- Added detections
V12.12.2 01/29/2018
=================
- Added detections
V12.12.1 01/22/2018
=================
- Fixed possible crash in PE parser
- Added detections
V12.12.0 01/15/2018
=================
- Fixed possible hang while processing file MD5
- Fixed Chrome extension removal
- Fixed Chrome configuration removal
- Added detections
V12.11.32 01/08/2018
=================
- Added detections
V12.11.31 01/02/2018
=================
- Added detections
V12.11.30 12/26/2017
=================
- Added detections
V12.11.29 12/18/2017
=================
- Added detections
- Fixed Windows Defender FP
V12.11.28 12/11/2017
=================
- Added detections
V12.11.27 12/04/2017
=================
- Fixed potential issue with "device not found, insert disk" messages
- Added detections
V12.11.26 11/27/2017
=================
- Added detections
V12.11.25 11/20/2017
=================
- Added detections
V12.11.24 11/13/2017
=================
- Added detections
V12.11.23 11/06/2017
=================
- Added detections
V12.11.22 10/30/2017
=================
- Added detections
V12.11.21 10/23/2017
=================
- Added detections
- Updated translations
- Fixed a bug in JSON export
V12.11.20 10/16/2017
=================
- Added detections
V12.11.19 10/09/2017
=================
- Added detections
V12.11.18 10/02/2017
=================
- Added detections
V12.11.17 09/25/2017
=================
- Added detections
- Updated translations
V12.11.16 09/18/2017
=================
- Added detections
V12.11.15 09/18/2017
=================
- Added detections
V12.11.14 09/11/2017
=================
- Added detections
V12.11.13 09/04/2017
=================
- Added detections
- Added msiexec handler to pathparser
V12.11.12 08/28/2017
=================
- Added detections
V12.11.11 08/21/2017
=================
- Added detections
- Dutch translation update
V12.11.10 08/14/2017
=================
- Added detections
- Fixed issue with uploader (please note this will apply to next update)
V12.11.9 08/03/2017
=================
- Added detections
- Fixed POST requests with proxy
- Fixed Upload timeout (crash upload/support form)
V12.11.8 07/24/2017
=================
- Fixed proxy persitence in Free mode
- Fixed a bug in MalPE
- Added detections
- Updated translations
V12.11.7 07/17/2017
=================
- Added detections
- Added Proxy configuration
V12.11.6 07/10/2017
=================
- Added detections
V12.11.5 07/03/2017
=================
- Added detections
V12.11.4 06/26/2017
=================
- Added detections
V12.11.3 06/19/2017
=================
- Added detections
- Minor fixes
V12.11.2 06/12/2017
=================
- Added detections
V12.11.1 06/04/2017
=================
- Added detections
- Fixed possible bug in MalPE scanner
- Forced VT mitigation for MalPE scanner to avoid FPs
V12.11.0 05/29/2017
=================
- Added detections
- NEW! MalPE module (BETA)
- NEW! RogueKillerAdmin V2 compatible
- DEPRECATED: RogueKillerAdmin V1
V12.10.10 05/22/2017
=================
- Added detections
V12.10.9 05/15/2017
=================
- Added detections
V12.10.8 05/08/2017
=================
- Added detections
- Fixed a bug in settings where Offline registry setting wasn't saved
V12.10.7 05/01/2017
=================
- Added detections
- Fixed a possible crash in COM module
- Fixed a possible crash in Path parser
V12.10.6 04/24/2017
=================
- Added detections
- Updated translations
V12.10.5 04/18/2017
=================
- Added detections
V12.10.4 04/10/2017
=================
- Added detections
V12.10.3 04/03/2017
=================
- Added detections
V12.10.2 03/27/2017
=================
- Added detections
V12.10.1 03/20/2017
=================
- Added detections
V12.10.0 03/13/2017
=================
- Added detections
- Now using common translations
- Fixed UI error where the "Pause" button was not reset after a scan
- Fixed a bug in the MBR scan
- Fixed minor bugs
V12.9.9 02/27/2017
=================
- Added detections
- Added warning when no element is selected prior to removal
- Fixed a bug in detection labels
- Fixed a bug in VT module
V12.9.8 02/21/2017
=================
- Added detections
V12.9.7 02/06/2017
=================
- Added detections
- Updated translations
V12.9.6 01/30/2017
=================
- Added detections
V12.9.5 01/23/2017
=================
- Added detections
V12.9.4 01/16/2017
=================
- Fixed FP on Mozilla Maintenance Service
V12.9.3 01/16/2017
=================
- Added detections
- Fixed licensing machine ID
V12.9.2 01/09/2017
=================
- Added detections
- Fixed critical bug in File module leading to a crash when scanning big files (> 2GB)
V12.9.1 01/02/2017
=================
- Added detections
- Various fixes
V12.9.0 12/26/2016
=================
- Added detections
- Signatures reorganization with YaraEditor database
- Donation text rewording
- Fixed big files scan
- Switched Yara fast mode ON
- Fixed tasks working dir recognition
V12.8.6 12/19/2016
=================
- Added detections
V12.8.5 12/12/2016
=================
- Added detections
V12.8.4 12/05/2016
=================
- Added detections
- RogueKillerDLL 1.0.3
- Fixed a bug in licensing, where it was impossible to remove license if about to expire
V12.8.3 11/28/2016
=================
- Added detections
V12.8.2 11/21/2016
=================
- Added detections
- Updated translations
V12.8.1 11/14/2016
=================
- Added detections
- Fixed update page translations
- Fixed eula page translations
- Fixed machine identification method
V12.8.0 11/07/2016
=================
- Added detections
- NEW! Chrome configuration scanner
- Added Print Providers scanner
V12.7.5 10/31/2016
=================
- Added detections
- Fixed COM crash on some machine at initialization
- Added Svchost path parser and service scanner
- New telemetry
- Fixed hidden tasks not being scanned
V12.7.4 10/24/2016
=================
- Added detections
- Fixed COM init/close implementation, that led to a hang on Windows XP
- Improved path parsing security
- Now path parser is able to scan for powershell EncodedData payloads
V12.7.3 10/17/2016
=================
- Added detections
- Updated translations
- Fixed bugs in task scanner prenventing from scanning entirely and removing tasks
- Fixed a bug with exit button
- Now installer has complete version number
V12.7.2 10/15/2016
=================
- Emergency fix for ADS false positive
V12.7.1 10/10/2016
=================
- Added detections
V12.7.0 10/03/2016
=================
- Added detections
- Improved filesystem scanner
- Improved telemetry
- Added winsock scanner
- Fixed a bug in installer
- Fixed installer error messages translations
V12.6.4 09/26/2016
=================
- Added detections
- Fixed a bug in disk serial read
V12.6.3 09/19/2016
=================
- Added detections
- NEW! Firewall rules scanner
V12.6.2 09/12/2016
=================
- Added detections
- Fixed a bug in LNK cleanup
- Added powershell path parser
V12.6.1 09/06/2016
=================
- Fixed missing resources (leading to a crash)
V12.6.0 09/05/2016
=================
- Added detections
- Updated translations
- Fixed a bug where patched files were not fixed on removal
- Added warning when license is expired or about to expire
- NEW! WMI Scanner
V12.5.2 08/29/2016
=================
- Added detections
- Updated translations
V12.5.1 08/22/2016
=================
- Fixed a bug in Yara module
V12.5.0 08/22/2016
=================
- Added detections
- Added file exclusion for forged files
- Fixed a bug where big files were detected as VT.Unknown
- Updated scanner to use Yara 3.5: https://github.com/VirusTotal/yara/releases/tag/v3.5.0
- Fixed (Yara 3.5): Processes scan doesn't use all memory/cpu
- Improvements (Yara 3.5): Scan is faster
V12.4.4 08/16/2016
=================
- Added detections
- Updated translations
V12.4.3 08/08/2016
=================
- Added detections
V12.4.2 08/01/2016
=================
- Added detections
V12.4.1 07/28/2016
=================
- Added detections
- Shortcuts scanner now cleans them instead of removing
V12.4.0 07/18/2016
=================
- Added detections
- Added Feed fallback (no more blank thing when website is slow)
- Added Shortcuts scanner
- Added Tasks scanner (by name/path)
- Updated translations
- Moved IRP scan to expert mode
- Fixed a bug where LNK pointed by tasks where not resolved
- Added registry Classes scanner
- (Premium) Added -noremove switch, to ignore detections
V12.3.8 07/11/2016
=================
- Added detections
- New feed version, with licensing filtering
- Registry scanner enhancement: Now stops the service before removing a service key
- Fixed a bug where Processes files were marked as missing
- Fixed VT score display
V12.3.7 07/04/2016
=================
- Added detections
- Updated internal links
- Updated translations
V12.3.6 06/27/2016
=================
- Fixed a bug leading to app being quit when a message is closed while in tray.
- Now displaying warnings on "Expert settings" turned on.
V12.3.5 06/22/2016
=================
- Fixed all links, now using a file provider API.
V12.3.4 06/20/2016
=================
- Added detections
- Added folder children exclusion scanner rule
- Signatures normlization
- Fixed a bug leading to hosts file not being scanned
V12.3.3 06/13/2016
=================
- Added detections
- Updated translations
- Fixed a bug where HTML reports were'nt readable on Chrome
V12.3.2 06/06/2016
=================
- Added detections
- Fixed possible crash on Intel files scan
- Refactor of marketing page
- Fixed a bug in VirusTotal upload leading to files not being sent for analysis
- Minor UI improvments
V12.3.1 05/30/2016
=================
- Added detections
- Updated translations
V12.3.0 05/22/2016
=================
- Added detections
- NEW! (Premium) Themes
- NEW! Clear theme
- NEW! Naked theme
- NEW! Dark theme
- Modified stats payload
- Update form: Now displays a warning when Updater is not present
- Update form: Now opens direct link to setup for Premium user in case Updater not present
V12.2.1 05/16/2016
=================
- Added detections
- Fixed transfer progress reset
- Updated translations
- Fixed UI hangs bug in old GUI
V12.2.0 05/10/2016
=================
- Added detections
- Updated translations
- Fixed a bug preventing from starting the scan on machines with 1 CPU
- Added a Quit button (useful when you want to skip close to tray)
- Fixed links in About tab
- Fixed check for updates (was not showing outdated when update arrives after the program is started)
V12.1.6 05/09/2016
=================
- Added detections
- Updated translations
- Improvement of path parsing module, added "cmd start x" method.
V12.1.5 05/02/2016
=================
- Added detections
- Update form now shows changelog
- Fixed RKAdmin link in updater
V12.1.4 04/25/2016
=================
- Added detections
- Fixed forged files dump to VT
- Now displays a warning when using wrong bits version
- Now shows GeoIP results
- Fixed an issue in updater where RogueKillerCMD wasn't recognized
V12.1.3 04/18/2016
=================
- Added detections
- Updated translations
- Fixed default check state in installer
- Fixed a bug that allowed check state modification of non-removable items
- Updater now uses cloud link
- Feed now uses cloud link
- Fixed a bug in GeoIP module
- Fixed a potential crash in MBR reading
V12.1.2 04/11/2016
=================
- Added detections
- Updated translations
V12.1.1 04/04/2016
=================
- Added detections
- Updated translations
- Now file replacements are made with sfc.exe on Vista+
- Added button to remove trial
- Fixed a bug in Chrome scanner preventing the scan from starting
V12.1.0 03/29/2016
=================
- Added detections
- NEW! Tools menu
- NEW! Hosts File Tools menu (Premium)
- Updated translations
- Fixed a bug in context menu actions
V12.0.3 03/21/2016
=================
- Added detections
- Added indonesian language
- Added more translators names
- Fixed a bug in AutoStart/AutoDelete
- Fixed a bug preventing to quit on Update
- Added a link to Lost license form
V12.0.2 03/14/2016
=================
- Added detections
- Added crash dump form
- Fixed a bug that showed steps not supposed to run
- Updated translations / Fixed typos
- Added Data column in scan results
- Fixed Autoscan
- Fixed Autoremove
- Now scan progress live detection shows in red when an item is detected
- Fixed a bug that led to driver state being wrong in reports
V12.0.1 03/07/2016
=================
- New user interface
- Added detections
V11.0.14 02/29/2016
=================
- moved driver loading at the beginning of the scan
- introducing expert mode
- processes no longer killed during scan (killed at removal, on demand)
- moved IAT scanning into expert mode
- core preparation for V12
- Added detections
V11.0.13 02/22/2016
=================
- moved signatures loading at the beginning of the scan
- core preparation for V12
- Added detections
V11.0.12 02/15/2016
=================
- Added detections
- Fixed a bug in Files module
- Fixed a bug in Web module
V11.0.11 02/08/2016
=================
- Added detections
V11.0.10 02/01/2016
=================
- Added detections
- Updated translations
V11.0.9 01/25/2016
=================
- Added detections
- Updater 2.1
- Updater can now serves installable version
- Updater can now skip licensing page if already registered
V11.0.8 01/19/2016
=================
- Added detections
- TrueSight v2.0.2 (fixed digital certificate for SHA1)
- Added Turkish language
- Updated translations
V11.0.7 01/11/2016
=================
- Added detections
- Added ADS whitelisting/blacklisting
V11.0.6 01/04/2016
=================
- Added detections
- Using new licensing API
V11.0.5 12/28/2015
=================
- Added detections
- Now setup will verify license key when entered
V11.0.4 12/20/2015
=================
- Added detections
V11.0.3 12/14/2015
=================
- Added detections
- Added translations in setup
- Updated translations
V11.0.2 12/07/2015
=================
- Fixed a bug in Buffer search
V11.0.1 12/07/2015
=================
- Added detections
- Fixed a possible bug in scanner
- Fixed a possible issue in COM module
V11.0.0 11/30/2015
=================
- Added rating link in marketing window
- Now detects ADS (Alternate Data Streams)
- Qt 5.5
- Moved Prescan into Scan
- Now IAT scan is able to scan Microsoft Edge
- Better hooks report for kernel hooks
- Truesight v2
- Now kernel hooks are scanned on userland
- Fixed a bug in COM module
- Added software keys detection
- Added registry path signatures
- Added detections
V10.11.7 11/23/2015
=================
- Added detections
- Fixed a possible hang issue on HTTP calls (timeout broken)
- setup improvments, ability to deploy both version (32/64 bits)
- setup improvments, banner and translations
- fixed a possible crash in junctions data parsing
V10.11.6 11/16/2015
=================
- Added detections
- Fixed a bug that closed the app when closing child window when minimized in tray
- added -reportpath command line parameter
- UI tweaks
V10.11.5 11/09/2015
=================
- Added detections
V10.11.4 11/02/2015
=================
- Added detections
- Fixed a bug in licensing engine, leading to a lost of configuration sometimes.
- Fixed a bug in processes module where main module was not good
- Fixed a bug in processes module where Updater was crashing if a very long command line was passed
V10.11.3 10/26/2015
=================
- Added detections
- Added warning when driver is not loaded
- Fixed Microsoft Security Client as legit parent for svchost
- (Premium) Added Premium label in reports
- Updated translations
- (Premium) Added information for external scanner (tab in settings)
- (Premium) Now application closes in tray and persist
- (Premium) Now able to start a scan from the tray icon
- Fixed a bug where services/windows were not scanned
- Fixed a bug where filesystem was not properly scanned
V10.11.2 10/20/2015
=================
- Fixed a crash in Buffer module
- Moved rebranding to Premium Technician
V10.11.1 10/19/2015
=================
- Added detections
- Moved rebranding to Premium documented features
- Fixed an issue with IAT scan progress (progress reset after process scan)
- Updated translations
- NEW! (Premium Technician) Added an option to limit time validity of portable config files
- Improved performance of filesystem scanner (scan is now much faster)
- Whitelisted Chrome sandbox IAT hooks
- Added timeout for file shortcut resolution (improves performance of filesystem scanner)
V10.11.0 10/12/2015
=================
- Added detections
- Added filter on VirusTotal internal submit (no user file)
- Improved shellcode module detection in inline hooks module
- Fixed memory growth while scanning filesystem
- IAT scan is now much faster because only scanning windows DLLs table
- Table-based hooks have cleaner display in logs (module!export)
- Fixed a bug in modules enumeration on 64 bits
- Excluded wow64cpu enter from inline hooks detection
- Now inline hooks architecture detection relies on import module architecture instead of process
- RogueKillerCMD: Added -dont_ask switch (to eliminate all user interactions and use default actions)
V10.10.9 10/05/2015
=================
- Fixed bug in Disk module
- Fixed bug in IAT parser
V10.10.8 10/05/2015
=================
- Added detections
- Now Updater restarts application using same command line parameters
V10.10.7 09/28/2015
=================
- Added detections
V10.10.6 09/21/2015
=================
- Added detections
- Fixed bug in Disk module
- New social icons
- RogueKillerCMD: Added build number, licensing state
V10.10.5 09/14/2015
=================
- Added detections
V10.10.4 09/04/2015
=================
- Added detections
- Updated links
- (Premium) Added notification when license is about to expire
- Fixed bug in Disks module
V10.10.3 08/31/2015
=================
- Added detections
- Now all legit antirootkit entries are hidden
- fixed a bug in Process module
- internal reorganization
V10.10.2 08/24/2015
=================
- Added Detections
- NEW! Added Processes list to json report
- NEW! (Premium) Added -vtupload yes/no command line parameter
- Updated EULA to reflect licensing terms
- Updated translations
- Added help button in "?" menu
- Fixed way of reading disk serial
- Fixed a bug in VT scanner
V10.10.1 08/17/2015
=================
- Added detections
- (Premium) Added message when Updater is not present and program is outdated
- Updated translations
- Added link to public Trello board
- Added version check in about form
- NEW! VirusTotal choice for upload
- NEW! (Premium) VirusTotal choice setting
- Fixed automatic updates when Updater is not present
- NEW! EULA will show up again if a new version is present
- Extended injection signature search to 4 sections (instead of 1), to better identify injection code.
- Now infection urls for antirootkit point to non technical posts
- Resized main and about forms
- (Premium) Added more information in licensing server check
- (Premium) Prepared for annual subscription switch
V10.10.0 08/11/2015
=================
- Added detections
- Compatibility with Windows10
- Added error message when key has wrong pattern
- Updated translations
- NEW! File Scanner is more aggressive, and will search in a lot more locations
- Fixed a bug in honey module
- Fixed a bug in logging module
V10.9.4 07/30/2015
=================
- Added detections
- Fixed file scan when path contains unicode characters
- Fixed offline licensing issue (License was not recognized when no internet available). Now once registered (with internet on) it works offline.
- NEW! (Premium) Tray icon phase 1.
V10.9.3 07/21/2015
=================
- Fixed a crash when scanning Digital Certificate of some files
- Fixed a FP when LNK files have unicode characters in path (OneNote 2010 - Capture d??cran et lancement.lnk)
V10.9.2 07/20/2015
=================
- Added detections
- NEW! HTML reports
- NEW! HTML Open button
- NEW! TXT Open button
- NEW! HTML log setting + command line parameter
- Fixed timeout for Curl operations (max 5 seconds)
- NEW! signature database is now pre-compiled, will load much faster
- Updated Yara engine to 3.4
- Refactored Digisig engine, better performances
- Added more information in Json log for killed processes
- Fixed a bug where x64 processes names are not found when using x86 version
- Fixed path whitelist priority on VT blacklist (processes scanner)
- Updated translations
- Fixed an issue where Floppy drives become very noisy during scan
V10.9.1 07/09/2015
=================
- Added detections
- NEW! Added Open Text button in Json log viewer.
- NEW! Korean language
- Updated translations
- Fixed Scan randomly performed.
- NEW! Command line parameter: -reportformat [txt|json]
- NEW! Report format setting
- Merged Txt report generation with Txt export
V10.9.0 07/06/2015
=================
- Separate database for RogueKillerCMD / Updater
- NEW! Updater is now generic (cannot be used by double click anymore, takes command line)
- NEW! RogueKillerCMD can now use automatic updates
- NEW! RogueKillerCMD has now a version check
- NEW! RogueKiller has now accessibility (JAWS compatibility)
- Added detections
- -autodelete implicit has been removed from -hide
- Fixed a bug in RogueKillerCMD where command line isn't handled correctly
- NEW! RogueKiller now uses JSON as root format for reporting
- NEW! RogueKiller can open JSON logs into a new window
- NEW! JSON logs can be exported in RAW text format
- Updated translations
- NEW! setup now embeds RogueKillerCMD
- Fixed a bug in tasks scanner
- Fixed certificate timestamp
V10.8.7 06/29/2015
=================
- Removed AV.Killer definition (too many FPs)
- Fixed a bug in mstring module, leading to infinite loop in certain circumstances
- Now tasks scanner scans arguments too
- Added detections
V10.8.6 06/22/2015
=================
- Adjusted AV.Killer definition
V10.8.5 06/22/2015
=================
- Added detections
- NEW! External Scanner
- Fixed a bug in Process Scanner
- Fixed a bug in File Search
- Fixed a bug in Registry Scanner
- Now process paths are expanded
- Fixed a bug in VT module
- Fixed a bug in -autoscan
V10.8.4 06/16/2015
=================
- Added Skype to exclusions for RunPE detections
V10.8.3 06/15/2015
=================
- Added detections
- NEW! RunPE heuristic detection
- (Premium) Removed Paypal/Premium images
- Refactored settings form
- NEW! (Premium) -autoupdate command line parameter + setting
- Updated translations
- Fixed a bug in VT module
- Fixed a bug in WebServer (Not starting sometimes)
V10.8.2 06/09/2015
=================
- Using Licensing 2.0
- Added detections
V10.8.1 06/03/2015
=================
- Fixed a bug in Licensing
- Fixed a bug in VirusTotal module
- Now portable license generated file is read-only
- Added GUI indicators when using portable license
- Added detections
- Extension checker optimizations
V10.8.0 06/01/2015
=================
- Updated database
- Fixed a bug in reporting
- Disabled PUM.DesktopIcons (too confusing, and not critical)
- Disabled PUM.Orphan (too confusing, not critical)
- Better unit testing
- Initialization optimizations
- Updated translations
- NEW! (Premium) Web service
- NEW! Web service /info url (get version info)
- NEW! Web service /scan/new url (start new scan)
- NEW! Web service /scan/status url (get scan status)
- NEW! Web service /report/last url (get last report)
- NEW! (Premium) -pupismalware command line parameter + setting
- NEW! (Premium) -pumismalware command line parameter + setting
- Reverted portable fixed location in rk_config.ini
- Fixed error message when too many instances
- Setup now adds RogueKiller bin folder to %PATH%
- Updated userland certificate
- NEW! Promotional nag.
V10.7.0 05/25/2015
=================
- New configuration module, not compatible with old one. Able to use read-only medium for portable license.
- NEW! no more rk_config.ini for technician license.
- NEW! command line parameter: -portable-license
- Updated languages
V10.6.5 05/20/2015
=================
- Fixed a bug with KnownDLLs detection when value name starts with underscore (_)
V10.6.4 05/18/2015
=================
- NEW! Preferred language is now saved
- Added detections
- Fixed processes scan aggressiveness
- NEW! Logo can now be rebranded (Please contact us)
- Fixed a bug in Extensions Checked
- Fixed a bug in CLSID scanner
- Fixed Orphan detection level + vendor name => PUM.Orphan
- Fixed License fallback state
- Added new autostart locations
- Added Transfert progressbar
V10.6.3 05/11/2015
=================
- Added detections
- Fixed a bug in File Search module
- Increased feed rotation time
- Better UI information
- Deactivated VT IP scan (too many FPs)
V10.6.2 05/04/2015
=================
- NEW! Breaking news banner
- External libs update + optimizations (Zlib, SQLite, udis86)
- Fixed a bug in Tab navigation
V10.6.1 04/27/2015
=================
- Now VT file scan has minimum/maximum size
- Refactored PUP/PUM classification to be clearer and more consistent
- Fixed VT file scanner scanning LNK files instead of target
- Now VT unknown s classified as PUP
- Now VT cache has outdated date (fixed to 5 days)
- Now VT scanner rescans pending items at initialization
- Added detections
V10.6.0 04/20/2015
=================
- Added detections
- Moved version check before Prescan
- Fixed a bug in IAT scanner, where call stack was not recorded correctly
- Fixed a bug in IAT scanner, where unknown module was not displayed
- Fixed a bug in RogueKiller OLD GUI, where config file was not read properly
- Fixed ShowLegitHooks command/setting
- Fixed slow UI when a lot of entries are added to a table
- Fixed a bad items insertion when sorting was enabled
- Fixed a bug in MBR (GPT) module
- Fixed missing Premium info when internet access is broken
- Fixed a bug in libcurl library (X64)
- Added new method to detect IAT inline hooks
- NEW! VT Scan on registry, tasks, files, mbr, web browsers and antirootkit scans.
- NEW! VT scan no more in beta
- NEW! VT scan now scans all processes
- NEW! VT scan has local caching
V10.5.10 04/13/2015
=================
- Added detections
- Now can register Premium with command line parameter: -register <email> <key>
- Now displays remaining activations for Premium
- All communications are now using SSL (HTTPS)
- RogueKillerCMD: Added better colors
- RogueKillerCMD: Now can recognize RogueKiller's command line parameters
V10.5.9 04/07/2015
=================
- Added detections
- Now logs are sorted by date
- Now can attach last log even if a scan was not performed in the same session
- Fixed a bug where registration form cannot upload last report
- Removed Post Delete message asking for Premium buying when a user is already registered
- Now file scanner shows unscanned files (for progression), so that software doesn't give an impress of being stuck
V10.5.8 03/30/2015
=================
- Added detections
- Fixed a bug where config isn't reset after removing the license.
- Fixed NoPop configuration bug
- Added all command line parameters in Settings
- Updated translations
- Now registration Id/Key are trimmed to avoid copying/writing spaces before/after them (and have wrong key error message)
- Fixed updater now recognizing License on Windows 8 (now needs admin rights to be launched).
- Updated EULA to reflect VirusTotal integration rules.
V10.5.7 03/22/2015
=================
- Fixed a crash when starting the application
V10.5.6 03/21/2015
=================
- Added detections
- Fixed bug forbidding technician licenses to use command line
- Added Persian translation
- Fixed a possible hang on service termination
- Added progress text on progressbar during the scan
- NEW! VT scan on Processes (beta, only premium, disabled by default)
- NEW! VT scan on Services (beta, only premium, disabled by default)
- RogueKillerCMD : removed tutorial opening in case of an infection
V10.5.5 03/16/2015
=================
- Added detections
- PREMIUM: Added more settings options
- Unhidden premium options, added Nag message
- Updated translations
- Moved Scan choices to settings
V10.5.4 03/12/2015
=================
- Added detections
- Added credits for translators (About)
- Now service scanner is aware of ServiceDll path
- Updated translations
- Now Premium registration email is trimmed (remove spaces before and after the email)
V10.5.3 03/10/2015
=================
- Fixed a bug in Path module where all shortened path were not properly expanded (Ex: LogMe~ => LogMeIn Rescue Applet)
V10.5.2 03/09/2015
=================
- PREMIUM: Technician License can now use portable config file
- Added Premium logo
- Fixed a bug when opening website
V10.5.1 03/05/2015
=================
- Using new licensing system
- Added detections
V10.5.0 03/01/2015
=================
- NEW! Now RogueKiller is available with an installer
- PREMIUM: Separate updater
- PREMIUM: Trial of 30 days per machine
- Added detections
- Fixed a crash in jansson library
V10.4.3 02/23/2015
=================
- Added detections
V10.4.2 02/23/2015
=================
- Added detections
V10.4.1 02/19/2015
=================
- Added detections
V10.4.0 02/18/2015
=================
- Uniformization of whitelists/blacklists (we dropped a lot of detections, this can lead to false positives...
...but they will be fixed as people report them)
- Fixed a bug in LNK signature detection
- Fixed a buf in Time module
- NEW! Better CLSID scanner
- NEW! Now MBR scanner is EFI compatible
- Updated italian translation
- Fixed a bug in Path module
V10.3.0 02/16/2015
=================
- Added detections
- New command line flag: -showlegithooks (Shows legit hooks that are normally hidden)
- Big improvements in the IAT hooks engine; Preparation of refactoring for the kernel hooks.
- Big improvements in Extension Checker module
- NEW! Arabic translation
- Updated translations
- Updated Yara engine to 3.3
V10.2.0 01/19/2015
=================
- Added detections
- Updated Italian translation
- Added German translation
- Added Chinese traditional translation
- Fixed a bug in Registry scanner where .DEFAULT hive is not scanned
- Added MBR signature for FinFisher
- Added MBR signature for TDL4
- Added MBR signature for Rovnix
- Fixed some bugs in MBR scanner
- Improved low level disk access library
- Added VBR (Volume Boot Record) scanner
V10.1.2 01/06/2015
=================
- Added detections
- Updated Spanish translation
- Added Italian translation
- Added hook signatures engine
V10.1.1 12/23/2014
=================
- Added detections
- PREMIUM: Added settings form
- PREMIUM: Added MBR Scan setting
- PREMIUM: Added Honey Scan setting
- PREMIUM: Added Antirootkit Scan setting
- PREMIUM: Added Open website setting
- Added Dutch translation
- Added Italian translation
- Added sanity check for website opening
V10.1.0 12/11/2014
=================
- Added detections
- Fixed mbamservice false positive
V10.0.9 12/08/2014
=================
- Fixed Xpaj false positive with DiskCryptor MBR
- Added DiskCryptor MBR signature
- Added detections
- TrueSight 1.0.4: Better shellcode module detection
- IAT Hooks: Better shellcode module detection
V10.0.8 11/20/2014
=================
- Added detections
- Fixed bug of processes not killed
- Now process memory is scanned before path scan
V10.0.7 11/20/2014
=================
- Now process pages are scanned for whitelist
- Updated Yara engine
- Added detections
- Reverted some command line to free version: -nodriver -nokill -nopop -nothirdparty
V10.0.6 11/12/2014
=================
- Fixed a bug in Process module (not enough rights to get process path)
- Fixed a bug in AV whitelist detection
- Added detections
V10.0.5 11/11/2014
=================
- Now AV processes are whitelisted
- Added language separator for "Your language here"
- Added Injected process heuristic detection
- Fixed bad Zeus signature
- More aggressive against Poweliks processes
- Added detections
- Updated links
V10.0.4 10/29/2014
=================
- Added link to translations in language menu
- Added Delay IAT in PE module
- Added Delay IAT hooks in antirootkit
- Now IAT hooks are printed to UI as they are scanned
- Removed ctfmon from sensitive processes
- Now detects Zeus variants
- Now informative texts are not elided
- Better choices (currency/amount) for Paypal form
- Removed unused resources
- Improvements in quarantine module
- Now DNS entries show country IP in text report
- PREMIUM: Added quarantine handler
- Added detections
V10.0.3 10/22/2014
=================
- New user-agent: Now sends extended vendor names for real time monitoring
- Added detections
V10.0.2 10/16/2014
=================
- Added detection of services hidden from SCM and from registry
- Dropped command line support in free version
- Removed EAT hooks (useless)
- Improved IAT hooks scanner (now scans all modules instead of main module)
- Fixed a bug in driver library (driver could not load under certain circumstances)
- Added Czech translation
- Added tooltip with detection level (for colorblind people)
- Added detections
V10.0.1 10/10/2014
=================
- Improvements in Process library
- Added COM integrity check to disable COM calls when server is corrupted (Poweliks)
- Fixed Poweliks rule
- Added detections
- Fixed Bug in registry module
- Fixed a bug in logging
V10.0.0 10/08/2014
=================
- Major UI changes
- Added support for future Premium version
- Added support for ShellIconOverlayIdentifiers and ShellServiceObjectDelayLoad keys
- Now CLSIDs are scanned for path and memory
- Added detections
V9.3.0 10/06/2014
=================
- New Rules engine. Easier to maintain, more robust.
- Fixed a lot of bugs in Scanner engines.
- Added detections
V9.2.13 09/25/2014
=================
- Fixed a bug in registry module introduced in 9.2.12
- Fixed a bug in process engine that forbids svchost processes to be killed
- Added detections
V9.2.12 09/23/2014
=================
- TrueSight: 1.0.3: Fixed a Kernel stack overflow leading to a BSoD
- Better handling of multistring registry value/key names (ZeroAccess/Poweliks)
- Added Poweliks detections
- Added detections
V9.2.11 09/18/2014
=================
- Added detection to new Poweliks variant
- Fixed a bug of infinite wait when COM objects are broken
V9.2.10 09/09/2014
=================
- Fixed a bug in Yara scanner
- Fixed a bug in language module
- Fixed a crash dump uploader (due to surlatoile.org move to https)
- Added service binary path in report
V9.2.9 09/01/2014
=================
- Updated Yara to 3.1.0
- Added detections
- Firefox PUM.HomePage is using domain whitelist
V9.2.8 08/15/2014
=================
- Added detections
V9.2.7 08/15/2014
=================
- Added scan of Search Page/Start Page for Internet Explorer
- Added scan of Start Page for Firefox
- TrueSight 1.0.2: Process Kill
- TrueSight 1.0.2: Registry key Kill
- TrueSight 1.0.2: File Kill
- RogueKiller: Implementation of new Truesight features
- RogueKillerCMD: Implementation of new Truesight features

V9.2.6 08/07/2014
=================
- Removed a ZeroAccess false detection
- Fixed a bug in registry module (introduced in 9.2.5)
V9.2.5 08/07/2014
=================
- Fixed a bug in registry module (poweliks/zeroaccess trick)
- Fixed a bug in command line parsing
- RogueKillerCMD: Added registry value/subkey removal by index
- Added detections
V9.2.4 07/24/2014
=================
- Added detections
- Added Key present rule
- Added Value data rule
- Updated Yara
- Fixed a bug in file search module
- Fixed a bug in honey file module
- Fixed string limit in path module
- RogueKillerCMD: Registry Kill
V9.2.3 07/14/2014
=================
- Fixed a bug in file module
- Added detections
V9.2.2 07/11/2014
=================
- Fixed a bug in task scanner
- Fixed a bug in path parser
- Fixed a bug in registry module
- Fixed a bug in install module
- Unknown MBRs are dumped in %programdata%/RogueKiller/Debug
- Added detections
V9.2.1 07/09/2014
=================
- Fixed a bug in logging
- Fixed unicode hosts file read/write
- Fixed empty hosts lines scan
- Truesight 1.0.1
- Truesight now suspends TDL4 threads before MBR fix
- Removed debug messages from Truesight
- Fixed pcalua detection in task scanner
- Added links
V9.2.0 07/07/2014
=================
- Truesight 1.0 (no more in beta)
- Truesight loads in X64
- Truesight rewriten from scratch (increased stability, code compatibility)
- Truesight now detects Filters (regular, reverse)
- Added detections
- Added translations
- Fixed regression about vendor url opening
- Fixed bug about duplicate registry entries on x86
V9.1.0 06/23/2014
=================
- Added detections
- Fixed a problem of ProgramFiles/ProgramFilesX86/ProgrameFilesW6432 var env parsing
- Binaries are now digitally signed.
- updated translations

V9.0.3 06/17/2014
=================
- Fixed encoding bug in quarantine handler
- Fixed crash window opening when no dump is available
- Fixed duplicated files in common startup folder on XP
- Detection of WinPE. Now LivePE/LiveUSB scan is faster and more accurate.
- Fixed reboot query
- Improved replacement method
- Fixed DNS whitelisting
- Added Zekos signatures
- Now file replacement engine looks for same file version before replacing.
- Fixed a bug in startup honey module
- Fixed a bug in mbr module
- Added detections

V9.0.2 06/04/2014
=================
- Fixed a bug in registry scanner
- Fixed a bug in Buffer lib
- Added chrome extensions removal
- Fixed service repair
- Added single instance mutex
- Fixed a bug when trying to quit
- Added detections
- Added Necurs link
- Added pathparser special rules (rundll32, wscript)
- Fixed a bug in file parsing
- Fixed a bug in Honey module

V9.0.1 06/02/2014
=================
- Fixed a bug in logging
- Fixed a bug in File lib
- Fixed a bug in GUI
- Optimizations in String parser
- Added detections
- Fixed a bug in addons detection
- Fixed a bug in forged file detection
- Fixed a bug in service scanner
- Now malware hooks are Orange
V9.0.0 05/29/2014
=================
- Fixed bugs

 

[Stello72]

V9.0.0 beta 3 05/26/2014
=================
- CLI commands -nodriver -autoscan -autodelete -autoquit -autoeula -hideui
- Added detections
- Fixed EULA
- Added service repair
- Added check for updates
- Changed driver icon
- Added reboot notification
- Added pending detections notification on quit
V9.0.0 beta 2 05/23/2014
=================
- Fixed a bug in MBR log
- Fixed a bug in Service log
- Fixed a bug in log (RTL characters removed, ZeroAccess)
- Replaced SUSP PATH label by Suspicious.Path
- Removed Chrome.exe IAT/EAT scan
- Fixed 3 bugs in IEAT/EAT display (process is displayed / legit entries are hidden / fixed size of function in console display)
- Now suspicious services registry keys are not prechecked (to avoid confusion with true malware)
- Disabled Forged files removal (except if contains malware signature), due to some false positives
- Fixed a bug in Registry subkey removal (ZeroAccess)
- Fixed a bug in File replacement (added ACL copy before replace, Zekos)
- Fixed a bug in ListView sorting (was too slow)
- Added detections
V9.0.0 beta 1 05/22/2014
=================
- Added crash handler window
- Reports are now translated
- Added missing translations
- Added hover event for Facebook / Paypal links
- Added fancy Facebook button
- Replaced old icons by high res icons
- Added detections
- Fixed a bug in ComManager
V9.0.0 alpha5 05/21/2014
=================
- Brand new high res icon! (thanks nfn678 from deviantart.com)
- Now sending statistics to adlice.com webserver database
- PUM color detection is now Dark Gray
- Added web browser scan
- Added stop button (during scan only)
V9.0.0 alpha4 05/20/2014
=================
- Added context menu select/unselect all
- replaced old MBR display by a listview
- added MBR scan
- fixed carriage return bug in reports
- fixed bad driver decryption
- added Hooks scanner
V9.0.0 alpha3 05/19/2014
=================
- Fixed a bug when exiting with file menu
- Added hosts fix button (hosts tab)
- Fixed window names bug (massive false positive)
- Added true version number comparison for version checker
- Fixed elided text bug
- Added report footer
- Now general progressbar is used as progression
- Now displays fine progression
- Added file scanner
V9.0.0 alpha2 05/16/2014
=================
- Fixed a crash in Yara scanner on some processes
- Fixed a bug in Hidden processes detection
- Fixed a bug in report module, prescan results were removed from reports
- Fixed display bug (wrong X64 display in title)
- Fixed crash handler, now crash dumps will be located in %ProgramData%/RogueKiller/Debug
- Fixed display bug. After removal, status of items was not updated.
- Added Hosts file support
- Added Hosts file line removal
- Removed Proxy, DNS and Shortcut buttons/tabs
V9.0.0 alpha1 05/14/2014
=================
- Rewritten engine from scratch ( RKSdk V1 )
- Moved to Yara scanner
- Fixed a lot of bugs
V8.8.14 03/26/2014
=================
- Fixed a bug in PE parser
- Optimizations
- Added detections
V8.8.13 03/25/2014
=================
- Optimizations
- Prepare for 8.9.0
- NEW! Now scans IAT/EAT on x64 operating systems
- NEW! Now scans non-PE files (example: .bat)
- Addded detections
V8.8.12 03/20/2014
=================
- Optimizations
- Prepare for 8.9.0
- Added Thanks for Downloading Url at first use.
- Fixed bug in MBR fix
- Fixed progressbar behavior
V8.8.11 03/14/2014
=================
- Optimizations
- Added lot of PUP detections
- file path are elided in console
V8.8.10 02/28/2014
=================
- Added detections
- Changed links
- Fixed a bug in File library
- RogueKillerCMD 0.1.3
* Added service list
* Added service kill
V8.8.9 02/24/2014
=================
- Added double check for current version
- Added double post for autofeedback
- Changed sur-la-toile.com domain for new one surlatoile.org (fixed statistics and version check)

V8.8.8 02/19/2014
=================
- URL are now localized
- Fixed tree process creation deadlock

V8.8.7 02/11/2014
=================
- Fixed bugs in Hidden process detection
- Added traces for killed processes check bug.

V8.8.6 02/07/2014
=================
- ACLs management improvement
- Fixed FP in hook module
- NEW! Google Chrome extensions are listed [Removal not supported yet]
- Fixed Zekos FP with Zanga.exe
- Fixed forum link in report

V8.8.5 02/03/2014
=================
- Added debug trace for dllhost issue
- Added rogue detections
- Fixed duplicates in Firefox Addons list
- Added extensions.json / extensions.sqlite in the firefox watch list
- Now kills firefox before removing extensions
V8.8.4 01/27/2014
=================
- Added ACL module.
- Fixed bug with ACLs when replacing patched file [Black Screen - Zekos]
- Restored Zekos signatures
V8.8.3 01/24/2014
=================
- NEW! Extension removal for IE / Firefox (context menu)
- Neutralized Zekos signatures to avoid black screen at replacement. [To be fixed]
V8.8.2 01/17/2014
=================
- NEW! Miuref detection and removal
- Added Zekos x64 detection
- Fixed a bug in honey module
- Fixed a bug in core module
- Fixed a bug in driver module
V8.8.1 01/14/2014
=================
- Fixed bug in registry module
- Fixed a bug in file module
- NEW! Zekos detection and removal.
V8.8.0 12/27/2013
=================
- NEW! web browser addons are listed (Internet Explorer | Firefox )
- NEW! Cryptolocker pattern
- NEW! Killed process verifier. If some processes remain, they are killed by their whole tree.
- Added detections
V8.7.13 12/18/2013
=================
- Translated Paypal Icon
- Fixed a bug in GUI lib
- Added PUP pattern
- Fixed a bug in File lib (ZeroAccess detection)
- Added addons tab
V8.7.12 12/16/2013
=================
- Windows 8.1 detection
- Fixed bug in Shortcut mode
- Refactoring of File lib
- Added detections
- RogueKillerCMD 0.1.2
* Added process list
V8.7.11 12/04/2013
=================
- Fixed a bug in UI lib
V8.7.10 12/04/2013
=================
- Added detections
- RogueKillerCMD 0.1.1
* Fixed DLL dependencies
V8.7.9 11/25/2013
=================
- Fixed a bug in regex parsing
- Optimization of regex
- Added 2 new methods for registry Read/Write
- NEW! Honey module now uses the Win32 API Offline method (Safer)
- Fixed a bug in script cleanup
- Fixed a bug in mbr module
- Added detections
- Added Error code for MBR read
- Removed ROGUE ST detection for registry values

V8.7.8 11/14/2013
=================
- NEW! Added Zlib compression for crash dump sending
- Improvement of args handler
V8.7.7 11/11/2013
=================
- NEW! new banner
- Fixed bugs in Registry module
- Fixed bug in PeParser
- Added progress window for crash report uploading
- Now collecting FUll dumps [This can be long, be patient!]

V8.7.6 10/28/2013
=================
- Changed crash feedback for sending crash dump instead of custom crash logs
- Fixed bug in PeParser

V8.7.5 10/22/2013
=================
- Added useragent in debug log sending
- NEW! Geoloc for proxy / DNS IPs
- Fixed bug on TaskMan value
- NEW! -report_output and -hide switches
- NEW! Stop button

V8.7.4 10/16/2013
=================
- Added COUNTRY in user agent of statistic module

V8.7.3 10/15/2013
=================
- NEW! Detection/Removal of generic name mismatches in registry key/values (API fool trick -Rootkit)
- Fixed a bug in HiveReader module
- Fixed a bug in Pattern module

V8.7.2 10/10/2013
=================
- Fixed memory leak in sigcheck
- Fixed bug in PeParser
- Fixed bug in File module
- Added RECYCLER suspicious path (DorkBot)
- Added TaskManager key monitoring

V8.7.1 10/03/2013
=================
- Fixed bugs in PeParser
- Fixed bug in IAT/ETA hooks
- NEW! Listview sorting

V8.7.0 09/30/2013
=================
- NEW! Scan IAT/ETA of sensible processes
- NEW! Filesystem userland antirootkit
- Added colors to differenciate type of objects
- Added Romanian language
- Fixed bug in file deletion
- Fixed bugs in Pe parser
- Optimizations: Com library
- Fixed bug in GUI library
- Added detections

V8.6.12 09/18/2013
=================
- Added detections
- Added MBR infos
- Added PUM label, and more consitent colors
- Fixed a bug in MBR module

V8.6.11 09/11/2013
=================
- Fixed a crash a startup on x64 OS

V8.6.10 09/09/2013
=================
- Fixed a bug in PeParser
- TrueSight 0.9.1

V8.6.9 09/03/2013
=================
- Fixed a bug in PeParser
- Added Export parsing
- Fixed a bug in SSDT parsing
- Added detections

V8.6.8 09/02/2013
=================
- Fixed a bug in peParser
- Truesight v0.9

----- Now Date in english format

V8.6.7 27/08/2013
=================
- Fixed display issue
- Fixed problem in Registry module
- Added Rogue.AntiSpy-LSP pattern (Live Security Professional)
- Added detections

V8.6.6 19/08/2013
=================
- NEW! Ability to resize the application (but still flickering when resized...)
- Fixed display issue in safe mode
- Removed Hosts scan if file is bigger than 1MB
- Added detections
- Fixed bug in removal

V8.6.5 04/08/2013
=================
- NEW! Added support for new ZeroAccess variant (RTL)
- NEW! Added AutoRun value support in PE mode
- Fixed bug for rebooting query
- Fixed bug in file/folder deletion
- Removed unauthorized characters in report
- Updated links

V8.6.4 29/07/2013
=================
- Fixed display bugs
- Added tab icons
- NEW! One scan can allow user to trigger each option once (Delete, HostsFix, DNSFix, ProxyFix)
- Fixed bug in DLL module
- Modified Honey display in report
- Fixed bugs in PeParser
- Fixed bug in file parser
- Added detections
- Database queries switched to UNICODE

V8.6.3 17/07/2013
=================
- Added detections
- Fixed bugs
- Added crash feedback link into crash window

V8.6.2 02/07/2013
=================
- Modified links
- Fixed bugs
- Added Turkish translation
- Added switches -autoscan, -autoaccepteula, -autoquit and -autodelete for automation of the flow
- NEW! Minidump writting for DEBUG version (in cas of crash)

V8.6.1 17/06/2013
=================
- Fixed bugs
- Improved filename parsing

V8.6.0 14/06/2013
=================
- Changelog in English
- Rewrited whole engine
- NEW! Added icons in lists
- NEW! Added colors for Hosts lines detection
- Report: Splitted in object coherency (Tasks, Startup folders, registry)
- NEW! Honey module (previous PE module rewriten from scratch)
- NEW! .ini file for configuration storing
- NEW! Firefox malware detection module
- Added signatures
- Added ZeroAccess infection => Windows Defender repair
- Added disclaimer on Shortcut fix option
- Added hosts malicious lines identification in report
- Translations updated
- Added drivers to the patched files list to check
- Added service repair option (Tools/Repair services)
- Added Aho-Corasick algorithm for fast signature matching. Improved signature finding speed.
- NEW! Opera module - Added Proxy configuration

V8.5.4 18/03/2013
=================
- D?tection de lignes malicieuses Hosts file
- Ajout de signatures

V8.5.3 13/03/2013
=================
- Correction de bugs
- Ajout de signatures

V8.5.2 23/02/2013
=================
- D?placement des signatures MBR dans la base de donn?es
- Correction de bugs

V8.5.1 12/02/2013
=================
- MAJ d?tection Necurs.A
- MAJ base de donn?es
- Correction d'un bug dans le module database

V8.5.0 08/02/2013
=================
- Meilleure prise en charge de ZeroAccess
V8.4.4 01/02/2013
=================
- Langue Italien
- Langue Polonais
- Langue Cor?en
- Module PE: Correction de bugs
- Module Reg: correction d'un bug
- Detection ZeroAccess - Am?liorations

V8.4.3 08/01/2013
=================
- Langue Russe
- Module PE: Ajout des dossiers de d?marrage
- Module PE: Am?liorations diverses
V8.4.2 31/12/2012
=================
- Am?lioration du module PE

V8.4.1 23/12/2012
=================
- Correction d'un bug dans le module PE
- Correction d'un bug dans le module Files
- Correction d'un bug dans le module Hive
- Langue Spanish
- Dell MBR

V8.4.0 11/12/2012
=================
- Optimisations de code pour passage en x64
- Version x64 disponible
- correction d'un bug dans le module Tasks
- correction d'un bug dans le module Hooks
V8.3.2 07/12/2012
=================
- correction d'un bug dans le module startup
- correction d'un bug dans le module patched
- Correction d'un bug dans le module ntreg
- Possibilit? de d?senregistrer un service (ntreg) si impossibilit? de supprimer en mode RAW
- Prise en charge du MBR Fix pour TDL4 (Thanks XdeadCode)
- d?tection Root.MBR Alipop
- D?tection Root.MBR Mebroot
- D?tection Root.MBR Plite

V8.3.1 20/11/2012
=================
- R?organisation du traitement

V8.3.0 17/11/2012
=================
- Migration de la base de donn?es
- Correction de bugs
- Bouton facebook
V8.2.3 07/11/2012
=================
- Preparation ? SQLite
- Optimisation module parsing
- Correction d'un bug de d?tection du chemin process x64
- WL dll
HPStatusBL.dll
- Correction d'un bug dans le module Crypt
- WL
Screenpresso.exe
V8.2.2 03/11/2012
=================
- Window BL
Micorsoft Essential Security Pro 2013
Windows 8 Defender 2013
- BL
MESP.exe
- Ajout d'une whitelist par chemin
- Corection d'un bug dans le module blacklist
- Modification du lien FR tutoriel
- Traduction N?erlandais
- Ajout de la date et du mode dans le nom du rapport
- Executable pack? UPX
- driver WL
sbhips.sys */ SunBelt */
d347bus.sys /* Daemon tools*/
- WL
Windir/VPro500.exe
windir/*np325.exe
- BL particular
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\@
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\U
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\n
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\L
V8.2.1 29/10/2012
=================
- DNS WL
24.222.0.95
- Driver WL
avgtpx86.sys /*AVG*/
regguard.sys /*RegRun*/
- Whitelist
cdloader2.exe
magicJack.exe
AmazonCloudDrive.exe
V0220Mon.exe
msnotif.exe
LGMLauncher.exe
Communicator.exe
- Correction d'un bug dans le module debug
- Modifications du module d'importance
- Adaptation du driver pour Windows 8
- R?cup?ration des noms d'API SSDT en userland (compatibilit? Win8)

V8.2.0 22/10/2012
=================
- Truesight v0.7
- Fix langue German
- Divers corrections de bugs
- Whitelist
sys32/pcalua.exe
LogMeInSystray.exe
Dashlane.exe
- DNS Whitelist
86.64.145.14*
129.250.35.251
- Driver WL
SbFw.sys /*GFI Software*/
- Window BL
File Restore (FakeHDD)

V8.1.1 01/10/2012
=================
- Traduction Chinois traditionnel
- correction de bugs mineurs
- ajout de couleurs sur les listviews pour diff?rencier les type de d?tection
- correction d'un bug dans le module Blacklist
- Window BL
XP Defender 2013
Vista Defender 2013
Win 7 Defender 2013

V8.1.0 28/09/2012
=================
- Support du changement de langue au runtime
- correction d'un bug dans le module processes
- ajout d'un bouchon MBR (pour les tests)
- ajout d'un lien "website" dans l'ent?te du rapport
V8.0.5 23/09/2012
=================
- gestion des switchs de lancement
- ajout du switch "-nodriver" qui emp?che le chargement du driver
- ajout du switch "-nokill" qui emp?che le kill de processus (certains processus provoquent un BSOD au kill, il vaut mieux attaquer leur cl? de registre)
- ajout d'une cat?gorie "Extern Hive" dans le rapport => Listing des ruches externes trouv?es
- correction d'un bug dans le module Extern hives
- correction de bugs

V8.0.4 19/09/2012
=================
- Encryption des fichiers en quarantaine (Utiliser Cryptonic avec la cl? "RogueKiller" pour d?chiffrer)
- optimisation du module WEB
- Ajout de la suppression hors API lorsqu'une cl? est prot?g?e
- Correction d'un bug dans le module HiveReader
- Suppression de la v?rification des cl?s LEGACY (pas utilis?)
- Dll whitelist
adawarebp.dll
SkyDriveShell.dll

V8.0.3 13/09/2012
=================
- Correction d'un bug dans le module HiveReader
- Correction d'un bug dans le module Registry
- Correction d'un bug dans le module File ASSO
- Correction d'un bug dans le module Proxy FF
- Prise en charge des rootkits maxSST (fix d?sactiv? car non test?)
- Deactivation of "Patched" module (not really used, to many false positives)
- Whitelist DLL
tv_w32.dll
- Whitelist
%Windir%/HelpPane.exe
TeamViewer.exe
tv_w32.exe
TeamViewer_Desktop.exe
ibsvc.exe

V8.0.2 31/08/2012
=================
- Fichiers particuliers
\\RECYCLER\\[ANYFOLDER]\\$********************************\\n
\\RECYCLER\\[ANYFOLDER]\\$********************************\\@
\\RECYCLER\\[ANYFOLDER]\\$********************************\\L
\\RECYCLER\\[ANYFOLDER]\\$********************************\\U
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\n
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\@
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\L
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\U
- Incproc HJ
{fbeb8a05-beee-4442-804e-409d6c4515e9}
{5839fca9-774d-42a1-acda-d6a79037f57f}
- Blacklist
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%.exe

V8.0.1 30/08/2012
=================
- Correction de bugs
- Whitelist
c2c_service.exe
SkyDrive.exe
procexp.exe
- Driver WL
RapportCerberus$ (trusteer)
- Truesight v0.6
Surveillance de DriverEntryIO
- Ajout patterns pour blacklist (GENDARMERIE)
install_0_msi.exe
hleo32.exe
regsrv64.exe
msconfig.dat
hos32.exe
V8.0.0 26/08/2012
=================
- [[Ramaniement de Code]]
- Surveillance de la cl? HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters : DataBasePath (HOSTS)
- Am?liorations diverses
- Ajout d'un cartouche d'information sur l'infection
- Refonte de certaines fenetres
- Whitelist
StatBar.exe
%windir%\^^Service.exe
%sys32%\iac25_32.ax
V7.6.6 10/08/2012
=================
- Recherche de fichiers de remplacement en cas de fichiers patch?s.
- Remplacement des fichiers patch?s en mode SUPPRESSION
V7.6.5 03/08/2012
=================
- Correction d'un bug dans le module peParser (PE x64)
- Ajout signature
ZeroAccess (services.exe x64)
- Windows BL
Live Security Platinum
V7.6.4 17/07/2012
=================
- Ajout d'une blacklist pour valeurs de registre
- BlacklistValue
Update (GENDARMERIE)
- Ajout patterns pour blacklist (GENDARMERIE)
fest0r_ot.exe
Schnarch.exe
- Whitelist DLL
cleanup.dll (MBAM)
- Windows BL
File Recovery

V7.6.3 08/07/2012
=================
- Correction d'un bug dans le module HiveReader (gestion valeurs de registre unicode)
- Ajout patterns pour blacklist (GENDARMERIE)
roper0dun.exe
rasmxs.exe
SCardDlg.exe
TapiSysprep.exe
0_0u_l.exe
glom0_og.exe

V7.6.2 02/07/2012
=================
- Ajout d'un module de kill / relaunch de processus englobant la suppression de fichiers particuliers
(explorer.exe est tu? / r?activ?)
- Correction d'un bug dans la d?tection des fichiers particuliers
- Surveillance de la cl? : HKCR\\CLSID\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InprocServer32 (ZeroAccess)
- Blacklist
sys32 / n
- Part files blacklist
windows\\Installer\\{********-****-****-****-************}\\L
localAppdata\\{********-****-****-****-************}\\L
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\L
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\U
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\@
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\n

V7.6.1 28/06/2012
=================
- R?ctivation du module de recherche de signatures
- Ajout d'un module de v?rification des fichiers syst?mes (ASLR + recherche de signatures)
- V?rification du fichier services.exe
- Ajout signature
ZeroAccess (services.exe)
- Correction de bugs (module Window)
- Ajout patterns pour blacklist (GENDARMERIE)
er_00_0_l.exe
- Correction de bugs

V7.6.0 26/06/2012
=================
- Ajout d'un contract utilisateur (EULA)
- Modification du module Particular files pour prise en compte des raisons de suppression + comparaison par masque
- Part files blacklist
windows\\Installer\\{********-****-****-****-************}\\n
windows\\Installer\\{********-****-****-****-************}\\@
windows\\Installer\\{********-****-****-****-************}\\U
localAppdata\\{********-****-****-****-************}\\n
localAppdata"\\{********-****-****-****-************}\\@
windows\\Assembly\\GAC\\Desktop.ini
windows\\Assembly\\GAC_32\\Desktop.ini
windows\\Assembly\\GAC_64\\Desktop.ini
- Drivers WL
avgidsshimx.sys (AVG)

V7.5.4 07/06/2012
=================
- Surveillance de la cl? : HKCR\\CLSID\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InprocServer32 (ZeroAccess)
- Ajout programdata dans chemins sensibles
- Ajout patterns pour blacklist (GENDARMERIE)
pkg0u.exe
pkg_0ll.exe
WinzipArchiver.exe
TarArchiver.exe
Smoerrebroe.exe
tpl_0_c.exe
RarArchiverWin.exe
V7.5.3 05/06/2012
=================
- Am?lioration de l'interface
- Revue des traductions
- Mise ? jour de la detection ZeroAccess (Sirefef)
- Ajout patterns pour blacklist (GENDARMERIE)
krussel3.exe
AMD_cpx.exe
Apple_Store.exe
cs8v0k.exe

V7.5.2 30/05/2012
=================
- Correction d'un bug faisant apparaitre une popup
- Am?lioration du module de redirection des chemins
- Whitelist
SpotifyWebHelper
%windows%/ALCMTR.exe
- Ajout patterns pour blacklist (GENDARMERIE)
ArchiverforWin.exe
game_client.exe
WinArchiver.exe

V7.5.1 28/05/2012
=================
- Am?lioration du module de comparaison par masque
- Surveillance de HKLM\\SYSTEM\\ControlSet001\\Control\\SafeBoot : AlternateShell
- Surveillance du registre x64 pour la cl? SHELL
- Ajout patterns pour blacklist (GENDARMERIE)
k8h0pp.exe
temp##.exe
ServiceVBOX.exe
%sys32%/%%%%%%%%%%%%%%%%%%%%.exe

V7.5.0 24/05/2012
=================
- Ajout de la possibilit? d'utiliser RogueKiller sous environnement PE.
- Possibilit? de scanner les ruches windows en branchement externe du DD.
- Correction d'un bug dans ntreg
- Ajout bureau dans suspect paths
- Ajout patterns pour blacklist (GENDARMERIE)
k8h00.exe
VboxServs.exe

V7.4.5 18/05/2012
=================
- Int?gration librairie ntreg
- Ajout patterns pour blacklist (GENDARMERIE)
ch8l0.exe
p0j99p.exe
spoolsrv.exe
FSnapshot_x86.exe
BSI.bund.exe
GboxService.exe
InfoServices_a.exe
ksprskylabs1.exe

V7.4.4 08/05/2012
=================
- D?tection de Xpaj (bootkit)
- Ajout de patterns de d?tection GENDARMERIE
ms.exe
#{1}.#{12+}.exe
wpbt#{1}.dl{2}
hnszs#{1}.exe
ms*****.bat
ram_reserver64.exe
itunes_service#{2}.exe
syncservicex86.exe
EPUhelpers.exe
DNS_Servicex86.exe
kitre#{1}.exe

V7.4.3 04/05/2012
=================
- Mise en place des patterns pour d?tection des processus, cl?s RUN, SHELL, Startup
- Correction d'un bug dans le module HiveReader
- Optimisations de code
- TrueSight : Securisation du code

V7.4.2 03/05/2012
=================
- Correction d'un bug dans le module HiveReader

V7.4.1 02/05/2012
=================
- Whitelist
E_FATIHJL.EXE
- Ajout du pattern GEMA
- Ajout du pattern GENDARMERIE
- Correction d'un bug dans le module readMBR
- Correction d'un bug dans le module SSDT

V7.4.0 01/05/2012
=================
- Correction d'un bug dans le module debug
- Ajout du module ExceptionHandler => gestion automatique des plantages (en partie).
Quand un crash survient, une fen?tre s'ouvre et propose ? l'utilisateur de l'envoyer automatiquement.
- Window BL
Data Recovery (FakeHDD)
- Support des langues:
Allemand

V7.3.4 27/04/2012
=================
- Ajout du module SigCheck, permettant la recherche de signatures dans les fichiers binaires.
=> Recherche de signatures dans les processus
- Correction d'un bug dans le module readMBR (r?organisation de la priorit? des signatures)
- Correctifs dans les resources de langue.

V7.3.3 22/04/2012
=================
- Prise en compte de la valeur Start_TrackProgs (Programmes r?cents menu d?marrer)
- Correction d'un bug dans le module HiveReader
- Modification des ACLs avant v?rification des cl? RUN (bug virus Gendarmerie)
- Support des langues:
Grec
Portugais

V7.3.2 20/03/2012
=================
- [13/04/2012] Correction de bugs
- [03/04/2012] Window BL
SMART HDD
- [23/03/2012] Ajout lien vers Security Shield (blog)
- [22/03/2012] Module Debug - Second ajout
- [22/03/2012] Module statistique => Activation de plusieurs langages.
- [21/03/2012] Ajout progressBar (permet de savoir si un scan est en cours)
- [21/03/2012] Activation des styles visual
- [21/03/2012] Module Debug - Premier ajout
- [21/03/2012] Correction d'un bug
- [21/03/2012] Window Blacklist
System Shield
Security Shield
- Correction d'un bug dans le module startup
- Ajout de la surveillance du dossier "Common Startup"
- TrueSight v0.5 : Optimisations de code
- MAJ langue Czech / Slovak
- Ajout checkbox "AntiRootkit" qui d?sactive les fonctionnalit?s du module TrueSight

V7.3.1 10/03/2012
=================
- Correction d'un bug dans le module faked
- Ajout d'une checkbox pour d?sactiver le module faked (le scan prend du temps)
- Whitelist
Skype.exe
FixCamera.exe
firefox.exe
plugin-container.exe
- Driver WL
Crypto.sys /*SafeNet*/
mfehidk.sys /*McAfee*/
wpsdrvnt.sys /*Symantec*/

V7.3.0 08/03/2012
=================
- TrueSight v0.4
- Possibilit? de fixer les hooks inline.
- TrueSight : D?tection des hooks IRP (Major et Inline) sur un driver donn? -> Atapi.sys
- Possibilit? de fixer les hooks IRP inline (peut g?n?rer un BSOD dans certains cas, cette fonction reste ? am?liorer. A utiliser uniquement en dernier recours).
- Ajout d'un messagebox demandant confirmation si aucune suppression n'a ?t? effectu?e
- TrueSight : Bypass des fonctions du driver pour Windows 8 (pas compatible pour le moment)
- TrueSight : Optimisations de code
- Detection de Windows 8
- Correction d'un bug dans le module HiveReader (valeur / cl?s avec accents)
- Ajout d'un module de d?tection des fichiers FAKED (exp?rimental)
-> Appliqu? sur sys32/drivers
- Correction d'un bug dans le module SHELL
- Correction d'un bug dans le module STARTUP
- Correction d'un bug dans le module WEB
- Module Startup : Possibilit? de voir les dossiers de toutes les sessions (au lieu de la courante)
- Surveillance de la cl? HKCU\...\Advanced : Start_ShowRun

V7.2.1 29/02/2012
=================
- TrueSight v0.3
- Detection des hooks inline (fonctions SSDT seulement)
- Correction d'un bug dans le module HiveReader
- Driver WL
avipbb.sys /*Avira*/
avkmgr.sys /*Avira*/
- Window BL
Smart Fortress 2012
Windows Shield Tool
Windows PRO Scanner
Windows Basic Antivirus
Windows Stability Guard
Windows Firewall Constructor
V7.2.0 27/02/2012
=================
- Ajout d'une option FixMBR dans l'onglet MBR. Cette option devient disponible si une infection MBR est trouv?e.
- Possibilit? de fixer le bootstrap MBR avec un MBR standard (XP, Vista ,Seven)
- Ajout d'un module de lecture directe des ruches => d?tection cl?s / valeurs cach?es de l'API
- d?tection MBR Toshiba
- d?tection MBR Lenovo
- d?tection MBR Standard
- d?tection MBR KIWI Image system
- Whitelist
Spotify.exe
jusched.exe (global)
- Window BL
Windows Functionality Checker
Windows Smart Warden
Home Malware Cleaner
Windows Smart Partner
Antivirus Protection
Windows Telemetry Center
Windows Perfomance Catalyst
Strong Malware Defender
V7.1.0 15/02/2012
=================
- Passage du code en logique UNICODE (au lieu de ANSI)
- Correction de bugs
- Ajout du support des langues:
Czech
Slovak
- Mise ? jour des d?tections MBR whistler/sinowal
- d?tection MBR myBIOS
- D?tection des MBR flood?s par NOP
- Blacklist window
Security Scanner
Internet Security
Internet Security 2012
- Rogue ProgFile
\\PCSpeed Service\\
\\everyclear\\
- Blacklist
gema.exe
V7.0.4 08/02/2012
=================
- Ajout d'une checkbox pour d?sactiver le scan MBR (choix utilisateur)
- Correction d'un bug d'affichage faisant disparaitre les boutons dans certaines basses r?solutions d'?cran

V7.0.3 06/02/2012
=================
- Modification du module LL2 => moins d'erreur d'acc?s, notemment sur les OS x64
- Correction d'un bug dans le workflow des modes secondaires
- Blacklist
InetAccelerator.exe (Gendarmerie2)
V7.0.2 30/01/2012
=================
- Correction de bugs d'affichages (retours ? la ligne en trop) dans l'?dition du rapport
- Correction dans le module MBR => taille des partitions actualis? (1ko = 1024 octets)
- Whitelist
adawarebp.exe
DropBox.exe
- Rogue ProgFiles
\\BoanCatch\\
\\pcupgrade\\
\\best-pc\\
\\PCMaster Antispyware\\
\\InfoSeven\\
\\comdoumi\\
- Ajout pattern Rogue.ViusDoctor, Rogue.Zaxar
- Window BL
Antivirus Smart Protection
Malware Protection Center

V7.0.1 28/01/2012
=================
- Correction d'un bug dans le module MBR => Type de partitions actualis?s
- Correction d'un bug dans le module MBR => Calcul des tailles de partition actualis?
- Passage ? 5 PhysicalDrive Max
- Ajout du nom des disques physiques

V7.0.0 26/01/2012
=================
- Passage en mode GUI

V6.2.4 12/01/2012
=================
[24/01/2012] - Ajout de cl?s Advance: Start_ShowMyDocs Start_ShowRecentDocs Start_ShowUser
Start_ShowMyPics Start_ShowMyGames Start_ShowMyMusic Start_ShowControlPanel Start_ShowDownloads
Start_ShowVideos Start_ShowHelp Start_ShowPrinters Start_ShowSetProgramAccessAndDefaults
[23/01/2012] - Correction d'un bug dans le module MBR
[23/01/2012] - Correction d'un bug dans le module TASKS
[23/01/2012] - Window BL : Smart Protection 2012
[16/01/2012] - Prise en charge des dlls lanc?es depuis un raccourci startup (virus Gendarmerie)
[16/01/2012] - Correction d'un bug dans le module checkPath
- Ajout HKEY_USERS\\Software\\Classes\\pezfile\\shell\\open\\command
- Ajout HKEY_USERS\\Software\\Classes\\.exe\\shell\\open\\command
- Ajout HKEY_USERS\\Software\\Classes\\exefile\\shell\\open\\command
- Correction d'un bug dans le module de sauvegarde REG
- Ajout de l'option a : WhyIGotInfected? => ouverture de la page de WIGI
- Ouverture de liens vers les manips du blogspot en fonction de l'infection detect?e (ZeroAccess, FakeRean)

V6.2.3 09/01/2012
=================
- Whitelist
smad.exe
- Whitelist Dll
BatInfEx.dll
BatLogEx.dll
- Driver Whitelist
hookcentre.sys /*Gdata*/
- Window Blacklist
System Check
- Rogue ProgFiles
\\InfoSafe\\
\\CleanerCom\\
\\MicroVaccine\\
\\PC-Spider\\
\\CYAK\\
\\PcVirusDoctor\\
\\VDoctor Professional\\
\\CheckSpeed\\
V6.2.2 31/12/2011
=================
- Detection MBR Code TestDisk
- Detection MBR Code HP tatou?
- Detection MBR Code Whistler
- Distinction entre Vista / 7 MBR Code
- Detection MBR Code Linux
- Correction d'un bug dans le module de backup REG

V6.2.1 28/12/2011
=================
- Detection MBR codes XP et Vista/7
- Detection MBR codes MaxSS / TDL4 / PiHar
- Modification du module MBR (prise en compte de plusieurs PhysicalDrive)
- Whitelist DLL
%sys32%/LogiLDA.dll
panda_url_filtering.dll
nsMouselib.dll
msconf.dll
- Whitelist
B2CNotiAgent.exe
HpSAUpgrade.exe
HPSFUpdater.exe
panda_url_filtering.exe
MpSigStub.exe
dplaysvr.exe
realplayerent_config.exe
- rogue ProgFiles
\\info-manager\\
- Window BL
Security Monitor
V6.2.0 12/12/2011
=================
- Ajout d'un module de d?tection des screensavers : HKEY_CURRENT_USER\\Control Panel\\Desktop : SCRNSAVE.EXE
- Mise ? jour du pattern ZeroAccess (d?tection du FS $NtUninstallKB / consrv.dll)
- Ajout de mot-cl?s d'importance dans les rapports (redirection des logs au niveau du serveur PHP)
- Ajout du pattern statistique Root.MBR
- Ajout check du MBR (LL2) + activation du module
- Dump des MBR trouv?s dans la quarantaine
- Modification de la fin du script => possibilit? de garder le notepad ouvert
- Correction de bugs
- Rogue ProgFiles
\\datasave\\
\\sweeperlab\\
\\virussecurity\\
\\ProtectCop\\
\\HomeBoan\\
\\SmartSafer\\
- Whitelist
pccntupd.exe
pull.exe
RapportService.exe
HWDeviceService.exe
windir\v0330mon.exe
- Driver Whitelist
uphcleanhlp.sys /*WinXP (?)*/
FireTDI.sys /*Mac Afee*/
fslx.sys /*Symantec*/
savonaccesscontrol.sys /*Sophos*/
ShldDrv.sys /*Panda*/
bdrsDrv.sys /*BitDefender*/
- WhitelistDLL
rooksbas.dll
- Blacklist
%sys32/sysrunc.exe

V6.1.12 02/12/2011
=================
- Ajout check du MBR (User / LL1) --> d?sactiv? pour tests
- Ajout pattern Rogue.AntiSpy-AH
- Window Blacklist
XP Antispyware 2012
XP Antivirus 2012
XP Security 2012
XP Antispyware 2012
XP Home Security 2012
XP Internet Security 2012
Vista Antispyware 2012
Vista Antivirus 2012
Vista Security 2012
Vista Home Security 2012
Vista Internet Security 2012
Win 7 Antispyware 2012
Win 7 Antivirus 2012
Win 7 Security 2012
Win 7 Home Security 2012
Win 7 Internet Security 2012

V6.1.11 30/11/2011
=================
- Ajout d'un module de chargement direct du driver (plus efficace)
- d?sactivation du module "LOCKED"
- Window Blacklist
BlueFlare Antivirus
Wolfram Antivirus
OpenCloud Security
Malware Protection
Spyware Protection
Cloud Protection
Guard Online
AV Guard Online
Cloud AV 2012
- Rogue ProgFiles
\\NDoctorCom\\
\\perfectcare\\
\\privacyup\\
\\PowerPC\\
\\CleanCatch\\
- blacklist
Cloud AV 2012v121.exe

V6.1.10 18/11/2011
=================
- Ajout d'un module de r?cup?ration des donn?es des pr?c?dents scans (PREVRUN)
- Rogue ProgFiles
sweeperlab
VirusSecurity
- Blacklist
AV Protection 2011v121.exe
- Window Blacklist
AV Protection 2011
V6.1.9 16/11/2011
=================
- Ajout d'un module de v?rification des fen?tres windows ouvertes
- Ajout d'un module de r?sidu des process (pour registre)
- Correction de bugs
- Window Blacklist
System Fix
Privacy Protection
AV Security 2012
System Restore
System Security 2011
AV Protection Online
Security Sphere 2012
- Driver WL
pxrts.sys /*PrevX real time scanner*/
guard.sys /*AVG 7*/
- Whitelist
%windows%\wanmpsvc.exe
%windows%\*snpstd$
%windows%\sttray.exe
%windows\lclock.exe
%windows\ATKKBService.exe
MessageCheck.exe
%windows\UpdReg.EXE
uUACTokenSvc.exe
GameXNGO.exe
- Whitelist DLL
LC.dll
npSkypeChromePlugin.dll
- Whitelist DNS
4.2.2.$

 

[Stello72]

V6.1.8 14/11/2011
=================
- Ajout Pattern: PrivacyProtection
- Correction de bugs
- Ajout cl? : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced : Start_ShowMyComputer
- Ajout cl? : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced : Start_ShowSearch
- Whitelist
netsession_win.exe
SetWallpaper.cmd
TUAutoReactivator32.exe
%windows%\VM_STI.EXE
%windows%\ZSSnp211.EXE
%windows%\Domino.EXE
FacebookUpdate.exe
googletalkplugin.exe
%windows%\SiSUSBrg.exe
lsnfier.exe
%windows%\Imgtask.exe
mediaget.exe
%windows%\AutoKMS.exe
%windows%\mixer.exe
- Driver WL
SandBox.sys /*Sandboxy*/
RapportPG.sys /*Trusteer (Report)*/
sbaphd.sys /*Sunbelt*/
PavProc.sys /*Panda antivirus*/
PavSRK.sys /*Panda antivirus*/
- Dll WL
KeyboardOnlineTray.dll
mcdvd_32.dll
- Blacklist
AV Security 2012v121.exe

V6.1.7 05/11/2011
=================
- Am?lioration du module statistique (Patterns ZeroAccess, Fake HDD, Rogue ProgFiles)
- Correction de bugs
- Ajout d'un module de gestion de la reflection du registre (x64)
- am?lioration du backup en .reg (prend en charge les cl?s au lieu des valeurs seulement)
- Rogue ProgFile
\\PatchUp_Plus\\
\\NVirusKorea\\
\\ProtectCode\\
\\CoreScan\\
\\AntiAvoid\\
\\IPRIVACY\\
\\ProtectKeep\\
\\AnyCop\\
\\windowpc\\
- Whitelist
arservice.exe
supprim? kmservice.exe (crack pour Office 2010)
- Whitelist DLL
IadHide5.dll

V6.1.6 01/11/2011
=================
- Ajout d'un module statistique (connexion base de donn?e SLT)
- DNS whitelist:
8.8.4.$
- Correction de bugs
- Whitelist :
windows\BCMSMMSG.exe
windows\*snp2***.exe
windows\stsystra.exe
windows\qmc.exe
windows\cthelper.exe
windows\ALCXMNTR.EXE
sys32\ANIWConnService.exe
sys32\PSDrvCheck.exe
rnupgagent.exe
googletalk.exe
E_FATICDL.EXE
- Drivers WL:
OADriver.sys /*Online armor*/
sp_rsdrv2.sys /*Spyware terminator*/
cmdguard.sys /*Comodo IS*/
SYMEVENT.SYS /*Symantec*/
SASKUTIL.SYS /*SUPER Antispyware*/
PSINProc.sys /*Panda Security*/
- Whitelist DLL
migrate.dll
OIExt.dll
BthAuthenticationTime.dll
NativeHelpNotifier.dll

V6.1.5 29/10/2011
=================
- Ajout d'un module de v?rification en ligne du num?ro de versio
- Ajout d'un module d'envoi automatique des rapports ? l'adresse du d?veloppeur (pour am?lioration de l'outil)
- Drivers WL:
fshs.sys /*F-Secure Orange AV*/
- Rogue ProgFiles
\\boankorea\\
\\FastScan\\
V6.1.4 22/10/2011
=================
- Rogue ProgFiles
\\VirusScan\\
\\pcspeedup\\
- Drivers WL:
ehdrv.sys /*ESET Helper Driver*/
- Whitelist
AVGIDSMonitor.exe
- Ajustement de la d?tection dans le module RANDOMNAME

V6.1.3 14/10/2011
=================
- TrueSight v0.2
- Correction de bugs
- R?arrangement du code
- Ajout backup des suppressions registre en .reg
- Ajout d'un module de d?tection des noms al?atoires
- Blacklist
sys32\lvvm.exe
crss.exe (Cloud Protection)
- Rogue ProgFiles
\\realcleaner\\
V6.1.2 07/10/2011
=================
- Drivers WL:
PCTCore.sys /*PCTools*/
bdselfpr.sys /*Bitdefender*/
- Kill des processus v?rouill?s
- WellKnown processes
audiodg.exe
- Rogue ProgFiles
\\vaccinecom\\
\\PCPlusSecurity\\
- WellKnown WL
sys32\ctfmon.exe
sys32\lsm.exe
sys32\SearchIndexer.exe
sys32\sppsvc.exe
sys32\SearchProtocolHost.exe
sys32\SearchFilterHost.exe
sys32\mctadmin.exe
sys32\dllhost.exe
sys32\alg.exe
sys32\wscntfy.exe
sys32\notepad.exe
sys32\wuauclt.exe
sys32\userinit.exe
sys32\msdtc.exe
windows\agrsmmsg.exe
- Whitelist dll
nvsysrot.dll

V6.X.X XX/XX/XXXX (Version repous?e)
=================
- Module de suppression de cl?s (recursif) par appel direct
- chargement du driver en mode BOOT antagoniste si bloqu?
- Detection de cl?s de registres cach?es du SCM
- Ajout chemin sensible %sysroot% pour processus
- Ajout d'un module de detection des noms long -processus et cl?s- (Guard Online / OpenCloud / ...)

V6.1.1 28/09/2011
=================
- Correction d'un bug dans le chargement / d?chargement du driver
- Supprim? messages debug
- TrueSight v0.1
- Ajout driver Whitelist avec masque
- Ajout blacklistPath dans recherche des services
- Drivers WL:
unknown /*Unknown*/
vsdatant.sys /*ZoneAlarm*/
procguard.sys /*ProcGuard*/
aswSP.sys /*Avast*/
aswSnx.sys /*Avast*/
PCTAppEvent.sys /*PCToolsFirewallPlus*/
sp**.sys /*Daemon tools*/
AVGIDSShim.Sys /*AVG*/
- Rogues progFiles
\\HelpPrivacy\\
\\InfoBoan\\
\\windowsliveprotect\\
\\DrBoan\\
\\Privacyi\\
\\Micropop\\
- Service Blacklist
MPopService

V6.1.0 22/09/2011
=================
- R?cup?ration des vrais adresses de la SSDT
- Ajout option 7 (restauration de la SSDT par index) : OPTION CACHEE car dangereuse. A utiliser sur demande d'un helper
- module TrueSight : Restauration SSDT
- module TrueSight : Kill par appel direct aux APIs NT (DrvNtTerminate)

V6.0.0 21/09/2011
=================
- Ajout d'un driver embarqu? dans les ressources
- Chargement du driver TrueSight (x86 seulement)
- Recherche des Hooks SSDT
- Recherche des Hooks Shadow SSDT

V5.3.5 21/09/2011
=================
- WhitelistDLL
LVPrcInj01.dll
- Whitelist
kmservice.exe
- Rogues ProgFiles
\\BoanCop\\
\\cleancert\\
\\VIHunter\\

V5.3.4 30/08/2011
=================
- Correction d'un bug dans la detection de la whitelist (masque)
- Ajout module de restauration des icones du bureau (SHELL)
- Ajout module de restauration de la barre des t?ches (SHELL)
- Ajout d'un mutex pour emp?cher le lancement de plusieurs instances
- Rogues ProgFiles
\\PrivacyBoho\\
\\SafePrivacy\\
\\BoanClear\\
- Whitelist
BR040286.exe

V5.3.3 18/08/2011
=================
- Ajout d'un module de d?tection de fichiers / dossiers particuliers
- Blacklist Particular:
%Appdata%\Adobe\shed
%Appdata%\Adobe\plugs
- Dll Whitelist
rpchrome$
MSVC^71.dll
- Rogue ProgFile
\\errordoctor\\
- GUID
{19090308-636D-4E9B-A1CE-A647B6F794BF} //Wolfram antivirus

V5.3.2 18/08/2011
=================
- Meilleure prise en charge du x64
--> Ajout des variables d'env SysWow64 / Program Files (x86)
--> Ajout de la restauration de Program Files (x86) dans le mode 6
- Optimisation de code
- WellKnownProcess:
varEnv.syswow64\\svchost.exe
- Whitelist:
nclaunch.exe

V5.3.1 06/08/2011
=================
- Ajout d'un module de surveillance des cl?s manquantes
- Ajout des cl?s manquantes:
HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command" => default : "%1" %*
- Rogue ProgFile:
\\PrivacyCode\\
\\InfoGuard\\
\\DefenseVirus\\
\\PatchUp_Plus\\
- Whitelist dll:
btmshell.dll
mkil.dll
V5.3.0 01/08/2011
=================
- Detection des d?tournements des noms syst?me
- Le programme est maintenant capable de tuer un process de 6 mani?res diff?rentes
Cel? permet de contourner les protections de pas mal de malwares
- Service Blacklist:
wxpdrivers
srvsysdriver32
srvbtcclient
srviecheck
- Rogue progFiles
\\MacroVirus\\
\\DualVaccine\\
\\CodeScan\\

V5.2.9 31/07/2011
=================
- Service Blacklist:
Windows_Update
- Dll Whitelist
MSVCP71.dll
- Whitelist
alcwzrd.exe
PLFset^.exe

V5.2.8 23/07/2011
=================
- Ajout v?rification des .exe dans dossier d?marrage
- Dll Whitelist
Dropbox$
PLFSet.dll
-Whitelist
vsnp2uvc.exe
- Rogue progFiles
\\Clear2PC\\
\\PCMedic\\
\\boanking\\
- ajout BlackList
<user>\startupFolder\csrss.exe

V5.2.7 30/06/2011
=================
- Correction de bugs (RegCloseKey)
- Correction de bugs provoquant un ?cran noir apr?s passge de OTL (au reboot)

V5.2.6 23/06/2011
=================
- Ajout de la surveillance de la ligne:
HKEY_CLASSES_ROOT\.exe => default

V5.2.5 23/06/2011
=================
Correction de bugs majeurs faisant planter l'appli

V5.2.4 22/06/2011
=================
Rogue ProgFiles:
-\\privacyalpha\\
-\\basicprivacy\\
-\\MicroPC\\
-Whitelist
Bginfo.exe
PLFsetL.exe
- Ajout suppression ACL pour les cl?s Shell

V5.2.3 16/06/2011
=================
- Blacklist
%ProgramFiles%\csrss.exe
%ProgramFiles\conhost.exe
- Service blacklist
QTUpdate
- Rogue ProgFiles
-\\Milestone Antivirus\\

V5.2.2 05/06/2011
=================
- Ajout d'infos sur les lecteurs pour le mode 6
- Correction de bugs faisant planter les modes 6/1/2

V5.2.1 02/06/2011
=================
- Correction de bugs faisant planter le module Task Scheduler 2.0
- Raports sur le bureau quelque soit le repertoire de lancement de l'application

V5.2.0 01/06/2011
=================
- Blacklist service
cdfss
wcscd
- Prise en charge des cl?s
Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats
- V?rification et kill des DLL malicieuses charg?es sous explorer.exe
- Ajout du kill des dll explorer.exe dans les r?sidues
- Ajout d'un module d'exploration des GUID (Si un GUID est connu, on retrouve le chemin de la DLL malicieuse
et on l'ajoute ? la BlackList dynamique)
- Prise en charge du dossier Common Startup

V5.1.9 29/05/2011
=================
- Rogue ProgFile:
\\vaccineu\\
- Affichage des icones User / Poste de travail / Corbeille sur le bureau
Hijack : WarnOnHTTPSToHTTPRedirect
- Whitelist
soundman.exe
- Blacklist
wuaucldt.exe

V5.1.8 27/05/2011
=================
- Correction de bugs dans le mode 6
- Ajout des librairies dans la mode 6

V5.1.7 26/05/2011
=================
- Correction de bugs dans le mode 6
- Whitelist:
mhotkey.exe
mmkeybd.exe
dit.exe
LxrAutorun.exe
sw2#.exe
Screenpresso.exe

V5.1.6 21/05/2011
=================
- Rogue ProgFile
\\\Error Fix\\
- Whitelist
OEM0#Mon.exe
vVx#000.exe

V5.1.5 20/05/2011
=================
- Correction d'un bug majeur du mode 6
- Whitelist
RtHDVCpl.exe

V5.1.4 16/05/2011
=================
- Prise en charge de la sauvegarde effectu?e par Windows Recovery (Option 6)
- Whitelist:
RtHDVCpl.exe
googlecrashhandler.exe
megakeyupdater.exe
zHotkey.exe
ASScrProlog.exe
ASScrPro.exe

V5.1.3 13/05/2011
=================
- Ajout de chemins dans les repertoires sensibles:
%SystemDrive% / Windows
%System Drive% / Documents and settings / <user>
- Policy:
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer -> NoDesktop
- Rogues PF:
\\Ifkpr\\
\\AntiDefend\\
- WhiteList:
vVX1000.exe
regedit.exe


V5.1.2 13/05/2011
=================
- Correction d'un bug dans le module rundll32
- Rogue progFile
\\selfprivacy\\
\\PrivacyKey\\

V5.1.1 05/05/2011
=================
- Correction de bugs faisant planter le module Task Scheduler 2.0
- Correction d'un bug de fausse d?tection dans le module RUNDLL32 (RUN) -> report? dans 4.3.12

V5.1.0 02/05/2011
=================
- Prise en charge du Task Scheduler 2.0 (Vista / Seven)
- Rogue progFile
\\PrivacyView\\

V5.0.0 30/04/2011
=================
- Migration d'IDE

V4.3.12 30/04/2011
==================
- Ajout ACCESS_DENIED dans rapports
- Ajout date p?remption de l'ex?cutable, avec message d'avertissement si > 3 jours
- Whitelist
RockMeltUpdate.exe

V4.3.11 25/04/2011
==================
- Grosses optimisations (Rapidit? du scan x4)
- Whitelist
OctoshapeClient.exe
- Rogue progFile
\\PC2Safe\\

V4.3.10 24/04/2011
=================
- Rogue progFile
\\Boan119\\
\\VaccineCore\\
\\Antivirus Clean 2011\\
- Ajout cl? : FIREFOX.EXE\\shell\\safemode\\command
- Ajout whitelist:
ereg.$ (Dragon naturally speaking)
- Correction bug module Shell
- Whitelist DNS:
62.251.229.237
- Blacklist
sys32\\windupdt\\winupdate.exe
- Whitelist:
Rsystems Support.exe
- DllWhitelist:
bthprops.cpl
-WellKnownProcess:
dwm.exe
wininit.exe
V4.3.9 16/04/2011
=================
- DllWhitelist:
"csnp2uvc.dll"
"gcswf32.dll"
"rpchromebrowserrecordhelper.dll"
- Ajout whitelist:
OrangeInside.exe
- Rogue progFile
\\Error Repair Professional\\
- Correction bug module WhitelistDLL
- Ajout de la date de la version
- Ajout d'un mode (0) pour quitter. Le programme se relance automatiquement ? la fin.
Il convient donc de choisir le mode 0 pour fermer le programme

V4.3.8 09/04/2011
=================
- Ajout d'un module de reconnaissance de processes connus (explorer.exe, etc..)
- Optimisations
- Ajout d'un module de reconnaissance des dlls charg?es en 04 sous rundll32
- Rogue progFile
\\HomeClean\\
\\BoanSupport\\
- DllWhitelist:
"oobefldr.dll" "nvsvc.dll" "NvCpl.dll"
"NvMcTray.dll" "nview.dll" "srclient.dll"
"dr25svc.dll" "cmicnfg.dll" "ksrun.dll"
"sbavmon.dll" "dlbttime.dll" "ftutil2.dll"
"nvclock.dll" "nvhotkey.dll" "nvmctray.dll"
"p17.dll" "spirun.dll" "p17rune.dll"
"ptipbmf.dll" "ulutil2.dll" "sispower.dll"
"wf2kcpl.dll" "zsscheduler.dll" "apphelp.dll"
"advpack.dll" "sti_ci.dll" "ASTSVCC.dll"
"LXBUtime.dll" "p0**0pin.dll"
- Purge rogues ProgFile
- Correction bugs (Language anglais, kill svchost.exe)
- Ajout module de restauration des param?tres du centre de s?curit?
- Ajout whitelist:
clavier.exe

V4.3.7 04/04/2011
=================
- Ajout d'un module de reconnaissance MD5 pour les process, les dll et les cl?s RUN
- MD5 Blacklist:
2eb8bf9d3fad4cb9e26a1ae184a65816 //AntivirusPlus "random.dll"

V4.3.6 29/03/2011
=================
- AJout module Association de fichiers StartMenuInternet (Firefox, IE, Opera)
- Rogue Program files
\\ADSTOP\\
\\SystemDefender\\
- DNS Whitelist
90.0.0.38

V4.3.5 29/03/2011
=================
- Ajout du disque local syst?me dans l'option 6
- Ajout du repertoire CurrentUser dans l'option 6
- Am?lioration de l'algorithme, gain de rapidit? (option 6)
- Ajout des modules de surveillance UAC: "ConsentPromptBehaviorAdmin" , "ConsentPromptBehaviorUser" , "EnableLUA"
- Ajout de module de r?paration du fond d'?cran.
- Rogue Program files
\\vaccinescan\\
- Whitelist DNS
199.243.213.* (Canada)

V4.3.4 26/03/2011
=================
- Ajout des removable devices dans l'option 6, sauf lecteur disquette.
- Ajout des repertoires Ma musique, Mes videos, Mes images
- Correction bug sur la r?cup?ration des chemins Mes videos.

V4.3.3 24/03/2011
=================
- Ajout module de v?rification de l'activation de la restauration syst?me
- Modification du syst?me WL/BL => Ajout de plusieurs chemins possible
- Ajout des disques locaux (Sauf syst?me) pour le mode 6.
- DNS Whitelist
86.64.145.145 (NEUF)
84.103.237.145 (NEUF)
- Whitelist
Dropbox.exe
LBubble Dock.exe

V4.3.2 16/03/2011
=================
- Ajout d'un module pour neutraliser les liens dans les rapports (fichiers Hosts principalement)
- Correction d'un bug g?n?rant des FPs dans le module de services
- Rogue PF
\\ProPrivacy\\
\\antiguard\\
- Whitelist
rockmeltcrashhandler.exe
rockmelt.exe
- WhitelistDNS
195.235.96.90 (DNS Espagnol)
195.235.113.3 (DNS Espagnol)
V4.3.1 14/03/2011
=================
- Ajout d'un module pour la restauration des fichiers pass?s en "cach?" par le rogue Windows diagnostic (option 6)
- Ajout whitelist:
IMVUQualityAgent.exe
- Suppression du checkPath pour les services (trop de FPs)

V4.3.0 10/03/2011
=================
- Refonte des Whitelist/Blacklist, ajout de chemins (permet de dire qu'un fichier est blacklist? sauf dans un certain repertoire, etc...)
- Correction d'un bug causant des probl?mes d'affichage dans le module de langue englais

V4.2.1 09/03/2011
=================
- Correction d'un bug faisant planter le module de langue
- Prise en charge Quarantaine pour les modules RUN/Services/Tasks/Startup Folder/Residus
- Ajout Whitelist:
isuspm.exe (Install Shield Update manager)

V4.2.0 07/03/2011
=================
- Modification du syst?me de rapports:
Les rapports ne s'ajoutent plus au fichier RKreport.txt, mais ? des fichiers distincts ? chaque lancement, nomm? suivant la norme: RKreport[NUMERO].txt
Le r?capitulatif de tous les fichiers disponibles s'affiche ? la fin du rapport.
- Whitelist DNS: 81.253.149.$

V4.1.1 07/03/2011
=================
- Correction d'un bug dans la detection des chemins de fichiers, entra?nant la non d?tection de certaines cl?s de registre avec espaces.
- Ajout rogue program files:
\\ZeroVaccine\\

V4.1.0 04/03/2011
=================
- Correction de bugs
- Ajout d'une traduction Fran?ais/Anglais selon la langue du PC

V4.0.1 28/02/2011
=================
- Correction de bugs (refonte du systeme de parsing des cl?s de registre)
- Ajout de surveillance des cl?s RunOnce, RunServices, RunOnceEx, RunServiceOnce pour toutes les sessions.
Des rogues comme System tool peuvent maintenant ?tre supprim?s depuis une session saine.
- Rogue Program files:
\\pcvaccine\\

V4.0.0 23/02/2011
=================
- Refonte du moteur avec passage du C au C++
- Modification de l'affichage des rapports, plus d'infos.
- Ajout blacklist
sdra64.exe
- Rogue program files
\\specialguard\\

V3.10.3 21/02/2011
==================
- Ajout des modules de surveillance Associations de fichiers:
HKEY_LOCAL_MACHINE\Software\\Classes\\pezfile\\shell\\open\\command
HKEY_LOCAL_MACHINE\Software\\Classes\\.exe\\shell\\open\\command
HKEY_LOCAL_MACHINE\Software\\Classes\\exefile\\shell\\open\\command
HKEY_CURRENT_USER\Software\\Classes\\exefile\\shell\\open\\command
- Ajout blacklist
eksplorasi.exe

V3.10.2 17/02/2011
==================
- Ajout d'une mise en quarantaine pour les process tu?s (pas encore pour les DLL et les r?sidus)
La quarantaine se trouve ? la racine de l'ex?cutable (RK_Quarantine) et comprends:
* Les fichiers au format -> Nom_de_lexe.exe.vir
* un fichier texte (QuarantineReport.txt) comprenant le r?capitulatif par date des suppression, ainsi que les chemins d'origine.
Demander ce rapport en cas de faux positif pour restaurer (? la main) les fichiers d?plac?s par erreur.
- Ajout module HKEY_USERS (cl? Winlogon/Windows) pour surveiller les cl?s Shell et Load des autres sessions du PC
- Ajout surveillance proxy sur HKLM
- Ajout Association fichiers EXE: HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command
- Rogue Program Files
\\McAVG\\
\\AVGT\\

V3.10.1 16/02/2011
==================
- Ajout module HKEY_USERS (cl? RUN) pour surveiller les cl?s RUN d'autres sessions.
- Correction bug CheckPath
- Ajout surveillance du chemin des fichiers Services
- Ajout surveillance cl? ProxyEnable (Module Proxy)
- Rogue Program Files
\\PrivacyHidden\\
\\SafeCare\\

V3.10.0 11/02/2011
==================
- Ajout module de d?tection rootkits (sommaire)
=> BruteForce PIDs + v?rification Blacklist / WhiteList
- Ajout ouverture UAC au lancement (pour mode admin)
- R?organisation DNS Blackist => Comparaison par masque
- Rogues program files
"\\eoRezo\\"
"\\homevaccine\\"
"\\smartscan\\"

V3.9.0 01/02/2011
=================
- Migration des modules Proxy et DNS dans des options distinctes. (options 4 et 5)
- Ajout BlackList:
printer.exe (EasySpywareCleaner)
ctfmona.exe (EasySpywareCleaner)
xpupdate.exe (EasySpywareCleaner)
- Rogue Program Files:
\\EasySpywareCleaner\\
- Correction Bug sur module Shell, qui emp?chait la detection des cl?s "Load"

V3.8.5 31/01/2011
=================
- Ajout module de reconnaissance du mode de d?marrage (Normal, Mode sans ?chec avec / sans prise en charge r?seau)
- Ajout reconnaissance du nom de la session courante
- Ajout DNS WhiteList: "74.118.212.1","74.118.212.2", "192.168.10.1", "15.243.128.51","15.243.160.51", "193.95.75.10","193.95.75.13"
- Rogue Program Files:
\\MyPCCheck\\
- Ajout WhiteList:
autologin.exe

V3.8.4 29/01/2011
=================
- Ajout module de reconnaissance des DNS malicieux
- Ajout WhiteList DNS: http://www.commentcamarche.net/faq/1496-serveurs-dns-des-principaux-fai
- 74.118.212.1,74.118.212.2,192.168.10.1,156.154.70.22,156.154.71.22
- Ajout Whtelist
little transparency.exe
SmpSys.exe
- Changement Icone

V3.8.3 27/01/2011
=================
- Ajout module de d?tection de lancement automatique de raccourcis dans le dossier Startup
(C:\Documents and Settings\<USER>\Menu D?marrer\Programmes\D?marrage)
- Ajout rogues program files:
\\liveboan\\
\\security119\\
\\PrivacyInfo\\
\\MegaVaccine\\
\\WebVaccine\\
\\Smart Security\\

V3.8.2 27/01/2011
=================
- Correction de bugs
- Ajout rogues program files:
\\PC Security 2011\\
\\Best Spyware Scanner\\
\\AVP2009\\
\\RegGenie\\
- Ajout WhiteList
e_s$$**$.exe (Epson Driver)

V3.8.1 20/01/2011
=================
- Modification de code
- Correction de bugs

V3.8.0 19/01/2011
=================
-Ajout module de d?tection des rogues dans program files
-Modif module DLL pour d?tection chemin sensibles/program files
-Ajout blacklist:
avsubengine.exe (VaccineClean)
uninst_$ (Rogue.multiple)
-Ajout rogues program files:
\\VaccineClean\\
\\easyvaccine\\
\\PCoptimizer 2010\\
\\PrivacyRight\\
\\wisevaccine\\
\\privacyguard 2010\\
\\v2accine2010\\
\\NewVC\\
\\ddosclean\\
\\vaccineprogram\\
\\SpyCare\\
\\pcclearplus\\
\\CleanV\\
\\uservaccine\\
\\powercare\\
\\protect_one\\
\\QScan\\
\\ScanZero\\
\\searchguard\\
\\safetyboan\\
\\BestBoan\\
\\DataProtect\\
\\????????????\\
\\adsafer\\
\\AntiProtect\\
\\cleanscan\\
\\New2Clean\\
\\IDBoan\\
\\Scan119\\
\\????????\\
\\Vkiller\\
\\infosecret\\
\\VaccineLab\\
\\RegistryClever\\
\\VaccineData\\
\\infohold\\
\\Internetvaccine\\
\\keycop\\
\\k-security\\
\\eClean3.0\\
\\RealVaccine\\

V3.7.4 13/01/2011
=================
- Modification module HOSTS -> affichage des 20 premi?res lignes seulement
(simplifie la lecture du rapport)
- Modification du module de detection du type d'user
- Ajout whitelist:
Smax4.exe

V3.7.3 09/01/2011
=================
- Modification du module HOSTS (Ajout d'un fixACL et d'un fixAttributes, qui permettent la modif du fichier)
- Correction d'un bug g?n?rant des faux positifs dans le module HijackInitDLL

V3.7.2 08/01/2011
=================
- Ajout module de surveillance des AppInitDLL (chargement de dll au d?marrage de windows dans explorer)
- Renseignement du mode de lancement de l'appli (Admin - NOT Admin)
- Ajout blacklist
SM***.exe
SM****.exe
SM****_$.exe

V3.7.1 07/01/2011
=================
- Correction d'un bug cr?ant des faux positifs dans le module de masque
- Modification du module "inkillable" => meilleurs r?sultats, surtout sous Vista/seven
- Ajout blacklist:
sw2#.exe
Fullremove.exe
-Service Blacklist
sst#

V3.7.0 05/01/2011
=================
- Ajout module de detection Hijack WBEM (famille Antivirus 2010)

V3.6.1 28/12/2010
=================
- Ajout blacklist:
*****_##$.exe (Internet Security suite)

V3.6.0 28/12/2010
=================
- Ajout d'un module de surveillance du fichier HOSTS
- Ajout d'un mode permettant de restaurer un HOSTS sain

V3.5.2 27/12/2010
=================
- Ajout de la surveillance de la ligne
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows -> Load
- Ajout Blacklist:
!^!^!#####.exe (System tool)

V3.5.1 18/12/2010
=================
- Correction d'un bug emp?chant la suppression de cl?s de registre poss?dant +2 niveaux de sous-cl?s

V3.5.0 13/12/2010
=================
- Modification du module de modif des ACLs, prise en charge de Vista / Seven
(Merci ? Egwene et Eric_71)

V3.4.0 11/12/2010
=================
- Ajout d'un module pour rendre le process inkillable!
(du moins hormis l'utilisateur, et les applis ayant SE_DEBUG)

V3.3.0 11/12/2010
=================
- Ajout d'un module de suppression des LEGACY
(Ne marche que sous XP pour le moment)
- Ajout d'un module de modification des ACL, avec resatauration apr?s le scan/modif des cl?s (merci ? Egwene)
- Correction d'un bug de d?tection des chemins sensibles (Appli~1 = Appdata)
V3.2.1 01/12/2010
=================
- Correction d'un bug qui faisait planter le module running services
- service blacklist:
vbma**** (Antivirus Action)

V3.2.0 20/11/2010
=================
- Modification et activation du module des taches planifi?es.
Bas? sur la blacklist, et les r?sidus en m?moire.

V3.1.0 20/11/2010
=================
- Ajout de module de scan 04
RunServices
RunOnceEx
- Blacklist
windowstmsystem.exe
microsoftspeech.exe
mbamzlib.exe
sshnas$
Zludo*.exe
Zjuje*.exe
- Service
SSHNAS
V3.0.1 14/11/2010
=================
- Ajout de service Blacklist
Follower
- Ajout de cl?s Blacklist
netc.exe
nnmmnnsys.exe

V3.0.0 14/11/2010
=================
- Hijack Policies
NoFolderOptions
- Correction d'un bug qui faisait planter le module de recherche RUN

V2.9.0 14/11/2010
=================
- Ajout d'un module de Shell Spawning (Hijack du lancement des .Exe)
pezfile
.exe

V2.8.0 13/11/2010
=================
- Ajout de module de d?tection des Hijack Policies
DisableTaskMgr
DisableRegistryTools
DisableCMD
V2.7.1 12/11/2010
=================
- Correction d'un bug faisant planter le module IFEO
(d?bordement de tableau)

V2.7.0 11/11/2010
=================
- Ajout module proxy Firefox

V2.6.0 05/11/2010
=================
- Ajout module de reconnaissance des dll charg?es sous rundll32
- Ajout module de kill des dll trouv?es dans les r?sidus
- Services Blacklist:
kxtoykoc (smart defragmenter)
jvfrhmo (think point)
V2.5.0 05/11/2010
=================
- Ajout module Image File Execution Options
- Ajout module taches planifi?es (? completer)

V2.4.0 05/11/2010
=================
- Ajout description dans les propri?t?s.

V2.4.0 30/10/2010
=================
- Ajout d'un module de scan des r?sidue
(process dont la cl? de registre ? ?t? supprim?e, mais qui n'ont pas ?t? tu?s,
car seul la valeur de la cl? de registre permet de les identifier)
- Ajout Date/Heure dans le rapport
- Correction d'un faux positif sur les noms de fichier contenant "temp"

V2.3.1 30/10/2010
=================
- Ajout recherche Blacklist pour les valeurs de registre
- BlackList:
MK**.exe (Antimalware Doctor)
MK***.exe (Antimalware Doctor)
uPc+MV$.exe (Antimalware Doctor)
- WhiteList:
Chrome.exe (se lance dans Appdata)
- Ouverture automatique du rapport ? la fin
- Message invitant ? passer le mode 2 si des infections
ont ?t? trouv?es dans le registre

V2.3.0 22/10/2010
=================
- refonte du module de scan svchost (?l?vation des privil?ges)
-> plus besoin des taskkill et tasklist
- Ajout d'un module de scan des services en cours d'ex?cution (autres
que svchost)

V2.2.0 21/10/2010
=================
- Ajout currentcontrolset003
- remaniement du code

V2.1.0 20/10/2010
=================
- Ajout d'un module de comparaison g?rant les masques
- Ajout de rogue
SM***_****.exe (Smart Engine)

V2.0.0 20/10/2010
=================
- Ajout d'un module de scan des services svchost
-> on tue le service si celui ci est suspect
Ce module ne fonctionne pas nativement sous XP home.
il faut t?l?charger 2 ex?cutables et les placer ? la racine de RogueKiller

V1.8.0 19/10/2010
=================
- Ajout d'un module de scan des services (CurrentControlSet, ControlSet001, 002)
- Ajout de services ? la liste noire:
userinit (Antivirus 2010)

V1.7.1 19/10/2010
=================
- Ajout de quelques process en WhiteList
flux.exe
RtkBtMnt.exe
GoogleUpdate.exe

V1.7.0 18/10/2010
=================
- Ajout d'un module de suppression des proxy
V1.6.0 18/10/2010
=================
- refonte de la recherche de processus.
-> Purge des Blacklist / WhiteList
-> Scan bas? sur l'emplacement du process en priorit? pour une plus grande rapidit?
- Ajout? le repertoire "Bureau/Desktop" comme dossier sensible
- Ajout? chemin des fichiers tu?s (Sauf security Tools) dans le rapport

V1.5.0 18/10/2010
=================
- Ajout d'un scan de la cl? Shell
rogue Thinkpoint pris en charge
BlackList
Hotfix.exe
Desktop Security 2010.exe

WhiteList:
GoogleUpdate.exe
chrome.exe
GoogleCrashHandler.exe
flux.exe
Ati2evxx.exe
spoolsv.exe


V1.4.0 14/10/2010
=================
- Ajout d'un choix de mode pour le registre
mode scan: ne supprime pas les cl?s de registre trouv?es
mode remove: supprime les cl?s de registre trouv?es
Cela permet de voir d'?ventuels faux positifs et rassurer les personnes
qui ne veulent pas toucher au registre, et seulement tuer le processus infectieux

V1.3.0 14/10/2010
=================
- Ramaniement du code, optimisations.
Arrangement modulaire

V1.2.0 12/10/2010
=================
- Am?lioration du module de d?tection des cl?s RUN/RUNONCE infectieuse
d?tection des fichiers / chemin de mani?re plus pr?cise
moins de faux positifs, ciblage plus facile.
- Passage en "Append" du fichier RKreport.txt (au lieu de w+)
ce qui permet de ne pas ?craser les rapports pr?c?dents en cas de multiples
ex?cutions ? la suite
(le rapport est donc une superposition ant?-chronologique des diff?rents rapports)

V1.1.2 10/10/2010
=================
- Ajout d?tection OS et affichage dans le rapport
Desktop Security 2010.exe
flash_player_installer.exe
Whitelist:
rundll32.exe

V1.1.1 08/10/2010
=================
avp32.exe (Peak Protection)
user.exe (Peak Protection)
system.exe (Peak Protection)
svc.exe
load.exe (Antivirus studio 2010)
securitycenter.exe (Antivirus studio 2010)
securityhelper.exe (Antivirus studio 2010)
AntiVirus Studio 2010.exe (Antivirus studio 2010)

V1.1.0 04/10/2010
=================
- Ajout d'un module de suppression des cl?s RUN/RUNONCE en fonction
de la liste noire/liste blanche et des filtres dossiers habituels
- Optimisations
- Ajout d'un icone programme
- Ajout de quelques process Koobface:
ld15.exe
ld16.exe
andy133.exe

V1.0.3 01/10/2010
=================
- Ajout d'un module tuant les applications tournant sous "\Application Data\"
ou un de ses sous-dossiers
- Ajout d'un module tuant les applications tournant sous "\Temp\"
ou un de ses sous-dossiers

V1.0.2 01/10/2010
=================
- Passage en priorit? Haute au d?marrage du processus
(plus grande part CPU pour le scan, donc moins de chances de se faire killer)

V1.0.1 01/10/2010
=================
- Ajout d'une whitelist minimaliste pour acc?l?rer la recherche
[System Process]
System
smss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
dwm.exe
explorer.exe
ctfmon.exe
dllhost.exe
alg.exe
conhost.exe
taskhost.exe
sched.exe
Locator.exe
jusched.exe

V1.0 30/09/2010
===============
- Rogue Security Tools
module de d?tection des noms compos?s uniquement de chiffres
- Ajout de rogues plus anciens:

ccagent.exe (Control center)
ccmain.exe
richtx64.exe (Data Protection)
asr64_ldm.exe (Dr Guard)
diskperfxp.exe (User Protection)
davclnt.exe (Digital Protection)
avp.exe
digprot.exe
datprot.exe (Data Protection)
ave.exe

- Changelog SmitfraudFix jusqu'? November 06, 2008
winupdate.exe
AVR09.exe
msa.exe
ld09.exe
mediacodec.exe
pp10.exe
SYSDLL.exe
SYS32DLL.exe
DL32.exe
pcdefender.exe
svchost_32.exe
asasa.exe
syst.exe
msctrl.exe
msavsc.exe
msscan.exe
msiemon.exe
msfw.exe
msctrl.exe
msavsc.exe
msscan.exe
msiemon.exe
msfw.exe
setup2.exe
AntivirusXP.exe
ld03.exe
pp06.exe
userload.exe
rs32net.exe
renus2008.exe
sysrc32.exe
svchostw.exe
ld01.exe
ld02.exe
pp2.exe
dll32.exe
winagent.exe
systeminit.exe
sysguard.exe
avrlabs.exe
AnvTrgr.exe
msiconf.exe
VirTrigger.exe
VirusTriggerBin.exe
svhost.exe
reged.exe
spoolsystem.exe
syscert.exe
sysexplorer.exe
wsc32x.exe

 

[Stello72]

RogueKiller V12.13.1.0 (x64) [Sep 17 2018] (Gratis) Door Adlice Software
Email : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Besturingssysteem : Windows 10 (10.0.17134) 64 bits version
Gestart in : Normale mode
Gebruiker : Gebruiker [Administrator]
Gestart vanaf : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Datum : 09/22/2018 03:12:38 (Duur : 00:23:34)
Schakelaars : -refid
¤¤¤ Processen : 0 ¤¤¤
¤¤¤ Register : 15 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Gevonden
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Cain -> Gevonden
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Cain -> Gevonden
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Gevonden
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Gevonden
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Gevonden
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Gevonden
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Gevonden
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Gevonden
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Gevonden
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Gevonden
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Gevonden
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Gevonden
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Gevonden
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Gevonden
¤¤¤ Taken : 1 ¤¤¤
[Suspicious.Path] \Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation -- C:\WINDOWS\TEMP\sp81220.exe -> Gevonden
¤¤¤ Bestanden : 1 ¤¤¤
[PUP.Gen1][Map] C:\Users\Gebruiker\AppData\Local\SlimWare Utilities Inc -> Gevonden
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Host-bestand : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Geladen) ¤¤¤
¤¤¤ Web Browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SD8SNAT-128G-1006 +++++
--- User ---
[MBR] c8b8dcd9b4c35a0e84d908a44c25e51e
[BSP] da0512945d0fee75c6d04341b766fbb7 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 120842 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 248051712 | Size: 980 MB
Error reading LL1 MBR! ([5] Toegang geweigerd. )
Error reading LL2 MBR! ([5] Toegang geweigerd. )
+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] bcc93446323a1e2f6c08270651883b0e
[BSP] 7428366d7703bb285011cf8cf76b8da3 : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 939581 MB
1 - [SYSTEM] Basic data partition | Offset (sectors): 1924263936 | Size: 14287 MB
Error reading LL1 MBR! ([5] Toegang geweigerd. )
Error reading LL2 MBR! ([5] Toegang geweigerd. )

 

[Stello72]

RogueKiller V12.13.1.0 (x64) [Sep 17 2018] (Gratis) Door Adlice Software
Email : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Besturingssysteem : Windows 10 (10.0.17134) 64 bits version
Gestart in : Normale mode
Gebruiker : Gebruiker [Administrator]
Gestart vanaf : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Verwijder -- Datum : 09/22/2018 03:12:38 (Duur : 00:23:34)
Schakelaars : -refid
¤¤¤ Processen : 0 ¤¤¤
¤¤¤ Register : 15 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Verwijderd
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Cain -> Verwijderd
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Cain -> Verwijderd
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Vervangen (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Vervangen (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Vervangen (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Vervangen (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Vervangen (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Vervangen (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Vervangen (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Vervangen (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Vervangen (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Vervangen (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Vervangen (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3489418135-4018434446-1041310367-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Vervangen (http://search.msn.com/spbasic.htm)
¤¤¤ Taken : 1 ¤¤¤
[Suspicious.Path] \Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation -- C:\WINDOWS\TEMP\sp81220.exe -> Verwijderd
¤¤¤ Bestanden : 1 ¤¤¤
[PUP.Gen1][Map] C:\Users\Gebruiker\AppData\Local\SlimWare Utilities Inc -> Verwijderd
[PUP.Gen1][Bestand] C:\Users\Gebruiker\AppData\Local\SlimWare Utilities Inc\Installers\US-131799805335057849.log -> Verwijderd
[PUP.Gen1][Map] C:\Users\Gebruiker\AppData\Local\SlimWare Utilities Inc\Installers -> Verwijderd
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Host-bestand : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Geladen) ¤¤¤
¤¤¤ Web Browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SD8SNAT-128G-1006 +++++
--- User ---
[MBR] c8b8dcd9b4c35a0e84d908a44c25e51e
[BSP] da0512945d0fee75c6d04341b766fbb7 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 120842 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 248051712 | Size: 980 MB
Error reading LL1 MBR! ([5] Toegang geweigerd. )
Error reading LL2 MBR! ([5] Toegang geweigerd. )
+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] bcc93446323a1e2f6c08270651883b0e
[BSP] 7428366d7703bb285011cf8cf76b8da3 : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 939581 MB
1 - [SYSTEM] Basic data partition | Offset (sectors): 1924263936 | Size: 14287 MB
Error reading LL1 MBR! ([5] Toegang geweigerd. )
Error reading LL2 MBR! ([5] Toegang geweigerd. )

 

[Broni]

You don't have to wait. Go ahead with other scans.

 

[Stello72]

Oke...

 

[Stello72]

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 9/22/18
Scan Time: 4:11 AM
Log File: db917cd4-be0c-11e8-b001-c8d3ffcf3027.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.6957
License: Trial
-System Information-
OS: Windows 10 (Build 17134.286)
CPU: x64
File System: NTFS
User: LAPTOP-HPMDV\Gebruiker
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 322798
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 9 min, 7 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)

(end)

 

[Stello72]

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.0
# -------------------------------
# Build: 08-30-2018
# Database: (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-22-2018
# Duration: 00:00:13
# OS: Windows 10 Home
# Scanned: 41930
# Detected: 2

***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers
***** [ Files ] *****
PUP.Optional.Legacy C:\Windows\System32\drivers\swdumon.sys
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.

AdwCleaner_Debug.log - [6698 octets] - [22/09/2018 04:28:54]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

[Stello72]

Adware debug log :

2018-09-22 02:28:54 : <INFO> [MBInstaller] Checking Iris
2018-09-22 02:28:54 : <INFO> [IRIS] Making request
2018-09-22 02:28:54 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2018-09-22 02:28:54 : <INFO> [SslCert] Issued to ("*.malwarebytes.com")
2018-09-22 02:28:54 : <INFO> [SslCert] Locality Name ("Santa Clara")
2018-09-22 02:28:54 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2018-09-22 02:28:54 : <INFO> [SslCert] Certificate EffectiveDate: "ma okt 2 00:00:00 2017 GMT"
2018-09-22 02:28:54 : <INFO> [SslCert] Certificate ExpirationDate: "di okt 6 12:00:00 2020 GMT"
2018-09-22 02:28:54 : <INFO> [SslCert] ALPN: None
2018-09-22 02:28:54 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2018-09-22 02:28:54 : <INFO> [SslCert] KXE: "ECDH"
2018-09-22 02:28:54 : <INFO> [SslCert] Protocol: "TLSv1.2"
2018-09-22 02:28:55 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2018-09-22 02:28:55 : <INFO> [IRIS] Failed
2018-09-22 02:29:42 : <INFO> [Button clicked] Dashboard menu item
2018-09-22 02:29:43 : <INFO> [Button clicked] Scan
2018-09-22 02:29:43 : <INFO> [Scan] Started
2018-09-22 02:29:44 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2018-09-22 02:29:44 : <INFO> [SslCert] Issued to ("*.malwarebytes.com")
2018-09-22 02:29:44 : <INFO> [SslCert] Locality Name ("Santa Clara")
2018-09-22 02:29:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2018-09-22 02:29:44 : <INFO> [SslCert] Certificate EffectiveDate: "ma okt 2 00:00:00 2017 GMT"
2018-09-22 02:29:44 : <INFO> [SslCert] Certificate ExpirationDate: "di okt 6 12:00:00 2020 GMT"
2018-09-22 02:29:44 : <INFO> [SslCert] ALPN: Yes
2018-09-22 02:29:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2018-09-22 02:29:44 : <INFO> [SslCert] KXE: "ECDH"
2018-09-22 02:29:44 : <INFO> [SslCert] Protocol: "TLSv1.2"
2018-09-22 02:29:44 : <INFO> [Database] Downloading database
2018-09-22 02:29:44 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2018-09-22 02:29:44 : <INFO> [SslCert] Issued to ("*.malwarebytes.com")
2018-09-22 02:29:44 : <INFO> [SslCert] Locality Name ("Santa Clara")
2018-09-22 02:29:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2018-09-22 02:29:44 : <INFO> [SslCert] Certificate EffectiveDate: "ma okt 2 00:00:00 2017 GMT"
2018-09-22 02:29:44 : <INFO> [SslCert] Certificate ExpirationDate: "di okt 6 12:00:00 2020 GMT"
2018-09-22 02:29:44 : <INFO> [SslCert] ALPN: Yes
2018-09-22 02:29:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2018-09-22 02:29:44 : <INFO> [SslCert] KXE: "ECDH"
2018-09-22 02:29:44 : <INFO> [SslCert] Protocol: "TLSv1.2"
2018-09-22 02:29:44 : <INFO> [Database] Checking integrity
2018-09-22 02:29:44 : <WARNING> [Database] Error decoding json data in file header.json
2018-09-22 02:29:44 : <INFO> [Loading paths] Local paths loaded
2018-09-22 02:29:44 : <INFO> [Loading paths] Chrome paths loaded
2018-09-22 02:29:44 : <INFO> [Loading paths] User Keys loaded
2018-09-22 02:29:44 : <INFO> [Module added] Folder
2018-09-22 02:29:44 : <INFO> [Module added] File
2018-09-22 02:29:44 : <INFO> [Module added] URL
2018-09-22 02:29:44 : <INFO> [Module added] Service
2018-09-22 02:29:44 : <INFO> [Module added] TaskName
2018-09-22 02:29:44 : <INFO> [Module added] TaskContent
2018-09-22 02:29:44 : <INFO> [Module added] App Init
2018-09-22 02:29:44 : <INFO> [Module added] Classes
2018-09-22 02:29:44 : <INFO> [Module added] DNS
2018-09-22 02:29:44 : <INFO> [Module added] Firewall
2018-09-22 02:29:44 : <INFO> [Module added] GUID
2018-09-22 02:29:44 : <INFO> [Module added] IEPolicy
2018-09-22 02:29:44 : <INFO> [Module added] RegOther
2018-09-22 02:29:44 : <INFO> [Module added] ProductID
2018-09-22 02:29:44 : <INFO> [Module added] Software
2018-09-22 02:29:44 : <INFO> [Module added] Startup
2018-09-22 02:29:44 : <INFO> [Module added] Winlogon
2018-09-22 02:29:44 : <INFO> [Module added] WMI
2018-09-22 02:29:44 : <INFO> [Module added] Chromium
2018-09-22 02:29:44 : <INFO> [Module added] FF
2018-09-22 02:29:44 : <INFO> [Module added] RegGeneric
2018-09-22 02:29:44 : <INFO> [Module added] FileSystem
2018-09-22 02:29:45 : <INFO> [Module initialize] File/Folder
2018-09-22 02:29:45 : <INFO> [Module initialize] File/Folder
2018-09-22 02:29:46 : <INFO> [Module initialize] URL
2018-09-22 02:29:46 : <INFO> [Module initialize] Service
2018-09-22 02:29:46 : <INFO> [Module initialize] TaskName
2018-09-22 02:29:47 : <INFO> [Module initialize] TaskContent
2018-09-22 02:29:47 : <INFO> [Module initialize] App Init
2018-09-22 02:29:47 : <INFO> [Module initialize] Classes
2018-09-22 02:29:47 : <INFO> [Module initialize] DNS
2018-09-22 02:29:47 : <INFO> [Module initialize] Firewall
2018-09-22 02:29:47 : <INFO> [Module initialize] GUID
2018-09-22 02:29:47 : <INFO> [Module initialize] IEPolicy
2018-09-22 02:29:47 : <INFO> [Module initialize] RegOther
2018-09-22 02:29:47 : <INFO> [Module initialize] ProductID
2018-09-22 02:29:47 : <INFO> [Module initialize] Software
2018-09-22 02:29:47 : <INFO> [Module initialize] Startup
2018-09-22 02:29:47 : <INFO> [Module Initialized] Winlogon
2018-09-22 02:29:47 : <INFO> [Module initialized] WMI
2018-09-22 02:29:47 : <INFO> [Module initialize] Chromium
2018-09-22 02:29:47 : <INFO> [Module initialize] FF
2018-09-22 02:29:47 : <INFO> [Module initialize] RegGeneric
2018-09-22 02:29:47 : <INFO> [Module initialize] FileSystem
2018-09-22 02:29:47 : <INFO> [Module initialize] Scan Browser
2018-09-22 02:29:47 : <INFO> [Module initialize] Scan Browser FF
2018-09-22 02:29:47 : <INFO> [Module initialize] FF start pages loaded
2018-09-22 02:29:47 : <INFO> [Module initialize] FF search providers loaded
2018-09-22 02:29:47 : <INFO> [Module initialize] FF plugin list loaded
2018-09-22 02:29:47 : <INFO> [Scan] Exclusions loaded
2018-09-22 02:29:48 : <INFO> [Scan] Threat detected: "PUP.Optional.Legacy" , "C:\\Users\\Public\\Documents\\Downloaded Installers" [ "Folder" ]
2018-09-22 02:29:49 : <INFO> [Scan] Threat detected: "PUP.Optional.Legacy" , "C:\\Windows\\System32\\drivers\\swdumon.sys" [ "File" ]
2018-09-22 02:29:57 : <INFO> [Telemetry] Sending to Influx
2018-09-22 02:29:57 : <INFO> [Button clicked] Quarantine menu item
2018-09-22 02:29:57 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3")
2018-09-22 02:29:57 : <INFO> [SslCert] Issued to ("telemetry-01.adwc.fr33tux.org")
2018-09-22 02:29:57 : <INFO> [SslCert] Locality Name ()
2018-09-22 02:29:57 : <INFO> [SslCert] Organization ()
2018-09-22 02:29:57 : <INFO> [SslCert] Certificate EffectiveDate: "vr aug 3 09:04:38 2018 GMT"
2018-09-22 02:29:57 : <INFO> [SslCert] Certificate ExpirationDate: "do nov 1 09:04:38 2018 GMT"
2018-09-22 02:29:57 : <INFO> [SslCert] ALPN: Yes
2018-09-22 02:29:57 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2018-09-22 02:29:57 : <INFO> [SslCert] KXE: "ECDH"
2018-09-22 02:29:57 : <INFO> [SslCert] Protocol: "TLSv1.2"
2018-09-22 02:29:57 : <INFO> [Telemetry] Status code: QVariant(int, 204)
2018-09-22 02:29:57 : <INFO> [Telemetry] Sending to DSE
2018-09-22 02:29:59 : <INFO> [Button clicked] Log files menu item
2018-09-22 02:29:59 : <WARNING> QSortFilterProxyModel: invalid inserted rows reported by source model
2018-09-22 02:29:59 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2018-09-22 02:29:59 : <INFO> [SslCert] Issued to ("*.malwarebytes.com")
2018-09-22 02:29:59 : <INFO> [SslCert] Locality Name ("San Jose")
2018-09-22 02:29:59 : <INFO> [SslCert] Organization ("Malwarebytes Inc.")
2018-09-22 02:29:59 : <INFO> [SslCert] Certificate EffectiveDate: "do feb 22 00:00:00 2018 GMT"
2018-09-22 02:29:59 : <INFO> [SslCert] Certificate ExpirationDate: "wo apr 22 12:00:00 2020 GMT"
2018-09-22 02:29:59 : <INFO> [SslCert] ALPN: Yes
2018-09-22 02:29:59 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2018-09-22 02:29:59 : <INFO> [SslCert] KXE: "ECDH"
2018-09-22 02:29:59 : <INFO> [SslCert] Protocol: "TLSv1.2"
2018-09-22 02:29:59 : <INFO> [Telemetry] Status code: QVariant(int, 201)
2018-09-22 02:29:59 : <INFO> [Scan] Finished
2018-09-22 02:30:02 : <INFO> [Button clicked] Quarantine menu item
2018-09-22 02:30:03 : <INFO> [Button clicked] Log files menu item
2018-09-22 02:30:11 : <INFO> [Button clicked] Dashboard menu item
2018-09-22 02:30:14 : <INFO> [Button clicked] Quarantine menu item
2018-09-22 02:30:15 : <INFO> [Button clicked] Log files menu item
2018-09-22 02:30:18 : <INFO> [Button clicked] Settings menu item
2018-09-22 02:30:23 : <INFO> [Button clicked] Log files menu item

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Stello72]

Hi Broni,
Followed your instructions and posted the logs.
I will wait for further instructions

 

[Stello72]

Oke