Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scanner does not find malware...


  • Please log in to reply
14 replies to this topic

#1 KeZa

KeZa

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:01 AM

Posted 10 September 2017 - 02:22 AM

Hi,

​I have started a topic here http://www.bleepingcomputer.com/forums/t/656075/scanner-does-not-find-malware/#entry4330927 and is it really necessary to upload the FRST log because I'm told to do so, so your experts will check this exe. file that I have here with a Trojan in but it is nothing I have seen before?

 

I can upload the file to you if you like and then you can look at it if you find a way to find the trojan before extracting the file because that is the problem here. I find extractors that can extract the file (not many because it is in Borland Delphi 6.0-7.0 encoded and it seems that not every prog can handle this) and then when I do so my scanners find the Trojan but when I scan it with scanners like AVG, Kaspersky before extracting they do not find anything. Also there is no downloading in the background because I have tried it with connection down. Why is that? Have any of you experts here have any idea and how to find it before extraction because when I want to install this exe. (AVG v17.5) and I have no security online I get infected with a nasty Ransom Trojan Atros5.GOZ and that is not funny. I want to know how to scan for this in the future...

 

Kind regards,

Kevin z. from Belgium

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:01 AM

Posted 10 September 2017 - 10:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Follow the followiing instructions and post the logs for my review.

:step3: Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Wait for further instructions.
==============================

#3 KeZa

KeZa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:01 AM

Posted 10 September 2017 - 01:47 PM

Hi nasdaq,

​Here is the log:

​Scanresultaten van Farbar Recovery Scan Tool (FRST) (x86) Versie: 10-09-2017
Gestart door KeZa (Beheerder) op KEZAX (10-09-2017 20:41:08)
Gestart vanaf C:\Documents and Settings\Administrator\Bureaublad
Geladen Profielen: KeZa (Beschikbare Profielen: KeZa)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Taal: Nederlands (Nederland)
Internet Explorer Versie 8 (Standaardbrowser: "C:\Program Files\Avant Browser\avant.exe" "%1")
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
() C:\Program Files\Everything\Everything.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\Prio\prio_svc.exe
(Sygate Technologies, Inc.) C:\Program Files\Sygate\SPF\Smc.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(VoodooSoft, LLC) C:\Program Files\VoodooShield\VoodooShieldService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
() C:\Documents and Settings\Administrator\Bureaublad\Desktop\Security & Performance\+ Primair Tools\+ Spyware\+ realtime protection\crystal security\Crystal Security.exe
() C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\WINDOWS\system\HsMgr.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\cfosspeed.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(IVT Corporation) C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
() C:\Program Files\Everything\Everything.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(VoodooSoft, LLC) C:\Program Files\VoodooShield\VoodooShield.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Binarysense) C:\Program Files\BinarySense\SSDlife\ssdlife.exe
(Bayden Systems) C:\Program Files\SlickRun\sr.exe
(xwidget.com) C:\Program Files\XLaunchPad\XLaunchPad.exe
(James Garton) C:\Program Files\Wallpaper Master\Wallpaper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(IVT Corporation) C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Acesoft) C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(IVT Corporation) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(QuestSoft) C:\Program Files\QTranslate\QTranslate.exe
(Bill2 Software) C:\Program Files\Bill2's Process Manager\ProcessManager.exe
() C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
(South Bay Software) C:\Program Files\AutoSizer\AutoSizer.exe
(Nenad Hrg SoftwareOK) C:\Documents and Settings\Administrator\Bureaublad\Desktop\My Programs\+ Programs\IconSavers\DesktopOK\DesktopOK.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Flux Software LLC) C:\Documents and Settings\Administrator\Local Settings\Application Data\FluxSoftware\Flux\flux.exe
() C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(NirSoft) C:\Documents and Settings\Administrator\Bureaublad\Desktop\Security & Performance\+ Primair Tools\PC info & Diagnostic\EventLogs\eventviewer\myeventviewer.exe
(Shatran Software) C:\Program Files\Quick ShutDown\qsd.exe
(Rainy) C:\Program Files\Rainlendar\Rainlendar.exe
() C:\Program Files\SpeedFan\speedfan.exe
(DeskSoft) C:\Program Files\WindowManager\WindowManager.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(NirSoft) C:\Documents and Settings\Administrator\Bureaublad\Desktop\Security & Performance\+ Primair Tools\PC info & Diagnostic\EventLogs\eventviewer\myeventviewer.exe
(hxxp://www.nurgo-software.com) C:\Program Files\AquaSnap\AquaSnap.Daemon.exe
(Firetrust Ltd) C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
(Avant Force) C:\Program Files\Avant Browser\avant.exe
(Avant Force) C:\Program Files\Avant Browser\avantvw.exe
(Mozilla Corporation) C:\Program Files\Avant Browser\gecko\gecko.exe

==================== Register (gefilterd) ====================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [Crystal Security] => C:\Documents and Settings\Administrator\Bureaublad\Desktop\Security & Performance\+ Primair Tools\+ Spyware\+ realtime protection\crystal security\Crystal Security.exe [1325568 2016-06-19] ()
HKLM\...\Run: [BDAntiCryptoLocker] => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [1242144 2016-05-16] ()
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Dimension4] => C:\Program Files\D4\D4.exe [355840 2013-11-27] (Thinking Man Software)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech\Logitech Gaming Software\LCore.exe [5529328 2013-02-28] (Logitech Inc.)
HKLM\...\Run: [Hard Disk Sentinel] => C:\Program Files\Hard Disk Sentinel\HDSentinel.exe [4856480 2016-08-21] (H.D.S. Hungary)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2312824 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [Cmaudio8788GX] => C:\WINDOWS\system\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [cFosSpeed] => C:\Program Files\cFosSpeed\cFosSpeed.exe [1602472 2015-12-04] (cFos Software GmbH)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-09] (Apple Inc.)
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [515600 2016-08-01] (QFX Software Corporation)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [BtTray] => C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [488240 2015-07-28] (IVT Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1666664 2017-06-07] ()
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SmcService] => C:\Program Files\Sygate\SPF\Smc.exe [2635472 2005-09-27] (Sygate Technologies, Inc.)
HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [1833440 2015-12-02] (VoodooSoft, LLC)
HKLM\...\Run: [SSDlifeScheduler] => C:\Program Files\BinarySense\SSDlife\ssdlife.exe [3731312 2016-10-01] (Binarysense)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2014-01-07] (ATI Technologies Inc.)
Winlogon\Notify\KeyScrambler: C:\WINDOWS\System32\KeyScramblerLogon.dll [2016-08-01] (QFX Software Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-01-29] (Logitech, Inc.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [SlickRun] => C:\Program Files\SlickRun\sr.exe [2668280 2015-05-16] (Bayden Systems)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [XLaunchpad] => C:\Program Files\XLaunchPad\XLaunchPad.exe [2372608 2013-05-17] (xwidget.com)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [WallpaperChanger] => C:\Program Files\Wallpaper Master\Wallpaper.exe [531571 2016-06-29] (James Garton)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [Tracks Eraser Pro] => C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe [1557496 2016-02-11] (Acesoft)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [Task] => C:\windows\system32\taskmgr.exe [140800 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [syncDriver] => [X]
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [QTranslate] => C:\Program Files\QTranslate\QTranslate.exe [1136640 2017-03-12] (QuestSoft)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [ProcessManager] => C:\Program Files\Bill2's Process Manager\ProcessManager.exe [2064384 2014-10-30] (Bill2 Software)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [OpenDNS Updater] => C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [AutoSizer] => C:\Program Files\AutoSizer\AutoSizer.exe [131072 2014-02-27] (South Bay Software)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [DesktopOK] => C:\Documents and Settings\Administrator\Bureaublad\Desktop\My Programs\+ Programs\IconSavers\DesktopOK\DesktopOK.exe [325632 2017-05-18] (Nenad Hrg SoftwareOK)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATINFE.EXE [262208 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [Core Temp] => C:\Program Files\Core Temp\Core Temp.exe [822248 2016-11-22] ()
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [f.lux] => C:\Documents and Settings\Administrator\Local Settings\Application Data\FluxSoftware\Flux\flux.exe [1017224 2015-01-27] (Flux Software LLC)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [AquaSnap] => C:\Program Files\AquaSnap\AquaSnap.Daemon.exe [890368 2012-05-22] (hxxp://www.nurgo-software.com)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [Grid] => C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe [405504 2014-01-07] ()
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [645768 2017-06-05] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [NoMultiIE] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWA] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWB] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWC] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWD] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWE] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWF] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWG] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWH] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWI] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWJ] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWK] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWL] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWM] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWN] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWO] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWP] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWQ] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWR] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWS] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWT] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWU] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWV] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWW] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWX] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWY] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [LWZ] 0
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe -update pepperplugin
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsMenu] 0
AppInit_DLLs: prio.dll => C:\Program Files\Prio\prio.dll [15216 2012-11-08] (O&K Software)
AppInit_DLLs: ,C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [264480 2014-05-02] (Jaksta Technologies Pty Ltd)
AppInit_DLLs:  prio.dll => C:\Program Files\Prio\prio.dll [15216 2012-11-08] (O&K Software)
Lsa: [Notification Packages] scecli IVTCredentialProvider
HKLM\...\AppCertDlls: [cpn32] -> C:\Windows\System32\cpn32.dll [7168 2014-09-06] ()
ShellExecuteHooks: Geen Naam - {56F9679E-7826-4C84-81F3-532071A8BCC5} -  -> Geen bestand
Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\a2guard - RESET WPK na uninstall.lnk [2016-08-28]
ShortcutTarget: a2guard - RESET WPK na uninstall.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft Ltd)
Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\AquaSnap.Daemon.lnk [2015-02-21]
ShortcutTarget: AquaSnap.Daemon.lnk -> C:\Program Files\AquaSnap\AquaSnap.Daemon.exe (hxxp://www.nurgo-software.com)
Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\AutorunsDisabled [2017-05-31] ()
Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\Crystal Security.lnk [2016-07-28]
ShortcutTarget: Crystal Security.lnk -> C:\Documents and Settings\Administrator\Bureaublad\Desktop\Security & Performance\+ Primair Tools\+ Spyware\+ realtime protection\crystal security\Crystal Security.exe ()
Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\Deep Scan.lnk [2014-01-18]
ShortcutTarget: Deep Scan.lnk -> C:\Program Files\Watcher\Watcher.exe (minuscule)
Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\MailWasherPro.lnk [2015-06-08]
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd)
Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\myeventviewer.lnk [2016-08-30]
ShortcutTarget: myeventviewer.lnk -> C:\Documents and Settings\Administrator\Bureaublad\Desktop\Security & Performance\+ Primair Tools\PC info & Diagnostic\EventLogs\eventviewer\myeventviewer.exe (NirSoft)
Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\Quick ShutDown.lnk [2008-02-18]
ShortcutTarget: Quick ShutDown.lnk -> C:\Program Files\Quick ShutDown\qsd.exe (Shatran Software)
Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\Rainlendar.lnk [2008-03-22]
ShortcutTarget: Rainlendar.lnk -> C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\SpeedFan.lnk [2016-10-31]
ShortcutTarget: SpeedFan.lnk -> C:\Program Files\SpeedFan\speedfan.exe ()
Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\WindowManager.lnk [2017-06-18]
ShortcutTarget: WindowManager.lnk -> C:\Program Files\WindowManager\WindowManager.exe (DeskSoft)
Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutorunsDisabled [2017-06-02] ()
BootExecute: autocheck autochk /k:D /k:E /k:F *
GroupPolicy: Restrictie - Chrome <==== AANDACHT
GroupPolicy\User: Restrictie ? <==== AANDACHT
GroupPolicyScripts: Restrictie <==== AANDACHT
CHR HKLM\SOFTWARE\Policies\Google: Restrictie <==== AANDACHT

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: Er zijn meer dan één item in Hosts. Zie Hosts deel van Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60806A7E-A2D1-4BA3-B939-E19779C2EE0E}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{66A8B09E-A602-4D33-A672-E24D8F4FA3D4}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{8A2C3E6D-6105-4CAB-AC34-D0A4AD00F71D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E5149DA0-3C90-4C95-9991-01C9408830E5}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{F33AAF39-4814-400A-A8D2-193CDA164E30}: [NameServer] 208.67.222.222,208.67.220.220,192.168.1.1
Tcpip\..\Interfaces\{F33AAF39-4814-400A-A8D2-193CDA164E30}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/nl-be/?ocid=iehp
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.be/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1202660629-1547161642-1801674531-500 -> Geen Naam - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  Geen bestand
Toolbar: HKU\S-1-5-21-1202660629-1547161642-1801674531-500 -> Geen Naam - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} -  Geen bestand
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1379712735968
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2010-09-14] (Belarc, Inc.)
Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  Geen bestand []
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll [2015-07-28] (Skype Technologies)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll [2015-07-28] (Skype Technologies)

FireFox:
========
FF DefaultProfile: 54qpy45q.pure
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Profiles\5eo0xa9d.default [niet gevonden] <==== AANDACHT
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609 [2017-08-20]
FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609 -> hxxp://www.google.be/
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609 -> gopher", ""
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609 -> gopher_port", 0
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609 -> http", "localhost"
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609 -> http_port", 9666
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609 -> socks", "localhost"
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609 -> socks_port", 9050
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609 -> socks_remote_dns", true
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609 -> ssl", "localhost"
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609 -> ssl_port", 9666
FF Extension: (HTTP Nowhere) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\http-nowhere@cwilper.github.com.xpi [2016-08-29]
FF Extension: (Self-Destructing Cookies) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-05-27]
FF Extension: (Magic Actions for YouTube™) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2017-05-27]
FF Extension: (Tab Memory Usage) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\jid1-fRvgLzKONCsPew@jetpack.xpi [2016-10-09]
FF Extension: (User-Agent Switcher) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\jid1-kyxEAcWua7BEKq@jetpack.xpi [2016-10-09]
FF Extension: (NetVideoHunter) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\netvideohunter@netvideohunter.com [2016-10-09]
FF Extension: (SQLite Manager) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-08-29]
FF Extension: (The Addon Bar (restored)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-08-29]
FF Extension: (uMatrix) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\uMatrix@raymondhill.net.xpi [2017-05-27]
FF Extension: (Vista-aero) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2013-01-14] [niet getekend]
FF Extension: (UltraSurf Firefox Tool) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi [2014-10-05] [niet getekend]
FF Extension: (Download Status Bar) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-10-09]
FF Extension: (FastestTube) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}.xpi [2016-03-27]
FF Extension: (NoScript) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-06-13]
FF Extension: (FT DeepDark) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-06-13]
FF Extension: (Secure Sanitizer) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{7e69e900-c32e-11db-8314-0800200c9a66}.xpi [2016-10-09]
FF Extension: (Video DownloadHelper) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-27]
FF Extension: (Configuration Mania) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}.xpi [2017-05-27]
FF Extension: (Shine Bright Skin Aero) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi [2012-08-06] [niet getekend]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-27]
FF Extension: (Privacy Cleaner) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{E490E068-B86C-4DF9-B711-F81A1B9B338B}.xpi [2016-07-22] [niet getekend]
FF Extension: (ProfileSwitcher) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2016-10-09]
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure [2017-09-10]
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure -> gopher", ""
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure -> gopher_port", 0
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure -> http", "localhost"
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure -> http_port", 9666
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure -> socks", "localhost"
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure -> socks_port", 9050
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure -> socks_remote_dns", true
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure -> ssl", "localhost"
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure -> ssl_port", 9666
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure -> type", 0
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\elemhidehelper@adblockplus.org.xpi [2017-05-31]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\firefox@zenmate.com.xpi [2017-05-31]
FF Extension: (Self-Destructing Cookies) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-06-12]
FF Extension: (RequestPolicy) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\requestpolicy@requestpolicy.com.xpi [2017-01-05]
FF Extension: (Smart Referer) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\smart-referer@meh.paranoid.pk.xpi [2017-09-08]
FF Extension: (The Addon Bar (restored)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2017-05-27]
FF Extension: (User Agent Overrider) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\useragentoverrider@qixinglu.com.xpi [2017-06-23]
FF Extension: (User-Agent JS Fixer) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\{086e582e-455b-4289-bfab-e90da7c0558b}.xpi [2017-08-10]
FF Extension: (UltraSurf Firefox Tool) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi [2014-05-23] [niet getekend]
FF Extension: (NoScript) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-08-27]
FF Extension: (FT DeepDark) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-05-05]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-12]
FF Extension: (QuickJava) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-10-09]
FF Extension: (ProfileSwitcher) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2016-08-27]
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eutc8m9a.Standaard [2017-08-30]
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default [2017-09-10]
FF Homepage: C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default -> hxxps://www.whatismybrowser.com/
FF NetworkProxy: C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default -> type", 4
FF Extension: (Disconnect) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\2.0@disconnect.me.xpi [2017-07-22]
FF Extension: (Diagnostics for Adblock Plus) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\abpwatcher@adblockplus.org.xpi [2017-07-22]
FF Extension: (Add-ons Manager Context Menu) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\amcontextmenu@loucypher.xpi [2017-07-22]
FF Extension: (CleanPrint ) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\cleanprint@formatdynamics.com.xpi [2017-07-22] [niet getekend]
FF Extension: (Click&Clean) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\clickclean@hotcleaner.com [2016-04-27]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-07-22]
FF Extension: (United States English Spellchecker) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-11-05]
FF Extension: (F.B. Purity - Cleans Up Facebook) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\fbp-signed@fbpurity.com.xpi [2017-07-22]
FF Extension: (HTTPS by default) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\https-by-default@robwu.nl.xpi [2017-07-22]
FF Extension: (HTTPS Everywhere) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\https-everywhere-eff@eff.org.xpi [2017-07-22]
FF Extension: (Self-Destructing Cookies) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-07-22]
FF Extension: (Facebook™ Disconnect) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\jid0-dBgF7UkIiOsWqvBng4hYu@jetpack.xpi [2017-07-22]
FF Extension: (Magic Actions for YouTube™) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2017-07-22]
FF Extension: (Fake Windows Version for Useragent) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\jid1-dNCLNMayj1SOdA@jetpack.xpi [2017-08-29]
FF Extension: (Tab Memory Usage) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\jid1-fRvgLzKONCsPew@jetpack.xpi [2017-07-22]
FF Extension: (Save Images) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\LDSI_plashcor@gmail.com.xpi [2017-08-30]
FF Extension: (NetVideoHunter) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\netvideohunter@netvideohunter.com [2016-10-09]
FF Extension: (Woordenboek Nederlands) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\nl-NL@dictionaries.addons.mozilla.org [2016-11-05] [niet getekend]
FF Extension: (RequestPolicy) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\requestpolicy@requestpolicy.com.xpi [2017-08-19]
FF Extension: (Restart My Fox) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\Restart-My-Fox@8pecxstudios.com.xpi [2017-07-22]
FF Extension: (Smart Referer) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2017-07-22]
FF Extension: (Social Fixer) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\socialfixer@mattkruse.com.xpi [2017-07-22] [niet getekend]
FF Extension: (SQLite Manager) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2017-07-22]
FF Extension: (Turn Off the Lights) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\stefanvandamme@stefanvd.net.xpi [2017-07-22]
FF Extension: (The Addon Bar (restored)) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2017-07-22]
FF Extension: (Google Translator for Firefox) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\translator@zoli.bod.xpi [2017-07-22]
FF Extension: (UAControl) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\uacontrol@qz.tsugumi.org.xpi [2017-07-22]
FF Extension: (uBlock Origin) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-22]
FF Extension: (Toolbar Buttons) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2017-07-22]
FF Extension: (User-Agent JS Fixer) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{086e582e-455b-4289-bfab-e90da7c0558b}.xpi [2017-07-22]
FF Extension: (FlashGot) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-07-22]
FF Extension: (Stylish) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2017-07-22]
FF Extension: (Download Status Bar) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2017-07-22]
FF Extension: (FastestTube) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}.xpi [2017-07-22]
FF Extension: (NoScript) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-08-21]
FF Extension: (TargetKiller) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{9a4cea50-3bc5-47e5-aec8-5eda9d4839d6}.xpi [2017-07-22]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-22]
FF Extension: (BetterPrivacy) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-07-22]
FF Extension: (Tweak Network) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA} [2016-07-26]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\searchplugins\facebook.xml [2017-07-22]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\searchplugins\videos-zoeken-op-youtube.xml [2017-07-22]
FF Extension: (SmartWhois Launcher) - C:\Program Files\Mozilla Firefox\extensions\{45925a5c-e3de-447f-bed2-ded87acae111} [2016-11-20] [niet getekend]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-21] [niet getekend]
FF HKLM\...\Firefox\Extensions: [httpanalyzerv7ffaddon@ieinspector.com] - C:\Program Files\IEInspector\HTTPAnalyzerFullV7\firefox
FF Extension: (Http Analyzer) - C:\Program Files\IEInspector\HTTPAnalyzerFullV7\firefox [2013-07-27] [niet getekend]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-04-15] [niet getekend]
FF HKLM\...\Firefox\Extensions: [isend@www.bluesoleil.com] - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com
FF Extension: (BlueSoleil Extension) - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com [2017-06-02] [niet getekend]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-10-25] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @ieinspector.com/ha_plugin -> C:\Program Files\IEInspector\HTTPAnalyzerFullV7\firefox\Components [2014-01-01] ()
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Documents and Settings\Administrator\Mijn documenten\iTools\Plugin\npiTools.dll [2016-03-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-10-25] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1202660629-1547161642-1801674531-500: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-10-25] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-10-25] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPPGWrap.dll [2014-11-15] (Microsoft Corp.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npPDFXCviewNPPlugin.dll [2013-10-25] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\NPPGWrap.dll [2014-11-15] (Microsoft Corp.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [pngkhjkpbbeappoconbinflbfpgghdgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1202660629-1547161642-1801674531-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (History Limiter Custom) - C:\Documents and Settings\Administrator\Application Data\Opera Software\Opera Stable\Extensions\bihknnbbnkkjneoahgjkddkoimleciad [2015-12-18]
OPR Extension: (No-Script Suite Lite) - C:\Documents and Settings\Administrator\Application Data\Opera Software\Opera Stable\Extensions\ipiopppcaojnchgoepoemlbdccogeije [2017-05-22]
OPR Extension: (History Eraser) - C:\Documents and Settings\Administrator\Application Data\Opera Software\Opera Stable\Extensions\lfpoajlbkhlfoeeokbppmecpplmieedm [2015-12-18]

==================== Services (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [7084784 2017-07-05] (Emsisoft Ltd)
S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [991040 2016-05-10] ()
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-08-09] (Adobe Systems Incorporated) [Bestand niet getekend]
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-09-26] ()
S3 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [643072 2014-01-07] (ATI Technologies Inc.) [Bestand niet getekend]
R2 avgfws; C:\Program Files\AVG\Av\avgfws.exe [1458360 2017-04-11] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-04-11] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-04-11] (AVG Technologies CZ, s.r.o.)
R3 BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3300080 2015-07-28] (IVT Corporation)
S4 BootRacerServ; C:\Program Files\BootRacer\BootRacerServ.exe [65296 2014-04-30] (Greatis Software, LLC)
R3 BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [83352 2015-07-28] (IVT Corporation)
S3 CachemanService; C:\Program Files\Cacheman\CachemanServ.exe [261704 2016-02-15] (Outertech)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [618920 2015-12-04] (cFos Software GmbH) [Bestand niet getekend]
S3 cmcore; c:\program files\cmcm\Clean Master\cmcore.exe [315240 2015-02-07] (Kingsoft Corporation)
S3 cPhoneSDKCS; C:\Program Files\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe [279968 2014-11-03] (IVT Corporation)
S3 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [105792 2015-07-06] ()
S2 Dimension4; C:\Program Files\D4\D4.exe [355840 2013-11-27] (Thinking Man Software) [Bestand niet getekend]
S4 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2163064 2012-07-27] (Condusiv Technologies)
S4 DisplayFusionService; C:\Program Files\DisplayFusion\DisplayFusionService.exe [1622928 2013-07-15] (Binary Fortress Software)
S3 ELIService; C:\Program Files\EventLog Inspector 3\ELIService.exe [2096208 2016-08-01] ()
S3 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [126128 2015-04-15] (Seiko Epson Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [1666664 2017-06-07] ()
S4 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [570368 2011-10-27] (Hauppauge Computer Works) [Bestand niet getekend]
S3 HeimdalSecureDNS; C:\Program Files\Heimdal\HeimdalSecureDNS\DnsService.exe [88064 2016-07-26] (Microsoft) [Bestand niet getekend]
S3 HeimdalService; C:\Program Files\Heimdal\Service\HeimdalAgentService.exe [162816 2016-07-26] (CSIS Security Group) [Bestand niet getekend]
S4 HttpAnalyzerV7 DllInjectService; C:\Program Files\IEInspector\HTTPAnalyzerFullV7\InjectWinSockServiceV7.exe [481600 2013-02-24] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Bestand niet getekend]
S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [Bestand niet getekend]
S4 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [722616 2011-08-08] (iolo technologies, LLC)
S3 ksu; C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [Bestand niet getekend]
S4 LtcyCfgSvc; C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe [5120 2005-12-26] () [Bestand niet getekend]
S3 MalwareDefenderService; c:\program files\malware defender\mdservice.exe [90968 2012-01-10] (360.cn)
S4 mmsminisrv; C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
S4 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [6041600 2009-08-18] () [Bestand niet getekend]
S4 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [10240 2012-08-27] (SeriousBit) [Bestand niet getekend]
S3 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-05-19] (Nitro PDF Software)
S3 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [392712 2014-05-19] ()
S4 NMSAccess; C:\Program Files\Blaze Media Pro\NMSAccess32.exe [71096 2009-01-12] ()
R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12656 2012-11-08] ()
S3 Quarri Launch Helper; C:\Program Files\Quarri Launch Helper\Quarri Launch Helper.exe [469048 2017-07-31] (Quarri Technologies, Inc.)
S3 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2346992 2017-07-24] (IBM Corp.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1\RpcAgentSrv.exe [72344 2015-01-24] (SiSoftware) [Bestand niet getekend]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154760 2017-06-05] (Sandboxie Holdings, LLC)
S3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SmcService; C:\Program Files\Sygate\SPF\smc.exe [2635472 2005-09-27] (Sygate Technologies, Inc.)
S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-04-16] ()
S3 syncDriver Service; C:\Documents and Settings\Administrator\Local Settings\Application Data\syncDriver\SyncDriver.Service.exe [17408 2016-02-05] (SyncDriver) [Bestand niet getekend]
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567008 2014-12-20] (Mister Group)
S4 TVService; C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe [212992 2012-04-10] (Team MediaPortal) [Bestand niet getekend]
S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [65680 2008-06-03] (Ulead Systems, Inc.)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [Bestand niet getekend]
S3 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [87256 2015-06-24] (VMware, Inc.)
S3 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [359128 2015-06-24] (VMware, Inc.)
S3 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624 2014-08-21] (VMware, Inc.)
S3 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [437976 2015-06-24] (VMware, Inc.)
S3 vmware-converter-agent; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [482008 2015-08-17] (VMware, Inc.)
S3 vmware-converter-server; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [482008 2015-08-17] (VMware, Inc.)
S3 vmware-converter-worker; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [482008 2015-08-17] (VMware, Inc.)
S4 VMwareHostd; C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe [14400728 2015-06-24] ()
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [79384 2015-12-02] (VoodooSoft, LLC)
S3 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.225\WsAppService.exe [460288 2017-05-05] (Wondershare) [Bestand niet getekend]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S4 wuauserv; C:\WINDOWS\system32\wuauserv.dll [X]

===================== Drivers (gefilterd) ======================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 anvsnddrv; C:\WINDOWS\System32\drivers\anvsnddrv.sys [32896 2015-05-21] (AnvSoft Inc.) [Bestand niet getekend]
S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26032 2016-01-12] (Wondershare)
S3 appliand; C:\WINDOWS\System32\DRIVERS\appliand.sys [28256 2010-06-24] (Applian Technologies Inc.)
R3 appliandMP; C:\WINDOWS\System32\DRIVERS\appliand.sys [28256 2010-06-24] (Applian Technologies Inc.)
S4 ASTRA32; C:\Program Files\ASTRA32\ASTRA32.sys [30864 2007-02-22] (Licensed for Sysinfo Lab)
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [7875072 2014-01-07] (ATI Technologies Inc.) [Bestand niet getekend]
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
R3 audiobridge; C:\WINDOWS\System32\DRIVERS\aubridge.sys [22528 2007-07-23] (SoundGenetics) [Bestand niet getekend]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2017-04-11] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 AxtuDrv; C:\WINDOWS\system32\Drivers\AxtuDrv.sys [18696 2016-10-29] (RW-Everything)
R1 bajfkmid; c:\windows\system32\drivers\bajfkmid.sys [258392 2012-01-10] (360.cn)
S3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [35296 2013-10-08] (IVT Corporation)
S3 bmdrvr; C:\WINDOWS\System32\drivers\bmdrvr.sys [55640 2015-03-11] (VMware, Inc.)
S3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [14088 2010-08-18] (IVT Corporation.)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [556200 2013-03-31] (Broadcom Corporation.)
S3 BTCOM; C:\WINDOWS\System32\DRIVERS\btcomport.sys [24872 2014-10-16] (IVT Corporation.)
R3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [44992 2015-07-07] (IVT Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2013-03-31] (Broadcom Corporation.)
R3 BtHidBus; C:\WINDOWS\System32\Drivers\BtHidBus.sys [19112 2014-08-12] (IVT Corporation.)
R3 btkrnl; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [939056 2013-03-31] (Broadcom Corporation.)
R3 BTNetFilter; C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-22] (IVT Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [118440 2013-03-31] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [59688 2013-03-31] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [52984 2013-03-31] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 cFosSpeed; C:\WINDOWS\System32\DRIVERS\cfosspeed.sys [1395112 2015-12-04] (cFos Software GmbH) [Bestand niet getekend]
R1 CGKDarkWatcher; C:\WINDOWS\System32\drivers\CGKDarkWatcher.sys [15128 2016-01-17] ()
S3 cmuda3; C:\WINDOWS\System32\drivers\cmudax3.sys [1486336 2011-03-30] (C-Media Inc) [Bestand niet getekend]
R3 cmudaxp; C:\WINDOWS\System32\drivers\cmudaxp.sys [1758208 2013-04-11] (C-Media Inc) [Bestand niet getekend]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
R2 cpuz132; C:\WINDOWS\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows ® Codename Longhorn DDK provider) [Bestand niet getekend]
R0 cumon; C:\WINDOWS\System32\drivers\cumon.sys [187120 2011-09-05] (Windows ® Win 7 DDK provider)
R0 diskpt; C:\WINDOWS\System32\drivers\diskpt.sys [331320 2015-01-10] (SHADOWDEFENDER.COM)
R0 DKDFM; C:\WINDOWS\System32\drivers\DKDFM.sys [35120 2012-04-05] (Condusiv Technologies)
S3 DKRtWrt; C:\WINDOWS\System32\DRIVERS\DKRtWrt.sys [44496 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\WINDOWS\System32\drivers\DKTLFSMF.sys [85328 2012-07-09] (Condusiv Technologies)
S3 efavdrv; C:\WINDOWS\system32\drivers\efavdrv.sys [115008 2017-05-25] (ESET)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] () [Bestand niet getekend]
R1 epp32; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp32.sys [114200 2017-07-05] (Emsisoft GmbH)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] () [Bestand niet getekend]
R0 Evdd; C:\WINDOWS\System32\drivers\evdd.sys [16360 2011-09-05] ()
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [21592 2011-04-18] ()
R1 FileDisk; C:\WINDOWS\system32\Drivers\FileDisk.sys [9341 2010-06-29] (iolo technologies, LLC (based on original work by Bo Brantén)) [Bestand niet getekend]
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [249184 2016-09-26] (Acronis International GmbH)
S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [Bestand niet getekend]
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [Bestand niet getekend]
S4 GRABSTER250; C:\WINDOWS\System32\DRIVERS\GRABSTER250.SYS [114432 2004-11-11] ()
R1 GUSBootStartup; C:\WINDOWS\System32\drivers\GUSBootStartup.sys [17472 2017-06-06] (Glarysoft Ltd)
R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [43968 2014-08-21] (VMware, Inc.)
S4 hcwPP2; C:\WINDOWS\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2017-07-19] (REALiX™)
S3 itchfltr; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [12640 2002-11-15] (Logitech, Inc.)
R3 IvtAudioBusSrv; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [23288 2012-12-24] (IVT Corporation.)
R3 IvtComBusSrv; C:\WINDOWS\System32\Drivers\btcombus.sys [22624 2014-05-06] (IVT Corporation.)
R3 IvtPanBusSrv; C:\WINDOWS\System32\Drivers\btnetBus.sys [27256 2012-12-24] (IVT Corporation.)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [211536 2015-08-18] (QFX Software Corporation)
S3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [63088 2010-08-24] (Atheros Communications, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-07-23] (Lavasoft AB)
R3 LGBusEnum; C:\WINDOWS\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\System32\DRIVERS\LGSHidFilt.Sys [42480 2013-01-17] (Logitech Inc.)
R3 LGVirHid; C:\WINDOWS\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
S3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37887 2003-12-17] (Logitech, Inc.) [Bestand niet getekend]
R3 LtcyCfgWDM; C:\WINDOWS\System32\DRIVERS\LtcyCfgWDM.sys [6656 2005-12-26] () [Bestand niet getekend]
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [38416 2015-06-18] (Logitech, Inc.)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [Bestand niet getekend]
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
R3 Nbdrv; C:\WINDOWS\System32\DRIVERS\nbdrv.sys [31016 2011-05-18] (SeriousBit)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
S3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2010-05-08] (NewTech Infosystems, Inc.) [Bestand niet getekend]
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-09-07] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-09-07] (Microsoft Corporation)
R2 osaio; C:\WINDOWS\system32\drivers\osaio.sys [7296 2010-11-21] (OSA Technologies, An Avocent Company) [Bestand niet getekend]
S3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2006-03-29] (Padus, Inc.) [Bestand niet getekend]
R1 prio; C:\WINDOWS\System32\drivers\prio.sys [54128 2012-11-08] (Xeno)
R2 PStrip; C:\WINDOWS\System32\drivers\pstrip.sys [27992 2007-07-15] (EnTech Taiwan)
S3 ptun0901; C:\WINDOWS\System32\DRIVERS\ptun0901.sys [35288 2015-03-03] (The OpenVPN Project)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [203040 2017-07-24] (IBM Corp.)
R1 RapportCerberus_1804068; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804068.sys [836904 2017-08-19] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [334912 2017-07-24] (IBM Corp.)
S3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [414432 2017-07-24] (IBM Corp.)
S3 RegGuard; C:\WINDOWS\system32\Drivers\regguard.sys [24416 2014-02-22] (Greatis Software)
S3 rspSanity; C:\WINDOWS\System32\DRIVERS\rspSanity32XP.sys [27232 2012-10-29] (Resplendence Software Projects Sp.)
S3 RTLTEAMING; C:\WINDOWS\System32\DRIVERS\RTLTEAMING.SYS [34208 2011-06-15] (Realtek Semiconductor Corporation)
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [17664 2011-06-15] (Realtek Semiconductor Corporation )
S3 RTLVLANMP; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [17664 2011-06-15] (Realtek Semiconductor Corporation )
R2 RtNdPt5x; C:\WINDOWS\System32\DRIVERS\RtNdPt5x.sys [27424 2011-06-15] (Realtek Semiconductor Corporation )
S3 SaiH8000; C:\WINDOWS\System32\DRIVERS\SaiH8000.sys [132232 2000-01-01] (Saitek)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1\WNt500x86\Sandra.sys [23112 2015-01-24] (SiSoftware)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [172184 2017-08-12] (Sandboxie Holdings, LLC) [Bestand niet getekend]
S3 SE2Ebus; C:\WINDOWS\System32\DRIVERS\SE2Ebus.sys [61600 2006-05-01] (MCCI) [Bestand niet getekend]
S3 SE2Emdfl; C:\WINDOWS\System32\DRIVERS\SE2Emdfl.sys [9360 2006-05-01] (MCCI) [Bestand niet getekend]
S3 SE2Emdm; C:\WINDOWS\System32\DRIVERS\SE2Emdm.sys [97184 2006-05-01] (MCCI) [Bestand niet getekend]
S3 SE2Emgmt; C:\WINDOWS\System32\DRIVERS\SE2Emgmt.sys [88688 2006-05-01] (MCCI) [Bestand niet getekend]
S3 se2End5; C:\WINDOWS\System32\DRIVERS\se2End5.sys [18704 2006-05-01] (MCCI) [Bestand niet getekend]
S3 SE2Eobex; C:\WINDOWS\System32\DRIVERS\SE2Eobex.sys [86560 2006-05-01] (MCCI) [Bestand niet getekend]
S3 se2Eunic; C:\WINDOWS\System32\DRIVERS\se2Eunic.sys [90800 2006-05-01] (MCCI) [Bestand niet getekend]
S3 sfng32; C:\WINDOWS\System32\drivers\sfng32.sys [41728 2005-12-02] (Sonic Focus, Inc) [Bestand niet getekend]
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX32.sys [143376 2017-06-14] (Ray Hinchliffe)
R3 SMBios; C:\WINDOWS\System32\DRIVERS\SMBios.sys [36484 2003-11-03] (Intel Corporation) [Bestand niet getekend]
S3 smbusp; C:\WINDOWS\System32\DRIVERS\intelsmb.sys [21248 2005-03-15] (Intel Corporation) [Bestand niet getekend]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2012-09-02] () [Bestand niet getekend]
R1 SPVDPort; C:\WINDOWS\System32\DRIVERS\spvdbus.sys [88568 2015-08-28] ()
R1 SPVVEngine; C:\WINDOWS\system32\Drivers\spvve.sys [321016 2015-08-28] ()
S3 SRS_AE_Service; C:\WINDOWS\System32\drivers\SRS_AE_i386.sys [407368 2012-06-21] ()
S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1271032 2008-04-10] (IDT, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2015-03-03] (The OpenVPN Project)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2015-03-22] (Microsoft Corporation) [Bestand niet getekend]
R0 Teefer; C:\WINDOWS\System32\Drivers\Teefer.sys [61008 2005-09-27] (Sygate Technologies, Inc.) [Bestand niet getekend]
S3 TempLog; C:\Program Files\Hard Disk Sentinel\HDSentinel.sys [10200 2015-08-24] ()
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [802656 2016-09-26] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [150872 2016-09-26] (Acronis International GmbH)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2010-11-01] (Acronis)
S3 tnd; C:\WINDOWS\System32\DRIVERS\tnd.sys [409432 2016-09-26] (Acronis International GmbH)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2016-02-04] ()
R0 TWZDISK; C:\WINDOWS\System32\Drivers\TWZDISK.sys [65552 2016-02-18] (Toolwiz.com)
R1 TWZFILE; C:\WINDOWS\system32\Drivers\TWZFILE.sys [31888 2016-02-18] (Toolwiz.com)
S3 ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.) [Bestand niet getekend]
S3 vhhcd; C:\WINDOWS\System32\DRIVERS\vhhcd.sys [18760 2016-01-01] (VirtualHere Pty. Ltd.)
S3 vhhub; C:\WINDOWS\System32\DRIVERS\vhhub.sys [54088 2016-01-01] (VirtualHere Pty. Ltd.)
R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [116000 2013-10-19] (Acronis International GmbH)
R0 vidsflt; C:\WINDOWS\System32\DRIVERS\vidsflt.sys [85280 2013-10-19] (Acronis International GmbH)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [211800 2016-09-26] (Acronis International GmbH)
R3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [26456 2015-06-24] (VMware, Inc.)
S3 VMnetAdapter; C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys [17104 2015-06-24] (VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys [35032 2015-06-24] (VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26968 2015-06-24] (VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [66136 2015-06-24] (VMware, Inc.)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\WINDOWS\System32\drivers\vstor2-mntapi20-shared.sys [23632 2013-08-28] (VMware, Inc.)
R2 wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [14944 2005-09-27] (Sygate Technologies, Inc.)
R2 wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [14944 2005-09-27] (Sygate Technologies, Inc.)
R2 wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [14944 2005-09-27] (Sygate Technologies, Inc.)
R2 wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [14944 2005-09-27] (Sygate Technologies, Inc.)
R1 wpsdrvnt; C:\WINDOWS\system32\drivers\wpsdrvnt.sys [21075 2005-09-27] (Sygate Technologies, Inc.) [Bestand niet getekend]
R3 ALSysIO; \??\C:\TemP\ALSysIO.sys [X]
U3 DfSdkS; geen ImagePath
S3 esihdrv; \??\C:\TemP\esihdrv.sys [X]
S4 hpt3xx; geen ImagePath
U5 P3; C:\Windows\System32\Drivers\P3.sys [46848 2008-04-14] (Microsoft Corporation)
U4 Partizan; system32\drivers\Partizan.sys [X]
U3 SAAppCtl; geen ImagePath
U3 saappsvc; geen ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Bestand niet getekend]
S4 vsdatant;  [X]

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Gemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2017-09-10 20:41 - 2017-09-10 20:41 - 000072815 _____ C:\Documents and Settings\Administrator\Bureaublad\FRST.txt
2017-09-10 20:40 - 2017-09-10 20:40 - 001793024 _____ (Farbar) C:\Documents and Settings\Administrator\Bureaublad\FRST.exe
2017-09-10 10:44 - 2017-09-10 10:44 - 000000048 _____ C:\Documents and Settings\Administrator\Bureaublad\1-4 extract.txt
2017-09-09 10:29 - 2017-09-09 20:10 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\Universe
2017-09-09 09:45 - 2017-09-09 09:45 - 000000092 _____ C:\Documents and Settings\Administrator\Bureaublad\link uittesten.txt
2017-09-09 09:16 - 2017-09-09 09:16 - 118471328 _____ C:\Documents and Settings\Administrator\Bureaublad\Europese Heraut.pdf
2017-09-08 11:29 - 2017-09-08 11:29 - 000002068 _____ C:\Documents and Settings\Administrator\Bureaublad\Episode 10.lnk
2017-09-07 21:57 - 2017-09-07 21:57 - 000000000 __RHD C:\Documents and Settings\Administrator\Onlangs geopend
2017-09-07 17:50 - 2017-09-09 10:49 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\BIOS
2017-09-07 16:42 - 2017-09-07 16:42 - 000001416 _____ C:\Documents and Settings\Administrator\Bureaublad\06 - Thailand.lnk
2017-09-06 13:31 - 2017-09-06 13:36 - 000000206 _____ C:\Documents and Settings\Administrator\Bureaublad\zout inname tijdens fitness.txt
2017-09-06 13:30 - 2017-09-06 13:30 - 000000342 _____ C:\Documents and Settings\Administrator\Bureaublad\Zout kopen.txt
2017-09-06 13:05 - 2017-09-06 13:05 - 000000000 _____ C:\Documents and Settings\Administrator\Bureaublad\extra zout bij warme maaltijden van Di-Vrij.txt
2017-09-03 09:49 - 2017-09-03 09:49 - 000000000 _____ C:\Documents and Settings\Administrator\Bureaublad\liefde in de digiteek.txt
2017-09-03 09:14 - 2017-09-03 09:46 - 000000054 _____ C:\Documents and Settings\Administrator\Bureaublad\Kratom gekocht.txt
2017-09-02 16:30 - 2017-09-02 16:30 - 000959537 _____ C:\Documents and Settings\Administrator\Bureaublad\pestudio.zip
2017-09-02 15:09 - 2017-09-02 15:09 - 000000032 _____ C:\Documents and Settings\Administrator\Bureaublad\Online Translater.txt
2017-09-02 11:23 - 2017-09-02 11:23 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\F-Secure
2017-09-02 09:33 - 2017-09-02 13:47 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\Crystal-  Bill2 legen
2017-09-01 17:38 - 2017-09-01 17:39 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\windmeter
2017-08-31 19:32 - 2017-09-07 16:58 - 000000753 _____ C:\Documents and Settings\Administrator\Bureaublad\TweakTown's Ultimate Windows SSD Performance Installation Guide.txt
2017-08-29 11:12 - 2017-09-01 11:59 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Resveratrol
2017-08-29 10:39 - 2017-08-29 10:40 - 000001553 _____ C:\Documents and Settings\Administrator\Bureaublad\UserAgent.lnk
2017-08-29 10:10 - 2017-08-29 10:10 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\auto youtube werkt niet meer
2017-08-28 22:28 - 2017-09-02 21:13 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\MzRta
2017-08-28 18:15 - 2015-05-29 09:43 - 000303744 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-08-28 16:57 - 2017-08-28 16:57 - 000000023 _____ C:\Documents and Settings\Administrator\Bureaublad\vis in glas.txt
2017-08-27 18:07 - 2017-09-03 10:39 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\B12
2017-08-27 16:24 - 2017-08-27 16:26 - 000000031 _____ C:\Documents and Settings\Administrator\Bureaublad\vis stomen.txt
2017-08-27 10:59 - 2017-09-06 13:01 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\vis-krill-algen olie
2017-08-26 14:48 - 2017-08-26 14:48 - 000000219 _____ C:\Documents and Settings\Administrator\Bureaublad\Keepwires from getting tangled.txt
2017-08-26 09:10 - 2017-08-26 09:10 - 000000172 _____ C:\Documents and Settings\Administrator\Bureaublad\Airsain Eersel.txt
2017-08-25 11:08 - 2017-08-27 10:26 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\Cortisol verlagende voeding
2017-08-23 21:46 - 2017-08-23 21:47 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Klachten
2017-08-23 15:36 - 2017-08-23 15:36 - 000000219 _____ C:\Documents and Settings\Administrator\Bureaublad\Jodium Samen met C.txt
2017-08-23 10:52 - 2017-09-08 10:44 - 000000866 _____ C:\Documents and Settings\Administrator\Bureaublad\To Do.txt
2017-08-22 09:58 - 2017-09-02 11:26 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\gedragsbewaking Emsi staat UIT
2017-08-20 15:17 - 2017-08-20 15:17 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Eindverslag_Kevin_Zanders
2017-08-19 16:52 - 2017-08-26 14:41 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\RequestPolicy & NoScript INFO
2017-08-19 14:55 - 2017-08-19 14:55 - 000000162 ____H C:\Documents and Settings\Administrator\Mijn documenten\~$WORD.dotx
2017-08-19 14:25 - 2017-08-19 15:45 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\QuarriAgent_tmp
2017-08-19 14:24 - 2017-08-19 14:24 - 000000000 ____D C:\Program Files\Quarri Launch Helper
2017-08-19 14:24 - 2017-08-19 14:24 - 000000000 ____D C:\Documents and Settings\All Users\Menu Start\Programma's\Quarri Agent
2017-08-19 11:10 - 2017-08-31 10:55 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Secure Online Banking
2017-08-19 10:11 - 2017-08-19 10:11 - 000000000 ____D C:\Documents and Settings\Default User\Application Data\Mozilla
2017-08-16 15:33 - 2017-08-16 15:33 - 000002600 _____ C:\Documents and Settings\Administrator\Bureaublad\Potentiate Kratom Foods.lnk
2017-08-14 20:17 - 2017-09-09 09:55 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Website NIET - VERKEERD weergegeven weergegeven
2017-08-13 11:34 - 2017-08-13 11:34 - 000000000 ____D C:\Program Files\CoolUtils
2017-08-13 11:34 - 2017-08-13 11:34 - 000000000 ____D C:\Documents and Settings\All Users\Menu Start\Programma's\CoolUtils
2017-08-13 11:34 - 2017-08-13 11:34 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Softplicity
2017-08-12 18:48 - 2017-09-10 20:41 - 000000000 ____D C:\FRST
2017-08-12 17:57 - 2017-08-12 18:18 - 000000000 ____D C:\Program Files\Malware Defender
2017-08-12 17:57 - 2012-01-10 05:21 - 000258392 ____N (360.cn) C:\WINDOWS\system32\Drivers\bajfkmid.sys
2017-08-12 14:25 - 2017-08-12 14:25 - 000000000 ____D C:\Device
2017-08-12 14:01 - 2017-08-12 14:01 - 000001907 _____ C:\Documents and Settings\Administrator\Bureaublad\info links sandbox.lnk
2017-08-12 13:43 - 2017-09-02 11:26 - 000002900 _____ C:\WINDOWS\Sandboxie.ini
2017-08-12 13:42 - 2017-08-14 19:54 - 000000000 ____D C:\Program Files\Sandboxie
2017-08-12 13:36 - 2017-08-12 13:36 - 000001426 _____ C:\Documents and Settings\Administrator\Bureaublad\Sandboxie.lnk
2017-08-12 08:58 - 2017-08-12 08:58 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\JAM Software
2017-08-12 08:50 - 2017-08-12 08:50 - 000000000 ____D C:\Documents and Settings\Administrator\Menu Start\Programma's\TreeSize
2017-08-11 14:28 - 2017-08-11 14:28 - 000001703 _____ C:\Documents and Settings\All Users\Menu Start\Programma's\Nitro Pro 9.lnk

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2017-09-10 20:41 - 2012-06-18 16:45 - 000000000 ____D C:\TemP
2017-09-10 20:41 - 2008-03-07 12:24 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad
2017-09-10 20:39 - 2008-03-08 21:25 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2017-09-10 20:34 - 2016-06-28 11:25 - 000000940 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-09-10 17:28 - 2017-07-11 15:06 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\VoodooShield
2017-09-10 17:28 - 2017-07-05 13:25 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-09-10 17:28 - 2017-06-30 13:41 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-09-10 17:28 - 2016-11-22 11:26 - 000000000 ____D C:\Program Files\Core Temp
2017-09-10 17:28 - 2015-07-28 14:43 - 000001501 _____ C:\WINDOWS\system32\bscs.ini
2017-09-10 17:28 - 2014-07-12 22:50 - 000000000 ____D C:\Program Files\SpeedFan
2017-09-10 17:28 - 2008-03-07 12:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-10 17:28 - 2008-03-07 12:16 - 000000000 ____D C:\WINDOWS\Registration
2017-09-10 17:27 - 2017-06-02 11:44 - 000006250 _____ C:\WINDOWS\system32\LOCALSERVICE.INI
2017-09-10 17:27 - 2017-05-30 14:17 - 000032558 _____ C:\WINDOWS\SchedLgU.Txt
2017-09-10 17:27 - 2016-08-24 23:15 - 000000012 _____ C:\WINDOWS\CUAppUsage.Dat
2017-09-10 17:27 - 2014-08-06 17:35 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Everything
2017-09-10 17:27 - 2008-03-07 12:24 - 000000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-09-10 17:26 - 2017-06-02 11:44 - 000000101 _____ C:\WINDOWS\system32\LOCALDEVICE.INI
2017-09-10 17:26 - 2013-08-30 19:30 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2017-09-10 16:29 - 2017-06-02 13:53 - 000000307 _____ C:\WINDOWS\system32\REMOTEDEVICE.INI
2017-09-10 11:24 - 2008-03-07 12:24 - 000000000 ____D C:\Documents and Settings\Administrator\Mijn documenten
2017-09-10 11:14 - 2017-04-30 08:54 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2017-09-10 10:56 - 2015-06-21 19:50 - 000009978 _____ C:\Documents and Settings\Administrator\Bureaublad\huidige bestelling.txt
2017-09-10 10:27 - 2017-06-30 13:41 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2017-09-09 21:47 - 2016-06-28 11:34 - 000001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-09-09 21:47 - 2008-03-07 12:17 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-09 19:31 - 2008-03-09 20:54 - 000000000 ____D C:\Program Files\CCleaner
2017-09-09 19:28 - 2012-05-05 21:50 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2017-09-09 18:44 - 2013-07-30 20:34 - 000000000 ____D C:\Program Files\Hard Disk Sentinel
2017-09-09 16:50 - 2015-04-02 19:15 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\dagelijks te onthouden tips
2017-09-09 16:49 - 2017-05-17 11:52 - 000000755 _____ C:\Documents and Settings\Administrator\Bureaublad\Detoxified Iodine - 5drups s'morgens met solé.txt
2017-09-08 22:41 - 2008-03-08 22:59 - 000065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-09-08 17:02 - 2016-09-22 20:11 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\TuinWerk
2017-09-08 13:41 - 2008-03-07 12:23 - 000000188 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2017-09-08 13:07 - 2008-03-15 21:01 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-07 21:57 - 2008-03-07 12:24 - 000000000 ____D C:\Documents and Settings\Administrator
2017-09-07 17:02 - 2008-03-07 13:10 - 001336946 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-07 17:02 - 2001-09-07 14:00 - 000603852 _____ C:\WINDOWS\system32\perfh013.dat
2017-09-07 17:02 - 2001-09-07 14:00 - 000122616 _____ C:\WINDOWS\system32\perfc013.dat
2017-09-07 16:55 - 2017-05-24 10:21 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\TO DO
2017-09-07 16:54 - 2017-07-15 17:26 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Uit te testen op KLOON
2017-09-07 15:06 - 2013-06-22 21:31 - 000000000 ___RD C:\Tijdelijke internetbestanden
2017-09-06 23:08 - 2010-12-24 00:40 - 000065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-09-06 23:08 - 2010-12-24 00:40 - 000065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-09-06 23:08 - 2008-07-21 17:32 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2017-09-06 21:36 - 2009-07-18 18:44 - 000000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2017-09-06 21:36 - 2009-07-18 18:43 - 000000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2017-09-06 13:32 - 2015-12-24 17:08 - 000000000 ____D C:\Documents and Settings\Administrator\Mijn documenten\Calibrebibliotheek
2017-09-06 09:21 - 2014-02-27 19:15 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\AutoSizer
2017-09-05 15:36 - 2014-08-06 00:20 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Nitro PDF
2017-09-05 15:36 - 2010-02-08 23:46 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\SolidDocuments
2017-09-05 13:44 - 2013-11-12 18:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2017-09-05 13:12 - 2011-02-11 17:46 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\HD Tune Pro
2017-09-05 09:09 - 2016-11-18 11:12 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Backups
2017-09-04 21:10 - 2014-06-29 17:44 - 000000000 ____D C:\Program Files\Registry Workshop
2017-09-03 16:47 - 2016-06-19 16:05 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Ingredients You Need to Avoid
2017-09-03 09:44 - 2008-03-20 02:18 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2017-09-02 19:44 - 2009-12-25 22:50 - 000001184 _____ C:\Documents and Settings\Administrator\Bureaublad\Online Movie.txt
2017-09-02 15:25 - 2017-06-07 12:21 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\grote maatschappelijke verschuiving
2017-09-02 13:42 - 2008-03-08 13:02 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Start proces
2017-09-02 11:17 - 2017-04-29 14:43 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Metadefender-Local
2017-09-02 09:48 - 2016-08-21 15:23 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\GEZONDHEID artikels plaatsen
2017-09-01 14:19 - 2013-12-20 23:53 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\PC tipss
2017-08-31 19:03 - 2016-05-08 11:00 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\PhrozenWinja
2017-08-31 17:13 - 2014-01-01 20:04 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\WinPatrol
2017-08-30 21:39 - 2017-06-21 11:30 - 000000000 ____D C:\Program Files\Kaspersky Lab
2017-08-30 21:39 - 2017-06-21 11:30 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2017-08-30 21:39 - 2017-06-21 11:29 - 000000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab Setup Files
2017-08-30 21:39 - 2016-08-24 13:33 - 000000000 ___RD C:\Sandbox
2017-08-30 21:39 - 2008-03-07 13:09 - 000000000 ____D C:\Documents and Settings\All Users\Menu Start\Programma's
2017-08-30 21:06 - 2008-03-08 17:30 - 000001573 _____ C:\Documents and Settings\All Users\Menu Start\Programmatoegang en -instellingen.lnk
2017-08-30 12:49 - 2016-10-29 19:25 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Gezondheid te doen
2017-08-30 12:48 - 2016-03-21 16:49 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Bestellingen
2017-08-30 10:24 - 2016-10-02 11:36 - 000000242 _____ C:\WINDOWS\IE4 Error Log.txt
2017-08-29 11:01 - 2017-08-01 13:06 - 000000935 _____ C:\Documents and Settings\Administrator\Bureaublad\recipes 2.txt
2017-08-28 17:02 - 2017-04-04 10:54 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\Auto
2017-08-26 14:57 - 2010-12-19 17:33 - 000000000 ____D C:\+ AB
2017-08-26 14:04 - 2015-10-05 15:44 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\AB FF OP
2017-08-26 13:39 - 2013-12-26 19:14 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\Veranderen van virusscanner
2017-08-26 13:29 - 2010-12-08 20:49 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\live fouten
2017-08-26 10:45 - 2017-06-30 14:05 - 052428800 _____ C:\Documents and Settings\Administrator\Mijn documenten\Data Safe.avgfv
2017-08-26 10:42 - 2016-08-19 21:21 - 000066995 _____ C:\WINDOWS\cFosSpeed_Setup_Log.txt
2017-08-25 10:54 - 2017-01-06 16:25 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\The Best - voor nu
2017-08-24 17:08 - 2017-02-25 17:06 - 000000000 ____D C:\Documents and Settings\Administrator\Downloads\complete
2017-08-24 17:08 - 2016-12-21 14:04 - 000000000 ____D C:\Documents and Settings\Administrator\Downloads\incomplete
2017-08-23 13:25 - 2016-03-01 18:35 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\iPhone
2017-08-22 14:33 - 2014-04-17 22:43 - 000000000 ____D C:\Program Files\Avant Browser
2017-08-22 14:31 - 2008-06-23 17:35 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Apple Computer
2017-08-21 19:59 - 2013-01-16 20:59 - 000000000 ____D C:\+ FireFox
2017-08-19 22:50 - 2008-03-07 12:23 - 000000188 ___SH C:\Documents and Settings\NetworkService\ntuser.ini
2017-08-19 15:47 - 2012-07-11 21:04 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-08-19 15:15 - 2016-11-20 13:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-19 10:11 - 2017-03-16 17:11 - 000000000 ____D C:\Documents and Settings\All Users\Menu Start\Programma's\Trusteer Eindpuntbeveiliging
2017-08-19 09:31 - 2017-08-10 12:00 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\Pompoen
2017-08-19 09:28 - 2017-03-15 16:11 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\recipes
2017-08-19 09:28 - 2015-04-02 19:20 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\kooktips
2017-08-15 16:45 - 2017-05-16 08:54 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\Justi-In-Health
2017-08-14 20:58 - 2008-03-07 13:06 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2017-08-13 13:59 - 2012-04-08 16:56 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Series
2017-08-13 12:06 - 2015-08-15 11:30 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\VMware
2017-08-12 18:19 - 2008-03-07 13:09 - 000000000 ____D C:\Documents and Settings\All Users\Bureaublad
2017-08-12 11:26 - 2017-07-04 12:51 - 000000000 ___RD C:\Documents and Settings\Administrator\Bureaublad\Video - Site downloaders
2017-08-12 08:50 - 2013-10-04 02:26 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2017-08-12 08:50 - 2008-03-07 12:24 - 000000000 ____D C:\Documents and Settings\Administrator\Menu Start\Programma's
2017-08-11 09:53 - 2017-03-25 17:15 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\Sups
2017-08-11 09:53 - 2017-03-25 17:14 - 000000000 ____D C:\Documents and Settings\Administrator\Bureaublad\Sport

==================== Bestanden in de root van sommige mappen =======

2013-04-18 10:59 - 2013-04-18 10:59 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2014-12-12 23:48 - 2014-12-12 23:48 - 000000116 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFXVwer.log
2011-09-08 21:20 - 2012-05-07 18:09 - 000000601 _____ () C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
2016-02-07 17:56 - 2016-02-07 17:57 - 000132166 _____ () C:\Documents and Settings\Administrator\Application Data\CleanUp!.log
2012-05-30 23:38 - 2015-08-25 21:47 - 000001043 _____ () C:\Documents and Settings\Administrator\Application Data\coreavc.ini
2017-07-15 17:43 - 2017-07-15 17:43 - 000000635 _____ () C:\Documents and Settings\Administrator\Application Data\NetworkScanner.ini
2012-12-11 00:15 - 2017-06-21 21:47 - 000005820 _____ () C:\Documents and Settings\Administrator\Application Data\prio.ini
2015-01-24 00:50 - 2017-06-24 18:11 - 014041088 _____ () C:\Documents and Settings\Administrator\Application Data\Sandra.mdb
2013-03-30 20:11 - 2013-03-30 20:11 - 000003555 _____ () C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
2009-04-09 15:21 - 2009-04-09 15:21 - 000000760 _____ () C:\Documents and Settings\Administrator\Application Data\setup_ldm.iss
2009-12-25 15:55 - 2009-07-07 16:16 - 000076407 _____ () C:\Documents and Settings\Administrator\Application Data\Smiley.ico
2016-01-01 17:50 - 2016-01-01 17:57 - 000000199 _____ () C:\Documents and Settings\Administrator\Application Data\vhui.ini
2011-09-08 16:56 - 2011-09-10 15:00 - 000001185 _____ () C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
2012-08-24 16:54 - 2012-08-24 16:54 - 000000022 ___SH () C:\Documents and Settings\Administrator\Application Data\Windows1569_SettingsRepository.bin
2017-06-18 11:14 - 2017-06-18 11:14 - 000000600 _____ () C:\Documents and Settings\Administrator\Application Data\winscp.rnd
2013-11-28 19:18 - 2013-11-28 19:18 - 000000018 _____ () C:\Documents and Settings\Administrator\Application Data\Microsoft\FileMark16.dll
2015-02-20 00:46 - 2015-02-20 00:46 - 000000038 ___SH () C:\Documents and Settings\Administrator\Local Settings\Application Data\69ff07055291669bb2b218.72821112
2014-01-13 23:38 - 2017-08-28 18:29 - 000000000 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
2014-01-13 23:38 - 2017-08-28 18:29 - 000415435 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
2008-03-08 21:02 - 2017-03-18 14:07 - 000168960 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-11-24 14:22 - 2010-11-24 14:22 - 000000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2016-02-20 14:02 - 2016-02-20 14:03 - 000002145 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HDGraph.log
2013-12-28 19:16 - 2013-12-28 19:16 - 000000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
2010-11-29 01:03 - 2010-11-29 01:03 - 000000123 _____ () C:\Documents and Settings\All Users\Application Data\avalon2.2.ini
2013-12-07 18:10 - 2013-12-08 01:21 - 000000131 _____ () C:\Documents and Settings\All Users\Application Data\LaunchURL.bat
2015-11-24 18:25 - 2015-11-24 18:25 - 000000114 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2015-06-17 01:22 - 2015-06-17 12:24 - 000000716 _____ () C:\Documents and Settings\All Users\Application Data\NanoLog001.log

Bestanden om te verplaatsen of verwijderen:
====================
C:\Documents and Settings\Administrator\favicons.dat
C:\Documents and Settings\Administrator\hsd.exe


Sommige nul byte grootte bestanden/mappen:
==========================
C:\Windows\System32\atioglxx.dll

==================== Bamital & volsnap ======================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend

==================== Eind van FRST.txt ============================



#4 KeZa

KeZa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:01 AM

Posted 10 September 2017 - 01:48 PM

And do you want this installer with the Trojan in it so we can research what the problem is with that?



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:01 AM

Posted 11 September 2017 - 07:45 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [syncDriver] => [X]
HKU\S-1-5-21-1202660629-1547161642-1801674531-500\...\Run: [ASRockXTU] => [X]
ShellExecuteHooks: Geen Naam - {56F9679E-7826-4C84-81F3-532071A8BCC5} -  -> Geen bestand
GroupPolicy: Restrictie - Chrome <==== AANDACHT
GroupPolicy\User: Restrictie ? <==== AANDACHT
GroupPolicyScripts: Restrictie <==== AANDACHT
CHR HKLM\SOFTWARE\Policies\Google: Restrictie <==== AANDACHT
Toolbar: HKU\S-1-5-21-1202660629-1547161642-1801674531-500 -> Geen Naam - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  Geen bestand
Toolbar: HKU\S-1-5-21-1202660629-1547161642-1801674531-500 -> Geen Naam - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} -  Geen bestand
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Profiles\5eo0xa9d.default [niet gevonden] <==== AANDACHT
FF Extension: (FastestTube) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oy8gkeky.default-1358179817609\Extensions\{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}.xpi [2016-03-27]
FF Extension: (User-Agent JS Fixer) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\54qpy45q.pure\Extensions\{086e582e-455b-4289-bfab-e90da7c0558b}.xpi [2017-08-10]
FF Extension: (Add-ons Manager Context Menu) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\amcontextmenu@loucypher.xpi [2017-07-22]
FF Extension: (Google Translator for Firefox) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\translator@zoli.bod.xpi [2017-07-22]
FF Extension: (User-Agent JS Fixer) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{086e582e-455b-4289-bfab-e90da7c0558b}.xpi [2017-07-22]
FF Extension: (FastestTube) - C:\Documents and Settings\Administrator\Application Data\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\fmnsumc2.default\Extensions\{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}.xpi [2017-07-22]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S4 wuauserv; C:\WINDOWS\system32\wuauserv.dll [X]
R3 ALSysIO; \??\C:\TemP\ALSysIO.sys [X]
S3 esihdrv; \??\C:\TemP\esihdrv.sys [X]
U4 Partizan; system32\drivers\Partizan.sys [X]
C:\Windows\System32\atioglxx.dll

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Pleasepost the fixlog.txt and include the Addition.txt file created by the Farbar program.

Let me know what problem persists with this computer.

p.s.
 

And do you want this installer with the Trojan in it so we can research what the problem is with that?


Submit the file to VirusTotal. Let me know what was reported.
And do you want this installer with the Trojan in it so we can research what the problem is with that?

#6 KeZa

KeZa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:01 AM

Posted 11 September 2017 - 08:35 AM

WowWow not so fast nasdaq, here is nothing to fix! I have it here all under control and these registry keys are not fundamental. Everyone has thousand of broken keys, etc. in their OS when that OS is been uses for more then ten years. CCleaner takes the real ones that more or less matter and all the rest is BS. I have here also tuning progs like AVG and Norton and they give me +1000probs with reg. keys and I fix it but it does nothing and I have read articles that 99% of probs that these progs give us are meaningless. But I will check this reg. keys out and I delete them myself with Regworkshop...

 

Also these extensions are no problem. And the rest I will check it out with HijackThis but I see no big problems...

 

And the problem is not that I have here a problem with my pc but the problem is that I cannot find any scanner that find the trojan in the exe. file and that is the real problem. This exe file is +200md great so I cannot upload it to viristotal of metadefender and I want a solution for this unfindable Trojan because when I go to extract it, then my scanner finds it but I want to know WHY no scanner can find it before I went to extract it?



#7 KeZa

KeZa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:01 AM

Posted 11 September 2017 - 09:12 AM

Everything checked out and nothing wrong....  



#8 KeZa

KeZa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:01 AM

Posted 12 September 2017 - 03:08 AM

No one knows how to help me with this please? Or knows anyone where I can go with this problem? 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:01 AM

Posted 12 September 2017 - 09:24 AM

Hi,
 

I have downloaded a program .exe file and I have scanned it with AVG and even the free Kaspersky scanner and they found nothing but when I go to install it, then suddenly AVG & Crystal Security find a trojan ATOS5.GOZ in the exe


If Kaspersky is not finding it AVG may be reporting a false positive. If not then the bad file is embedded in the .exe file you downloaded.

See what this scan will find.

Please download Zemana AntiMalware and save it to your Desktop.
- You need to unzip it and start..
- Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

- Open Zemana AntiMalware again.
- Click on icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.

===

Give me the filename and the link from where it was downloaded.
I'll see what I can find.

#10 KeZa

KeZa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:01 AM

Posted 12 September 2017 - 01:48 PM

yes it's embedded nasdaq. Zemana doesn't find it either! I'm uploading it now and give you the link soon...



#11 KeZa

KeZa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:01 AM

Posted 12 September 2017 - 01:53 PM

https://ufile.io/s9a13



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:01 AM

Posted 13 September 2017 - 08:18 AM

My Flags it as well.

I can only suggest your download the latest Malwarebytes Anti-Ransomware Beta (9)
Link here:
https://forums.malwarebytes.com/topic/177751-introducing-malwarebytes-anti-ransomware-beta/


when the scan is completed then report it to this topic.

https://forums.malwarebytes.com/topic/177810-how-to-report-a-false-positive/
Follow the instructions on this topic.

It may not be a false positive but they have the expertise to check the file.

#13 KeZa

KeZa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:01 AM

Posted 13 September 2017 - 08:47 AM

Hi nasdaq, thnx for looking into it but I do not think I get MBAR working here under Xp sp3. I have tried the other versions and did not work. I will see if the 9 Beta works here but I doubted it. And Acronis seems to have the best Anti-ransom protection but I must try that also. But I'm baffled why no AV scanner can pick this up in the first place...

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:01 AM

Posted 13 September 2017 - 08:52 AM

There are may ways to skin a cat.

#15 KeZa

KeZa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:01 AM

Posted 13 September 2017 - 09:03 AM

Yes but this cat is a little different. It's hard to skin it at the moment...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users