Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is there someone who want to check this Hijack?


  • Please log in to reply
9 replies to this topic

#1 Raymond1985

Raymond1985

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 05 July 2018 - 12:43 PM

Hi there,

 

My name is Raymond.

Is there someone who want to check this Hijack? 

 

Thank you!!

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:37:47, on 5-7-2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
C:\Program Files\AVG\Antivirus\AVGUI.exe
C:\Users\Natascha\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HijackThis (1).exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/HPCON14/8
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - (no file)
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - (no file)
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C75A38D4-E52F-4165-A850-A34BAD48268A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - (no file)
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\AVGSvc.exe
O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
O23 - Service: Kaspersky Anti-Virus Service 18.0.0 (AVP18.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox-update-service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox-update-service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @oem13.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Wireless Bluetooth® 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: Intel® Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\Windows\SysWOW64\irstrtsv.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: klvssbridge64_18.0.0 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe
O23 - Service: Kaspersky Secure Connection Service 2.0.0 (KSDE2.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
 
--
End of file - 12060 bytes

Edited by hamluis, 05 July 2018 - 12:58 PM.
Moved from AV/AM Software to MRA - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 PM

Posted 06 July 2018 - 09:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features.
Use the Farbar Recovery Scan Tool from now on to report problems.
<<<>>>

Download and run these programs.
Post the logs and let me know what problems you are having with this computer.

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Wait for further instructions.
==============================

#3 Raymond1985

Raymond1985
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 08 July 2018 - 05:46 AM

Hi nasdaq,

 

Thank you for your reply. I followed your instructions. Below the logs (are these okay the way I posted them?). I have the problem that my laptop is getting slower and slower. And since a few days Chrome doens't work anymore (I can open it, but after that the screens freezes). Also the ventilator makes a lot of "noise".

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 20.06.2018

Gestart door Natascha (Beheerder) op NATASCHA (08-07-2018 12:20:32)
Gestart vanaf C:\Users\Natascha\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Geladen Profielen: Natascha (Beschikbare Profielen: Natascha)
Platform: Windows 10 Home Versie 1803 17134.112 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Edge)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Farbar) C:\Users\Natascha\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\FRST64 (1).exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393200 2017-10-20] ()
HKLM\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-06-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3752768 2018-06-25] (Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-593707424-3925244902-578900334-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-593707424-3925244902-578900334-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.SCR [322048 2013-02-05] (Microsoft Corporation)
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{60a1b1aa-2750-448e-b0bc-2c05bd179528}: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{874b12eb-181d-4444-b42e-d05cc3fca106}: [DhcpNameServer] 192.168.168.5
Tcpip\..\Interfaces\{C75A38D4-E52F-4165-A850-A34BAD48268A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
Internet Explorer:
==================
HKU\S-1-5-21-593707424-3925244902-578900334-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <==== AANDACHT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-593707424-3925244902-578900334-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.nl/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Geen bestand
 
FireFox:
========
FF DefaultProfile: 3l3avp26.default
FF ProfilePath: C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\Profiles\3l3avp26.default [2018-07-05]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-06-21] [Verouderd] [ niet getekend]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-01-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-01-24] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [Geen bestand]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-593707424-3925244902-578900334-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Natascha\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-26] (Citrix Online)
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-06-23] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [7829784 2018-06-23] (AVG Technologies CZ, s.r.o.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-06-25] (Dropbox, Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-03-10] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [Bestand niet getekend]
R2 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [781280 2013-07-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-01-24] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [Bestand niet getekend]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-05-12] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-05-12] (Microsoft Corporation)
S2 KSDE2.0.0; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe" -r [X]
 
===================== Drivers (gefilterd) ======================
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [189544 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [222288 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [194224 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [339048 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51952 2018-06-23] (AVG Technologies CZ, s.r.o.)
S3 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15352 2018-06-23] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39352 2018-06-23] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [152016 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [104256 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [78352 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1020112 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [455464 2018-06-23] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [203544 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [373944 2018-06-23] (AVG Technologies CZ, s.r.o.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-10] (Intel Corporation)
S3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
S3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [20192 2013-07-29] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2014-01-24] (Intel Corporation)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3530176 2018-03-06] (Intel Corporation)
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-05-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313888 2018-05-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-05-12] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
U3 aspnet_state; geen ImagePath
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.)
 
2018-07-08 12:20 - 2018-07-08 12:20 - 000000000 ____D C:\FRST
2018-07-05 21:42 - 2018-07-05 21:42 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-07-05 21:21 - 2018-07-05 21:23 - 000016130 _____ C:\WINDOWS\system32\kl_uninstall.txt
2018-07-05 21:21 - 2018-07-05 21:23 - 000013994 _____ C:\WINDOWS\SysWOW64\kl_uninstall.txt
2018-07-05 21:21 - 2018-07-05 21:23 - 000000000 ___HD C:\kleaner.tmp
2018-07-04 22:13 - 2018-07-05 19:53 - 000000000 ____D C:\Program Files\Common Files\AV
2018-07-04 22:13 - 2018-07-04 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-07-04 22:12 - 2018-07-05 21:48 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-07-04 21:51 - 2018-07-04 21:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-04 21:38 - 2018-07-04 21:38 - 000000017 _____ C:\Users\Natascha\AppData\Local\resmon.resmoncfg
2018-07-04 21:18 - 2018-07-04 21:20 - 000000000 ____D C:\Users\Natascha\AppData\LocalLow\Mozilla
2018-07-04 21:18 - 2018-07-04 21:18 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-04 21:18 - 2018-07-04 21:18 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-07-04 21:18 - 2018-07-04 21:18 - 000000000 ____D C:\Users\Natascha\AppData\Roaming\Mozilla
2018-07-04 21:18 - 2018-07-04 21:18 - 000000000 ____D C:\Users\Natascha\AppData\Local\Mozilla
2018-07-04 21:18 - 2018-07-04 21:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-04 21:18 - 2018-07-04 21:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-01 14:59 - 2018-07-01 14:59 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-07-01 14:59 - 2018-07-01 14:59 - 000002862 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-07-01 14:59 - 2018-07-01 14:59 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-01 14:59 - 2018-07-01 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-07-01 14:59 - 2018-07-01 14:59 - 000000000 ____D C:\Program Files\CCleaner
2018-07-01 14:52 - 2018-07-01 14:52 - 000000000 ____D C:\Users\Natascha\AppData\Local\D3DSCache
2018-07-01 14:02 - 2018-07-01 20:07 - 000000000 ____D C:\ProgramData\PlugCache
2018-07-01 14:02 - 2018-07-01 14:06 - 000914920 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys.01120598
2018-07-01 14:02 - 2018-07-01 14:02 - 000914920 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys.000063f9
2018-07-01 14:02 - 2018-07-01 14:02 - 000000000 ____D C:\WINDOWS\system32\sstmp
2018-06-27 20:14 - 2018-06-27 20:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-25 19:24 - 2018-06-25 19:24 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-06-25 19:24 - 2018-06-25 19:24 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-06-25 19:24 - 2018-06-25 19:24 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-06-25 19:24 - 2018-06-25 19:24 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-06-24 20:23 - 2018-06-08 21:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-24 20:23 - 2018-06-08 21:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-24 20:23 - 2018-06-08 20:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-24 20:23 - 2018-06-08 20:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-24 20:23 - 2018-06-08 20:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-24 20:23 - 2018-06-08 20:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-24 20:23 - 2018-06-08 18:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-24 20:23 - 2018-06-08 12:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-24 20:23 - 2018-06-08 12:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-24 20:23 - 2018-06-08 11:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-24 20:23 - 2018-06-08 11:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-24 20:23 - 2018-06-08 11:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-24 20:23 - 2018-06-08 11:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-24 20:23 - 2018-06-08 11:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-24 20:23 - 2018-06-08 11:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-24 20:23 - 2018-06-08 11:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-24 20:23 - 2018-06-08 11:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-24 20:23 - 2018-06-08 11:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-24 20:23 - 2018-06-08 11:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-24 20:23 - 2018-06-08 11:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-24 20:23 - 2018-06-08 11:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-24 20:23 - 2018-06-08 11:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-24 20:23 - 2018-06-08 11:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-24 20:23 - 2018-06-08 11:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-24 20:23 - 2018-06-08 11:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-24 20:23 - 2018-06-08 11:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-24 20:23 - 2018-06-08 11:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-24 20:23 - 2018-06-08 11:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-24 20:23 - 2018-06-08 11:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-24 20:23 - 2018-06-08 11:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-24 20:23 - 2018-06-08 11:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-24 20:23 - 2018-06-08 11:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-24 20:23 - 2018-06-08 11:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-24 20:23 - 2018-06-08 11:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-24 20:23 - 2018-06-08 10:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-24 20:23 - 2018-06-08 10:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-24 20:23 - 2018-06-08 10:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-24 20:23 - 2018-06-08 10:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-24 20:23 - 2018-06-08 10:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-24 20:23 - 2018-06-08 10:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-24 20:23 - 2018-06-08 10:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-24 20:23 - 2018-06-06 20:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-24 20:22 - 2018-06-08 21:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-24 20:22 - 2018-06-08 21:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-24 20:22 - 2018-06-08 21:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-24 20:22 - 2018-06-08 21:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-24 20:22 - 2018-06-08 21:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-24 20:22 - 2018-06-08 20:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-24 20:22 - 2018-06-08 20:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-24 20:22 - 2018-06-08 20:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-24 20:22 - 2018-06-08 20:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-24 20:22 - 2018-06-08 20:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-24 20:22 - 2018-06-08 20:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-24 20:22 - 2018-06-08 20:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-24 20:22 - 2018-06-08 20:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-24 20:22 - 2018-06-08 20:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-24 20:22 - 2018-06-08 20:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-24 20:22 - 2018-06-08 20:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-24 20:22 - 2018-06-08 20:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-24 20:22 - 2018-06-08 20:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-24 20:22 - 2018-06-08 20:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-24 20:22 - 2018-06-08 20:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-24 20:22 - 2018-06-08 20:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-24 20:22 - 2018-06-08 20:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-24 20:22 - 2018-06-08 20:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-24 20:22 - 2018-06-08 20:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-24 20:22 - 2018-06-08 20:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-24 20:22 - 2018-06-08 20:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-24 20:22 - 2018-06-08 20:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-24 20:22 - 2018-06-08 20:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-24 20:22 - 2018-06-08 20:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-24 20:22 - 2018-06-08 20:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-24 20:22 - 2018-06-08 20:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-24 20:22 - 2018-06-08 19:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-24 20:22 - 2018-06-08 18:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-24 20:22 - 2018-06-08 18:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-24 20:22 - 2018-06-08 18:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-24 20:22 - 2018-06-08 18:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-24 20:22 - 2018-06-08 18:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-24 20:22 - 2018-06-08 18:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-24 20:22 - 2018-06-08 18:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-24 20:22 - 2018-06-08 18:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-24 20:22 - 2018-06-08 18:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-24 20:22 - 2018-06-08 18:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-24 20:22 - 2018-06-08 18:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-24 20:22 - 2018-06-08 18:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-24 20:22 - 2018-06-08 18:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-24 20:22 - 2018-06-08 18:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-24 20:22 - 2018-06-08 18:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-24 20:22 - 2018-06-08 18:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-24 20:22 - 2018-06-08 18:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-24 20:22 - 2018-06-08 18:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-24 20:22 - 2018-06-08 16:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-24 20:22 - 2018-06-08 16:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-24 20:22 - 2018-06-08 12:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-24 20:22 - 2018-06-08 12:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-24 20:22 - 2018-06-08 12:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-24 20:22 - 2018-06-08 12:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-24 20:22 - 2018-06-08 12:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-24 20:22 - 2018-06-08 12:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-24 20:22 - 2018-06-08 12:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-24 20:22 - 2018-06-08 12:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-24 20:22 - 2018-06-08 11:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-24 20:22 - 2018-06-08 11:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-24 20:22 - 2018-06-08 11:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-24 20:22 - 2018-06-08 11:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-24 20:22 - 2018-06-08 11:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-24 20:22 - 2018-06-08 11:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-24 20:22 - 2018-06-08 11:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-24 20:22 - 2018-06-08 11:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-24 20:22 - 2018-06-08 11:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-24 20:22 - 2018-06-08 11:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-24 20:22 - 2018-06-08 11:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-24 20:22 - 2018-06-08 11:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-24 20:22 - 2018-06-08 11:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-24 20:22 - 2018-06-08 11:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-24 20:22 - 2018-06-08 11:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-24 20:22 - 2018-06-08 11:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-24 20:22 - 2018-06-08 11:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-24 20:22 - 2018-06-08 11:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-24 20:22 - 2018-06-08 11:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-24 20:22 - 2018-06-08 11:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-24 20:22 - 2018-06-08 11:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-24 20:22 - 2018-06-08 11:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-24 20:22 - 2018-06-08 11:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-24 20:22 - 2018-06-08 11:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-24 20:22 - 2018-06-08 11:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-24 20:22 - 2018-06-08 11:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-24 20:22 - 2018-06-08 11:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-24 20:22 - 2018-06-08 11:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-24 20:22 - 2018-06-08 11:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-24 20:22 - 2018-06-08 11:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-24 20:22 - 2018-06-08 11:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-24 20:22 - 2018-06-08 11:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-24 20:22 - 2018-06-08 11:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-24 20:22 - 2018-06-08 11:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-24 20:22 - 2018-06-08 11:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-24 20:22 - 2018-06-08 11:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-24 20:22 - 2018-06-08 11:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-24 20:22 - 2018-06-08 11:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-24 20:22 - 2018-06-08 11:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-24 20:22 - 2018-06-08 11:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-24 20:22 - 2018-06-08 11:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-24 20:22 - 2018-06-08 11:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-24 20:22 - 2018-06-08 11:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-24 20:22 - 2018-06-08 11:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-24 20:22 - 2018-06-08 11:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-24 20:22 - 2018-06-08 11:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-24 20:22 - 2018-06-08 11:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-24 20:22 - 2018-06-08 11:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-24 20:22 - 2018-06-08 11:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-24 20:22 - 2018-06-08 11:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-24 20:22 - 2018-06-08 11:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-24 20:22 - 2018-06-08 11:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-24 20:22 - 2018-06-08 11:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-24 20:22 - 2018-06-08 11:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-24 20:22 - 2018-06-08 11:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-24 20:22 - 2018-06-08 11:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-24 20:22 - 2018-06-08 11:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-24 20:22 - 2018-06-08 11:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-24 20:22 - 2018-06-08 11:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-24 20:22 - 2018-06-08 11:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-24 20:22 - 2018-06-08 11:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-24 20:22 - 2018-06-08 11:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-24 20:22 - 2018-06-08 11:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-24 20:22 - 2018-06-08 11:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-24 20:22 - 2018-06-08 11:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-24 20:22 - 2018-06-08 11:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-24 20:22 - 2018-06-08 11:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-24 20:22 - 2018-06-08 11:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-24 20:22 - 2018-06-08 11:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-24 20:22 - 2018-06-08 11:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-24 20:22 - 2018-06-08 11:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-24 20:22 - 2018-06-08 10:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-24 20:22 - 2018-06-08 10:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-24 20:22 - 2018-06-08 10:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-24 20:22 - 2018-06-08 10:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-24 20:22 - 2018-06-08 10:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-24 20:22 - 2018-06-08 10:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-24 20:22 - 2018-06-08 10:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-24 20:22 - 2018-06-08 10:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-24 20:22 - 2018-06-08 10:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-24 20:22 - 2018-06-08 10:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-24 20:22 - 2018-06-08 10:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-24 20:22 - 2018-06-08 10:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-24 20:22 - 2018-06-08 10:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-24 20:22 - 2018-06-08 10:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-24 20:22 - 2018-06-08 10:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-24 20:22 - 2018-06-08 10:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-24 20:22 - 2018-06-08 10:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-24 20:22 - 2018-06-08 10:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-24 20:22 - 2018-06-08 10:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-24 20:22 - 2018-06-08 10:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-24 20:22 - 2018-06-08 10:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-24 20:22 - 2018-06-08 10:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-24 20:22 - 2018-06-08 10:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-24 20:22 - 2018-06-08 10:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-24 20:22 - 2018-06-08 10:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-24 20:22 - 2018-06-08 10:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-24 20:22 - 2018-06-08 10:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-24 20:22 - 2018-06-08 10:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-24 20:22 - 2018-06-08 10:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-24 20:22 - 2018-06-08 10:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-24 20:22 - 2018-06-08 10:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-24 20:22 - 2018-06-08 10:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-24 20:22 - 2018-06-08 10:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-24 20:22 - 2018-06-08 10:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-24 20:22 - 2018-06-08 10:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-24 20:22 - 2018-06-08 10:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-24 20:22 - 2018-06-08 10:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-24 20:22 - 2018-06-08 10:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-24 20:22 - 2018-06-08 10:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-24 20:22 - 2018-06-08 10:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-24 20:22 - 2018-06-08 10:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-24 20:22 - 2018-06-08 09:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-24 20:22 - 2018-06-06 06:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-24 20:22 - 2018-06-02 01:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-24 20:22 - 2018-06-02 00:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-24 20:22 - 2018-05-25 05:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-23 19:35 - 2018-06-23 19:35 - 000379120 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-06-23 19:35 - 2018-06-23 19:35 - 000015352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.)
 
2018-07-08 12:20 - 2018-05-12 21:26 - 000004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8527066E-A86A-4F9A-953F-DCF3DD675300}
2018-07-08 12:18 - 2018-05-12 21:17 - 001864456 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-08 12:18 - 2018-04-12 18:01 - 000820842 _____ C:\WINDOWS\system32\perfh013.dat
2018-07-08 12:18 - 2018-04-12 18:01 - 000169974 _____ C:\WINDOWS\system32\perfc013.dat
2018-07-08 12:18 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-08 12:18 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-08 12:17 - 2016-11-17 20:01 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-07-08 12:17 - 2015-08-03 21:38 - 000000000 __SHD C:\Users\Natascha\IntelGraphicsProfiles
2018-07-05 21:46 - 2018-05-12 21:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-05 21:45 - 2018-05-30 20:31 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-07-05 21:45 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-05 21:43 - 2017-12-24 19:27 - 000000000 ____D C:\Intel
2018-07-05 21:13 - 2018-05-12 21:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-05 19:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-07-05 19:52 - 2017-04-08 16:13 - 000000000 ____D C:\Users\NULL
2018-07-05 19:52 - 2015-10-30 08:28 - 000000000 ____D C:\Users\Default.migrated
2018-07-05 19:52 - 2015-05-29 11:34 - 000000000 ____D C:\Users\Mcafee test
2018-07-04 22:41 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-07-04 22:36 - 2014-01-24 15:32 - 000000000 ____D C:\WINDOWS\KMSServerService
2018-07-04 22:02 - 2014-01-10 16:16 - 000000000 ____D C:\Users\Natascha\AppData\Local\VirtualStore
2018-07-04 21:52 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-04 21:52 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-04 21:52 - 2017-12-24 19:28 - 000000000 ____D C:\Users\Natascha\AppData\Local\Packages
2018-07-04 21:43 - 2014-01-10 16:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-04 21:32 - 2014-03-12 21:43 - 000000000 ___RD C:\Users\Natascha\Dropbox
2018-07-04 20:39 - 2015-07-30 20:29 - 000000000 ____D C:\ProgramData\ProductData
2018-07-01 15:01 - 2018-05-02 20:57 - 000000000 ___DC C:\WINDOWS\Panther
2018-07-01 15:01 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-01 14:02 - 2018-05-30 20:01 - 000004266 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-06-27 20:15 - 2016-12-25 15:45 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-06-25 20:05 - 2018-05-12 21:15 - 000413280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-25 20:04 - 2018-04-12 18:02 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-25 20:04 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-25 20:04 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-24 20:36 - 2014-01-24 16:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-24 20:26 - 2017-12-10 14:08 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-24 20:25 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-24 20:25 - 2014-01-24 16:57 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-23 19:38 - 2016-05-14 16:22 - 000000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNatascha.job
2018-06-23 19:35 - 2018-05-30 20:39 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000455464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000339048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000222288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000203544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000194224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000189544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000152016 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000104256 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000078352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000051952 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2018-06-23 19:35 - 2018-05-30 20:39 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
 
==================== Bestanden in de root van sommige mappen =======
 
2018-07-04 21:38 - 2018-07-04 21:38 - 000000017 _____ () C:\Users\Natascha\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
 
LastRegBack: 2018-05-12 21:15
 
==================== Eind van FRST.txt ============================
 
Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 20.06.2018
Gestart door Natascha (08-07-2018 12:21:11)
Gestart vanaf C:\Users\Natascha\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Versie 1803 17134.112 (X64) (2018-05-12 19:26:39)
Boot Modus: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-593707424-3925244902-578900334-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-593707424-3925244902-578900334-503 - Limited - Disabled)
Gast (S-1-5-21-593707424-3925244902-578900334-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-593707424-3925244902-578900334-1003 - Limited - Enabled)
Natascha (S-1-5-21-593707424-3925244902-578900334-1001 - Administrator - Enabled) => C:\Users\Natascha
WDAGUtilityAccount (S-1-5-21-593707424-3925244902-578900334-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Geïnstalleerde programma's ======================
 
(Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.)
 
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.5.3059 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{149D912F-03DB-4895-913E-820CB11965C0}) (Version: 16.74.1 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 52.4.60 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - player) (HKU\S-1-5-21-593707424-3925244902-578900334-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP Control Zone (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{5A43A440-C189-4066-BCDF-4B5A73E54DA3}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7051.4593 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{CF3AC67F-EA1E-49FB-9E6B-349C15BC89BA}) (Version: 12.9.24.3 - HP Inc.)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1053 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{D4510363-F639-46BE-8C09-8CC2531896E5}) (Version: 4.2.40.2439 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{E169436E-49D8-419B-A5C0-D245EAF99611}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0 (x64 nl) (HKLM\...\Mozilla Firefox 61.0 (x64 nl)) (Version: 61.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
 
==================== Aangepaste CLSID (gefilterd): ==========================
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-06-23] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Geen bestand
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-06-23] (AVG Technologies CZ, s.r.o.)
 
==================== Geplande Taken (gefilterd) =============
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
Task: {0D3A9CAC-4F5E-40A2-9D43-9F8D0B3AD035} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {1406DC81-FBAF-4BEF-BCE6-B9836FC24A59} - System32\Tasks\{F4866E6D-0432-43BC-B9CF-450DD1EAAF31} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\KMSpico\unins000.exe"
Task: {222C0EBB-1098-45D3-BF56-D142F2A39C0D} - System32\Tasks\{E033FD24-91B3-40B7-B4BA-D78ACAA97F88} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\KMSpico\Service_KMS.exe" -d "C:\Program Files\KMSpico"
Task: {31301AFA-DF01-43A7-BCAE-DB571EA0088D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT
Task: {33751275-7769-4085-898E-EC1950EDBAF6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Geen bestand <==== AANDACHT
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36066949-1D62-4FE1-B067-BE0A40521971} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {45ADEA28-2546-4319-96B4-A41E23241249} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT
Task: {4D685ACA-4949-4A17-9945-685FC7B99872} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Geen bestand <==== AANDACHT
Task: {54C29E67-D11E-416D-BBA7-F5328EB2642C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Geen bestand <==== AANDACHT
Task: {5FBEA519-2E70-4EBE-8185-3B597CD1497A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6A8B7296-62D1-4285-9EC1-6DFDCAFAD373} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {6DC00974-2E74-41BB-BF19-128F3354B74A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-11-21] (HP Inc.)
Task: {74B7F765-ED95-4439-8136-B0C7A0CD2AE4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-06-23] (AVG Technologies CZ, s.r.o.)
Task: {7520DAC1-F628-4029-B61C-FE3DA81FC5A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-11-21] (HP Inc.)
Task: {7C61724B-B865-4F5E-9E34-C3AB09FFFEE2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {8275A835-0166-4AC5-94D2-39FB083CBB05} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT
Task: {85B9E40E-31DD-42AC-97BB-D9ECC9D86069} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-11-21] (HP Inc.)
Task: {8966050B-B81E-41DF-BB18-2874B1DE789A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Geen bestand <==== AANDACHT
Task: {8D87DF63-694A-4C2F-AC09-EBC9FD263F7E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A8F3667E-ADE7-4AB1-9A84-8DAEDE4B44BF} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-07-01] (AVG Technologies CZ, s.r.o.)
Task: {A8F513C0-0EF2-4AC0-AD78-1B3953E01A54} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT
Task: {AFD4737B-6E86-45B9-BD32-DBF2499E6B19} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Geen bestand <==== AANDACHT
Task: {B8AF0011-7B9E-4810-A928-BB4C9BD7386E} - System32\Tasks\Uninstaller_SkipUac_Natascha => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {BA72DF30-FDA6-4E95-9BC1-EBBE6D065F15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {BBB7CFEF-7E69-4D36-87DB-BAF172AA5ABD} - \Microsoft\Windows\UNP\RunCampaignManager -> Geen bestand <==== AANDACHT
Task: {C24F5F5B-2BEE-467C-86EF-7A869476D9ED} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-25] (Dropbox, Inc.)
Task: {D0CB19D2-D2DD-4CC6-BCF1-0C498E4EAD40} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Geen bestand <==== AANDACHT
Task: {DF935D3C-E837-4BBA-967B-EFFB84491AAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {E07F93EC-574B-4F8E-8C85-9C6D15F851AE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E23CE30A-E4F6-4FED-AA25-39B9AA169D4E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.)
Task: {ED9DF32A-2650-4ECB-B1D8-37489E8C4406} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-25] (Dropbox, Inc.)
Task: {EFD1D196-0955-488E-BC8D-263477D163C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Geen bestand <==== AANDACHT
Task: {F2286BB2-79C6-47FA-8BCF-0B84C4FF5738} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {F9F31CE5-8F59-4024-88E7-602DCD51BCCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
 
(Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNatascha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Snelkoppelingen & WMI ========================
 
(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)
 
 
==================== Geladen Modules (gefilterd) ==============
 
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-10-20 17:42 - 2017-10-20 17:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-06-24 20:22 - 2018-06-08 10:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-30 20:29 - 2015-05-20 19:03 - 000622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2014-01-24 17:44 - 2014-01-24 17:44 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-05-30 20:41 - 2018-05-30 20:41 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-06-23 19:35 - 2018-06-23 19:35 - 000481520 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
 
==================== Alternate Data Streams (gefilterd) =========
 
(Als een item is opgenomen in de fixlist, wordt alleen de ADS verwijderd.)
 
AlternateDataStreams: C:\ProgramData\Temp:0C3DB2C7 [127]
 
==================== Veilige Modus (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. De waarde van "AlternateShell" wordt hersteld.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Bestandskoppeling (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd.)
 
 
==================== Internet Explorer vertrouwde/beperkte toegang ===============
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd.)
 
 
==================== Hosts inhoud: ===============================
 
(Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Andere gebieden ============================
 
(Momenteel is er geen automatische fix voor dit onderdeel.)
 
HKU\S-1-5-21-593707424-3925244902-578900334-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Natascha\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{787dd954-f37b-4386-b114-d66c1b27c57e}.jpg
DNS Servers: 192.168.2.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is ingeschakeld.
 
==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-593707424-3925244902-578900334-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"
 
==================== Firewall regels (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
FirewallRules: [{85A937C0-DE2C-4B48-90AC-7E994F6D5236}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5AFB49F0-6030-4ACB-BEF4-2AA58F1BE442}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9AF4C2D4-0B2E-47AB-A40F-65E8C2B6ED1E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3F084325-897E-4EFE-BE59-13659B69F98D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{349B9CE8-FEBA-441C-AAE2-9D193E819500}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DA7E98C8-C717-48AB-9AA1-CE9D983847B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{57CE583F-00AE-4DC6-9FCC-D361DF2B72CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A26422CA-1268-4E54-AE45-91C002B4B938}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D9E864CF-319C-4731-A1B8-821000DCB13B}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{B9603978-B6DD-4380-ADB6-0D1C8A946D27}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{CC116FB2-AFEA-48D8-B22A-D54370013329}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{6EED6253-F4CB-4A8F-9672-5522A9604BF3}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{46924C7C-21C5-4293-A945-F599812F5040}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{E9F22912-82C3-47AE-B2AE-B6102D0F6EC1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{7A1D6DED-F849-4867-8536-4F40A51CA54C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{2CDDF342-BCBD-44CE-BBBE-7D24F8CD2C46}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{66AA44AB-A1E7-4C1C-A889-6A899527192A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E0155354-3DC8-467D-810A-741FD2CF77A3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 
==================== Herstelpunten =========================
 
30-05-2018 20:20:47 Geconfigureerd IDT Audio
03-06-2018 18:52:11 Windows Update
07-06-2018 21:34:44 Windows Update
24-06-2018 20:21:59 Windows Update
05-07-2018 21:42:07 Windows Update
05-07-2018 21:42:24 Windows Update
 
==================== Defecte Apparaatbeheer Apparaten =============
 
 
==================== Eventlog fouten: =========================
 
Applicatiefouten:
==================
Error: (07/08/2018 12:20:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: De openprocedure voor de aspnet_state-service in DLL-bestand C:\Windows\System32\aspnet_counters.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode.
 
Error: (07/08/2018 12:20:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: De openprocedure voor de ASP.NET_4.0.30319-service in DLL-bestand C:\Windows\System32\aspnet_counters.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode.
 
Error: (07/08/2018 12:20:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: De openprocedure voor de ASP.NET-service in DLL-bestand C:\Windows\System32\aspnet_counters.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode.
 
Error: (07/05/2018 09:45:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: De service Cryptografische services kan het object van VSS-back-up 'System Writer' niet initialiseren.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
Systeem wordt afgesloten.
.
 
Error: (07/05/2018 09:45:22 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: NATASCHA)
Description: brave hendrikbrave hendrik-2147467263
 
Error: (07/05/2018 09:41:45 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: NATASCHA)
Description: brave hendrikbrave hendrik-2147467263
 
Error: (07/05/2018 09:28:08 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: De openprocedure voor de aspnet_state-service in DLL-bestand C:\Windows\System32\aspnet_counters.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode.
 
Error: (07/05/2018 09:28:08 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: De openprocedure voor de ASP.NET_4.0.30319-service in DLL-bestand C:\Windows\System32\aspnet_counters.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode.
 
 
Systeemfouten:
=============
Error: (07/08/2018 12:17:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (07/05/2018 09:45:55 PM) (Source: DCOM) (EventID: 10005) (User: NATASCHA)
Description: DCOM heeft de foutmelding 1084 gekregen bij het starten van de ShellHWDetection-service met de argumenten Niet beschikbaar om de server 
{DD522ACC-F821-461A-A407-50B198B896DC} te starten
 
Error: (07/05/2018 09:45:49 PM) (Source: DCOM) (EventID: 10005) (User: NATASCHA)
Description: DCOM heeft de foutmelding 1084 gekregen bij het starten van de MSIServer-service met de argumenten  om de server 
{000C101C-0000-0000-C000-000000000046} te starten
 
Error: (07/05/2018 09:45:36 PM) (Source: DCOM) (EventID: 10005) (User: NATASCHA)
Description: DCOM heeft de foutmelding 1084 gekregen bij het starten van de ShellHWDetection-service met de argumenten Niet beschikbaar om de server 
{DD522ACC-F821-461A-A407-50B198B896DC} te starten
 
Error: (07/05/2018 09:45:28 PM) (Source: DCOM) (EventID: 10005) (User: NATASCHA)
Description: DCOM heeft de foutmelding 1084 gekregen bij het starten van de MSIServer-service met de argumenten  om de server 
{000C101C-0000-0000-C000-000000000046} te starten
 
Error: (07/05/2018 09:45:18 PM) (Source: DCOM) (EventID: 10005) (User: NATASCHA)
Description: DCOM heeft de foutmelding 1084 gekregen bij het starten van de camsvc-service met de argumenten Niet beschikbaar om de server 
Windows.Internal.CapabilityAccess.CapabilityAccess te starten
 
Error: (07/05/2018 09:45:18 PM) (Source: DCOM) (EventID: 10005) (User: NATASCHA)
Description: DCOM heeft de foutmelding 1084 gekregen bij het starten van de TokenBroker-service met de argumenten Niet beschikbaar om de server 
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal te starten
 
Error: (07/05/2018 09:45:17 PM) (Source: DCOM) (EventID: 10005) (User: NATASCHA)
Description: DCOM heeft de foutmelding 1084 gekregen bij het starten van de ShellHWDetection-service met de argumenten Niet beschikbaar om de server 
{DD522ACC-F821-461A-A407-50B198B896DC} te starten
 
 
Windows Defender:
===================================
Date: 2018-05-21 21:46:06.673
Description: 
Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid.
Scan-id: {73A6769F-37DE-4E3B-A86A-43F4D063D144}
Type scan: Antimalware
Scanparameters: Snelle scan
Gebruiker: NT AUTHORITY\SYSTEM
 
CodeIntegrity:
===================================
 
Date: 2018-07-04 22:01:14.552
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-04 22:00:43.550
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-04 22:00:28.115
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-04 22:00:09.286
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-04 22:00:09.278
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-04 22:00:03.787
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-04 21:59:54.894
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-04 21:59:54.803
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Geheugen info =========================== 
 
Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage geheugen in gebruik: 33%
Totaal fysiek RAM-geheugen: 8124.27 MB
Beschikbaar fysiek RAM-geheugen: 5419.53 MB
Totaal Virtueel geheugen: 9404.27 MB
Beschikbaar Virtueel geheugen: 6882.8 MB
 
==================== Schijven ================================
 
Drive c: (Windows) (Fixed) (Total:215.59 GB) (Free:128.67 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.12 GB) (Free:1.32 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)]
 
\\?\Volume{b32c9ad8-4f33-4204-849a-5164eb84a614}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.1 GB) NTFS
\\?\Volume{b0dcaace-0e80-459f-8939-b8784958cbe3}\ () (Fixed) (Total:0.99 GB) (Free:0.42 GB) NTFS
\\?\Volume{e2899c2b-bb20-4e14-b709-f4bd2c67c767}\ () (Fixed) (Total:0.25 GB) (Free:0.14 GB) FAT32
 
==================== MBR & Partitietabel ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 63ACA8BA)
 
Partition: GPT.
 
==================== Eind van Addition.txt ============================
 
 
 
 
 
 
 
 
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Logboekdetails-
Scandatum: 08-07-18
Scantijd: 12:31
Logbestand: 21bcae4e-829a-11e8-84c1-00ffe9242493.json
Beheerder: Ja
 
-Software-informatie-
Versie: 3.5.1.2522
Versie componenten: 1.0.374
Update pakketversie: 1.0.5819
Licentie: Proef
 
-Systeeminformatie-
Besturingssysteem: Windows 10 (Build 17134.112)
Processor: x64
Bestandssysteem: NTFS
Gebruiker: NATASCHA\Natascha
 
-Scansamenvatting-
Scantype: Bedreigingsscan
Scan geactiveerd door: Handmatig
Resultaat: Voltooid
Objecten gescand: 326942
Dreigingen herkend: 0
(Geen kwaadaardige items gedetecteerd)
Dreigingen in quarantaine: 0
(Geen kwaadaardige items gedetecteerd)
Verstreken tijd: 3 min, 39 sec
 
-Scanopties-
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristiek: Ingeschakeld
POP: Detectie
POA: Detectie
 
-Scandetails-
Proces: 0
(Geen kwaadaardige items gedetecteerd)
 
Module: 0
(Geen kwaadaardige items gedetecteerd)
 
Registersleutel: 0
(Geen kwaadaardige items gedetecteerd)
 
Registerwaarde: 0
(Geen kwaadaardige items gedetecteerd)
 
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
 
Gegevensstroom: 0
(Geen kwaadaardige items gedetecteerd)
 
Map: 0
(Geen kwaadaardige items gedetecteerd)
 
Bestand: 0
(Geen kwaadaardige items gedetecteerd)
 
Fysieke sector: 0
(Geen kwaadaardige items gedetecteerd)
 
WMI: 0
(Geen kwaadaardige items gedetecteerd)
 
 
(end)

 

 

 

 

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.1
# -------------------------------
# Build:    07-04-2018
# Database: 2018-07-04.1
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-08-2018
# Duration: 00:00:18
# OS:       Windows 10 Home
# Scanned:  41365
# Detected: 18
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare V8
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare V8
PUP.Optional.AdvancedSystemCare C:\Users\Natascha\AppData\LocalLow\IObit\Advanced SystemCare V8
PUP.Optional.AdvancedSystemCare C:\Users\Natascha\AppData\Roaming\IObit\Advanced SystemCare V8
PUP.Optional.DriveTheLife       C:\Program Files (x86)\OSTotoSoft\DriverTalent
PUP.Optional.Legacy             C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy             C:\Windows\System32\sstmp
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.Legacy             HKCU\Software\Smartbar
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 PM

Posted 08 July 2018 - 08:47 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-593707424-3925244902-578900334-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <==== AANDACHT
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Geen bestand

Task: {1406DC81-FBAF-4BEF-BCE6-B9836FC24A59} - System32\Tasks\{F4866E6D-0432-43BC-B9CF-450DD1EAAF31} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\KMSpico\unins000.exe"
Task: {222C0EBB-1098-45D3-BF56-D142F2A39C0D} - System32\Tasks\{E033FD24-91B3-40B7-B4BA-D78ACAA97F88} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\KMSpico\Service_KMS.exe" -d "C:\Program Files\KMSpico"
Task: {31301AFA-DF01-43A7-BCAE-DB571EA0088D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT
Task: {33751275-7769-4085-898E-EC1950EDBAF6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Geen bestand <==== AANDACHT
Task: {45ADEA28-2546-4319-96B4-A41E23241249} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT
Task: {4D685ACA-4949-4A17-9945-685FC7B99872} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Geen bestand <==== AANDACHT
Task: {54C29E67-D11E-416D-BBA7-F5328EB2642C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Geen bestand <==== AANDACHT
Task: {8275A835-0166-4AC5-94D2-39FB083CBB05} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT
Task: {8966050B-B81E-41DF-BB18-2874B1DE789A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Geen bestand <==== AANDACHT
Task: {A8F513C0-0EF2-4AC0-AD78-1B3953E01A54} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT
Task: {AFD4737B-6E86-45B9-BD32-DBF2499E6B19} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Geen bestand <==== AANDACHT
Task: {BBB7CFEF-7E69-4D36-87DB-BAF172AA5ABD} - \Microsoft\Windows\UNP\RunCampaignManager -> Geen bestand <==== AANDACHT
Task: {EFD1D196-0955-488E-BC8D-263477D163C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Geen bestand <==== AANDACHT
AlternateDataStreams: C:\ProgramData\Temp:0C3DB2C7 [127]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your Chrome may have been compromised.

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
====

Restart the computer again.

Please post the Fixlog.txt and let me know what problem persists.

#5 Raymond1985

Raymond1985
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 08 July 2018 - 11:39 AM

Thank you so much.

Below the fixlog.txt. As far as I can see Chrome works like before :).

The only thing which is irritating is the sound of the fan/ventilator.. what can I do about this? Sounds like it works very hard, even if I don't use any app on my laptop. 

 

Ps. in the fixlog.txt I see some problems which are not solved (see the term "Fout: Geen automatische fix gevonden voor dit item." or "niet gevonden")

 

 

 

Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 20.06.2018
Gestart door Natascha (08-07-2018 18:22:40) Run:1
Gestart vanaf C:\Users\Natascha\Downloads
Geladen Profielen: Natascha (Beschikbare Profielen: Natascha)
Boot Modus: Normal
==============================================
 
fixlist inhoud:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKU\S-1-5-21-593707424-3925244902-578900334-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <==== AANDACHT
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Geen bestand
 
Task: {1406DC81-FBAF-4BEF-BCE6-B9836FC24A59} - System32\Tasks\{F4866E6D-0432-43BC-B9CF-450DD1EAAF31} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\KMSpico\unins000.exe"
Task: {222C0EBB-1098-45D3-BF56-D142F2A39C0D} - System32\Tasks\{E033FD24-91B3-40B7-B4BA-D78ACAA97F88} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\KMSpico\Service_KMS.exe" -d "C:\Program Files\KMSpico"
Task: {31301AFA-DF01-43A7-BCAE-DB571EA0088D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT
Task: {33751275-7769-4085-898E-EC1950EDBAF6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Geen bestand <==== AANDACHT
Task: {45ADEA28-2546-4319-96B4-A41E23241249} -
\Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT
Task: {4D685ACA-4949-4A17-9945-685FC7B99872} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Geen bestand <==== AANDACHT
Task: {54C29E67-D11E-416D-BBA7-F5328EB2642C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Geen bestand <==== AANDACHT
Task: {8275A835-0166-4AC5-94D2-39FB083CBB05} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT
Task: {8966050B-B81E-41DF-BB18-2874B1DE789A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Geen bestand <==== AANDACHT
Task: {A8F513C0-0EF2-4AC0-AD78-1B3953E01A54} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT
Task: {AFD4737B-6E86-45B9-BD32-DBF2499E6B19} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Geen bestand <==== AANDACHT
Task: {BBB7CFEF-7E69-4D36-87DB-BAF172AA5ABD} - \Microsoft\Windows\UNP\RunCampaignManager -> Geen bestand <====
AANDACHT
Task: {EFD1D196-0955-488E-BC8D-263477D163C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Geen bestand <==== AANDACHT
AlternateDataStreams: C:\ProgramData\Temp:0C3DB2C7 [127]
 
Reboot:
 
End
*****************
 
Herstelpunt is succesvol gemaakt.
Proces succesvol afgesloten.
"HKU\S-1-5-21-593707424-3925244902-578900334-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => is succesvol verwijderd
"HKLM\Software\Classes\PROTOCOLS\Filter\application/x-mfe-ipt" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => niet gevonden
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1406DC81-FBAF-4BEF-BCE6-B9836FC24A59}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1406DC81-FBAF-4BEF-BCE6-B9836FC24A59}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\{F4866E6D-0432-43BC-B9CF-450DD1EAAF31} => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F4866E6D-0432-43BC-B9CF-450DD1EAAF31}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{222C0EBB-1098-45D3-BF56-D142F2A39C0D}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{222C0EBB-1098-45D3-BF56-D142F2A39C0D}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\{E033FD24-91B3-40B7-B4BA-D78ACAA97F88} => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E033FD24-91B3-40B7-B4BA-D78ACAA97F88}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31301AFA-DF01-43A7-BCAE-DB571EA0088D}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31301AFA-DF01-43A7-BCAE-DB571EA0088D}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33751275-7769-4085-898E-EC1950EDBAF6}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33751275-7769-4085-898E-EC1950EDBAF6}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {45ADEA28-2546-4319-96B4-A41E23241249} - => niet gevonden
\Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT => Fout: Geen automatische fix gevonden voor dit item.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D685ACA-4949-4A17-9945-685FC7B99872}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D685ACA-4949-4A17-9945-685FC7B99872}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54C29E67-D11E-416D-BBA7-F5328EB2642C}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54C29E67-D11E-416D-BBA7-F5328EB2642C}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8275A835-0166-4AC5-94D2-39FB083CBB05}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8275A835-0166-4AC5-94D2-39FB083CBB05}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8966050B-B81E-41DF-BB18-2874B1DE789A}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8966050B-B81E-41DF-BB18-2874B1DE789A}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8F513C0-0EF2-4AC0-AD78-1B3953E01A54}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F513C0-0EF2-4AC0-AD78-1B3953E01A54}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFD4737B-6E86-45B9-BD32-DBF2499E6B19}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFD4737B-6E86-45B9-BD32-DBF2499E6B19}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBB7CFEF-7E69-4D36-87DB-BAF172AA5ABD}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBB7CFEF-7E69-4D36-87DB-BAF172AA5ABD}" => is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => niet gevonden
AANDACHT => Fout: Geen automatische fix gevonden voor dit item.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFD1D196-0955-488E-BC8D-263477D163C3}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFD1D196-0955-488E-BC8D-263477D163C3}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => is succesvol verwijderd
C:\ProgramData\Temp => ":0C3DB2C7" ADS is succesvol verwijderd
 
 
Het systeem moest herstart worden.
 
==== Eind van Fixlog 18:23:02 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 PM

Posted 09 July 2018 - 08:53 AM

Hi,
 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => niet gevonden
AANDACHT => Fout: Geen automatische fix gevonden voor dit item.
I know it's protected by the Operating system.
 
Normally I do not remove the key with my fixes.
Forget about it.
 
===
 
--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
  • =======


    #7 Raymond1985

    Raymond1985
    • Topic Starter

    • Members
    • 11 posts
    • OFFLINE
    •  
    • Local time:02:00 AM

    Posted 09 July 2018 - 02:44 PM

    Great.. thanks for your help again.

    Below the report of RogueKiller:

     

    RogueKiller V12.12.26.0 (x64) [Jul 9 2018] (Gratis) Door Adlice Software
     
     
     
     
     
     
     
    Besturingssysteem : Windows 10 (10.0.17134) 64 bits version
     
    Gestart in : Normale mode
     
    Gebruiker : Natascha [Administrator]
     
    Gestart vanaf : C:\Program Files\RogueKiller\RogueKiller64.exe
     
    Mode : Scan -- Datum : 07/09/2018 21:09:11 (Duur : 00:27:55)
     
     
     
    §§§ Processen : 0 §§§
     
     
     
    §§§ Register : 2 §§§
     
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-593707424-3925244902-578900334-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Gevonden
     
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-593707424-3925244902-578900334-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Gevonden
     
     
     
    §§§ Taken : 0 §§§
     
     
     
    §§§ Bestanden : 2 §§§
     
    [PUP.HackTool][Map] C:\Windows\KMSServerService -> Gevonden
     
    [PUP.HackTool][Map] C:\Program Files\KMSpico -> Gevonden
     
     
     
    §§§ WMI : 0 §§§
     
     
     
    §§§ Host-bestand : 0 §§§
     
     
     
    §§§ Antirootkit : 0 (Driver: Geladen) §§§
     
     
     
    §§§ Web Browsers : 0 §§§
     
     
     
    §§§ MBR Check : §§§
     
    +++++ PhysicalDrive0: SanDisk SD6SN1M-256G-1006 +++++
     
    --- User ---
     
    [MBR] 235593e12c090cb0919aa7da00045f22
     
    [BSP] 3648e3a63db86d7aad93a73de24bf4b6 : Empty|VT.Unknown MBR Code
     
    Partition table:
     
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
     
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
     
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
     
    3 - Basic data partition | Offset (sectors): 1615872 | Size: 220759 MB
     
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 453732352 | Size: 1013 MB
     
    5 - [SYSTEM] Basic data partition | Offset (sectors): 455806976 | Size: 13439 MB
     
    6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 483330048 | Size: 8193 MB
     
    User = LL1 ... OK
     
    User = LL2 ... OK


    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 40,227 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:08:00 PM

    Posted 10 July 2018 - 06:07 AM

    Hi,

    Run the RogueKiller tool and delete these items.

    [PUP.HackTool][Map] C:\Windows\KMSServerService -> Gevonden

    [PUP.HackTool][Map] C:\Program Files\KMSpico -> Gevonden

    Restart the computer normally.

    How is it now?

    #9 Raymond1985

    Raymond1985
    • Topic Starter

    • Members
    • 11 posts
    • OFFLINE
    •  
    • Local time:02:00 AM

    Posted 13 July 2018 - 03:31 PM

    Is it much better now. Thank you so much!!



    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 40,227 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:08:00 PM

    Posted 14 July 2018 - 07:17 AM

    Hi,

    Glad we could help.

    If all is well.

    To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
    http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


    https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    Simple and easy ways to keep your computer safe and secure on the Internet.
    ===




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users