Jump to content

CW1990

Members
 View Profile  See their activity

  • Content Count

    12

  • Joined

  • Last visited

About CW1990

  • Rank
    New Member
  1. CW1990
    Thank you so much for your help!
  2. CW1990
    Hi, I've included the fixlog of FRST here. The Sophos scan took a while because my PC continued to go into sleep mode and I didn't realize it wasn't running whilst in sleep mode. It came back completely clean though. No details, nothing detected. Does this mean Malwarebytes completely stopped the Ransomware attack? Fixlog.txt
  3. CW1990
    Hi, thank you for your response. The Malware Bytes scan as well as the ADW Cleaner scan came back negative for infection. Here is the ADW Cleaner Scan: # ------------------------------- # Malwarebytes AdwCleaner 8.0.5.0 # ------------------------------- # Build: 05-25-2020 # Database: 2020-06-15.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 06-30-2020 # Duration: 00:00:17 # OS: Windows 7 Professional # Scanned: 31836 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [1413 octets] - [29/06/2020 22:56:36] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ########## Here is my FRST scan: Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 28-06-2020 Gestart door Gebruiker (Beheerder) op EIGENAAR-PC (MSI MS-7821) (30-06-2020 09:20:46) Gestart vanaf C:\Users\Gebruiker\Pictures\Desktop Geladen Profielen: Gebruiker Platform: Windows 7 Professional Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Chrome) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) () [Bestand niet getekend] [Bestand is in gebruik] C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe () [Bestand niet getekend] [Bestand is in gebruik] C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3> (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\100.4.409\QtWebEngineProcess.exe <2> (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe (Flexera Software LLC -> Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe (Flexera Software LLC -> Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14> (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Corporation) [Bestand niet getekend] [Bestand is in gebruik] C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Smart Connect software -> ) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Intel(R) Smart Connect software -> Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (MagicISO, Inc.) [Bestand niet getekend] [Bestand is in gebruik] D:\Program Files (x86)\MagicDisc\MagicDisc.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Qualcomm Atheros) [Bestand niet getekend] [Bestand is in gebruik] C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Sanford, L.P. -> ) C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectLauncher.exe (Sanford, L.P.) [Bestand niet getekend] [Bestand is in gebruik] C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Register (gefilterd) =================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [40576 2013-08-29] (Creative Technology Ltd -> Creative Technology Ltd.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7657984 2020-06-25] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [DYMOWebApi] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe [5373440 2020-03-10] () [Bestand niet getekend] [Bestand is in gebruik] HKLM-x32\...\Run: [DymoOfficeHelper] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.OfficeHelper.exe [63488 2020-03-10] () [Bestand niet getekend] [Bestand is in gebruik] HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [466312 2020-05-25] (Express Vpn LLC -> ExpressVPN) HKLM-x32\...\Run: [Opera Browser Assistant] => D:\program files\opera\assistant\browser_assistant.exe [3105304 2020-06-22] (Opera Software AS -> Opera Software) HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198512 2019-07-21] (Support.com, Inc. -> SUPERAntiSpyware) HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [Google Update] => C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-21] (Google LLC -> Google LLC) HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [DAEMON Tools Lite] => D:\program files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd -> Piriform Ltd) HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3375904 2020-06-04] (Valve -> Valve Corporation) HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [Discord] => C:\Users\Gebruiker\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.) HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [] => [X] HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [DYMOConnectLauncher] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectLauncher.exe [162488 2020-03-10] (Sanford, L.P. -> ) HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [1162632 2020-05-25] (Express Vpn LLC -> ExpressVPN) HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\MountPoints2: {2fed944f-ffa6-11e3-bef3-806e6f6e6963} - F:\autorun.exe HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\MountPoints2: {375f9ded-fd74-11e4-bd0b-448a5b66a256} - G:\autorun.exe HKLM\...\Windows x64\Print Processors\Canon MG5500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBU.DLL [30208 2013-04-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: C:\Windows\system32\CNCALBL.DLL [303104 2012-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5500 series: C:\Windows\system32\CNMLMBU.DLL [391168 2013-04-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\Windows\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2013-01-24] (CANON INC.) [Bestand niet getekend] [Bestand is in gebruik] HKLM\...\Print\Monitors\DYMO LabelWriter Monitor: C:\Windows\system32\LW400MON.DLL [16384 2020-03-10] (Microsoft Windows Hardware Compatibility Publisher -> DYMO Corp.) HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [110264 2014-04-25] (pdfforge GmbH -> pdfforge GmbH) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-22] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-04-25] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel(R) Smart Connect software -> Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-04-25] ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{A003678C-C125-49A0-90D0-99AE485F6F92}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Qualcomm Atheros, Inc. -> Flexera Software LLC) Startup: C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2014-06-29] ShortcutTarget: MagicDisc.lnk -> D:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) [Bestand niet getekend] [Bestand is in gebruik] ==================== Geplande Taken (gefilterd) ============ (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {052A8028-1E12-453C-9FBD-8CD54D1CDF99} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-18] (Dropbox, Inc -> Dropbox, Inc.) Task: {30DB2F72-9F9A-460B-8808-BC42B37865A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1699787563-3305780868-2387947222-1000UA => C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.) Task: {3D96E7A6-4093-42D4-BE13-B045FF0D4159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1699787563-3305780868-2387947222-1000Core => C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.) Task: {418D151A-EC31-4B3D-94B3-DA8D529B732E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd -> Piriform Ltd) Task: {5568ADB0-4EED-4D7E-AB74-8F077EF91070} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-18] (Dropbox, Inc -> Dropbox, Inc.) Task: {6341736D-DC34-444D-90BC-E63673CBB2A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {675D2C2D-EDDD-4BA0-B2B2-46127FABC2B6} - System32\Tasks\AdobeAAMUpdater-1.0-Eigenaar-PC-Gebruiker => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {6DE26AF1-9DC4-420D-91A0-6CB116A22D86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {78971E91-4922-44FE-9FDA-3C1E0FB5B626} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [0 2018-08-20] () Task: {829EB578-A661-49CD-A8B7-E189B6F1CA67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.) Task: {8E3B088F-F329-41E1-960D-7AA334280F7F} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-11] (Mozilla Corporation -> Mozilla Foundation) Task: {A200A0E7-9851-4E04-B1B7-85D797AC9D02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Task: {A7E98EEC-4986-4C14-A01D-00AFB0EC1CA7} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) Task: {AE5F95BF-436A-444F-AD64-F655A1905579} - System32\Tasks\Opera scheduled assistant Autoupdate 1582789614 => D:\program files\opera\launcher.exe [1333784 2020-06-18] (Opera Software AS -> Opera Software) Task: {C1A0C6EF-FB5A-4AB4-8124-D806E4D9681B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {CF0A58ED-397C-40BB-B78D-1C81423D5240} - System32\Tasks\{4F2145D6-BA0F-4ACE-AD34-A346EBFD602C} => C:\Windows\system32\pcalua.exe -a E:\AOMsetup.exe -d E:\ -c /autorun Task: {D2AB37DC-CC42-440B-A6C1-F881EC471BE7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems) Task: {D50D3F9B-026F-42E7-BBFC-15DDD8DFF82F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [1447936 2018-08-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {D7E647D8-D711-48BB-9313-4C53C2092303} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {EC5D593F-DD84-4A0B-BC60-8FCEDFB21939} - System32\Tasks\Opera scheduled Autoupdate 1399726773 => D:\program files\opera\launcher.exe [1333784 2020-06-18] (Opera Software AS -> Opera Software) (Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.) Hosts: Er is meer dan één item in Hosts. Zie Hosts deel van Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{D8619224-6B87-4136-86FB-86A8B940AAC6}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{FAD046C4-C920-48B6-9116-AA0A15A5F69F}: [DhcpNameServer] 10.177.0.1 Internet Explorer: ================== SearchScopes: HKU\S-1-5-21-1699787563-3305780868-2387947222-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (Canon Inc. -> CANON INC.) BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (Canon Inc. -> CANON INC.) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-09-03] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> D:\program files\evernote\EvernoteIE.dll [2014-04-14] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) [Bestand niet getekend] [Bestand is in gebruik] BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-09-03] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (Canon Inc. -> CANON INC.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: izfhjg5e.default-1399448353244 FF ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\izfhjg5e.default-1399448353244 [2020-06-29] FF user.js: detected! => C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\izfhjg5e.default-1399448353244\user.js [2020-04-03] FF Extension: (Firebug) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\izfhjg5e.default-1399448353244\Extensions\firebug@software.joehewitt.com.xpi [2017-03-02] [Verouderd] FF Extension: (Adblock Plus - gratis adblocker) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\izfhjg5e.default-1399448353244\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-17] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-08-12] (Adobe Systems Incorporated -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-12] (Adobe Systems Incorporated -> ) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.) [Bestand niet getekend] [Bestand is in gebruik] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\itunes\Mozilla Plugins\npitunes.dll [2014-02-20] (Apple Inc. -> ) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [Bestand niet getekend] [Bestand is in gebruik] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-09-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-09-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\program files\VLC\npvlc.dll [2014-02-05] (VideoLAN) [Bestand niet getekend] [Bestand is in gebruik] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-04-30] (pdfforge GmbH -> pdfforge GmbH) FF Plugin HKU\S-1-5-21-1699787563-3305780868-2387947222-1000: SkypePlugin -> C:\Users\Gebruiker\AppData\Local\SkypePlugin\7.6.0.295\npGatewayNpapi.dll [2015-09-14] (Microsoft Corporation -> Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-1699787563-3305780868-2387947222-1000: SkypePlugin64 -> C:\Users\Gebruiker\AppData\Local\SkypePlugin\7.6.0.295\npGatewayNpapi-x64.dll [2015-09-14] (Microsoft Corporation -> Skype Technologies S.A.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-06-30] CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/" CHR Extension: (Presentaties) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Documenten) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-25] CHR Extension: (WOT: Web of Trust, Website Reputatiescores) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-03-31] CHR Extension: (YouTube) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-25] CHR Extension: (Adblock Plus - gratis adblocker) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-10] CHR Extension: (Spreadsheets) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Offline Documenten) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29] CHR Extension: (No Coin - Block miners on the web!) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gojamcfopckidlocpkbelmpjcgmbgjcl [2018-02-26] CHR Extension: (Book Report) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gopdpgphdcjglgoojmfdpbcdfcmnllkc [2019-07-07] CHR Extension: (Kindle Cloud Reader) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-10-22] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04] CHR Extension: (Gmail) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-02] CHR Extension: (Chrome Media Router) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-27] CHR Profile: C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-03] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] Opera: ======= OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Gebruiker\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2020-03-03] StartMenuInternet: (HKLM) OperaStable - D:\program files\opera\Launcher.exe ==================== Services (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2019-07-21] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-18] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-18] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44552 2020-06-25] (Dropbox, Inc -> Dropbox, Inc.) R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) R2 DYMOConnectPnPService; C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe [26112 2020-03-10] (Sanford, L.P.) [Bestand niet getekend] [Bestand is in gebruik] R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [438664 2020-05-25] (Express Vpn LLC -> ExpressVPN) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Bestand niet getekend] [Bestand is in gebruik] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Bestand niet getekend] [Bestand is in gebruik] R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] (Intel(R) Smart Connect software -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-19] (Malwarebytes Inc -> Malwarebytes) R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.) S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [782320 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [782136 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH -> pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH -> pdfforge GmbH) R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-11] (Qualcomm Atheros) [Bestand niet getekend] [Bestand is in gebruik] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [Bestand niet getekend] [Bestand is in gebruik] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10823184 2020-04-20] (TeamViewer Germany GmbH -> TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-05-03] (Tages SA -> ) R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.) R3 dbx; C:\Windows\System32\DRIVERS\dbx.sys [47600 2020-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-29] (Disc Soft Ltd -> Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-04-24] (Malwarebytes Corporation -> Malwarebytes) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [18800 2020-05-25] (ExprsVPN LLC -> ) U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc. -> GEAR Software Inc.) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] (Intel(R) Smart Connect software -> ) R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] (Intel(R) Smart Connect software -> ) R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] (Intel(R) Smart Connect software -> ) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] (Intel(R) Smart Connect software -> ) R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-05-03] (Tages SA -> ) R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-06-23] (Malwarebytes Inc -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [196456 2020-06-30] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-06-30] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-30] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [120432 2020-06-23] (Malwarebytes Inc -> Malwarebytes) R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.) R3 mcdbus; C:\Windows\SysWOW64\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [78320 2018-10-17] (NVIDIA Corporation -> NVIDIA Corporation) S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [36208 2019-08-21] (ExprsVPN LLC -> The OpenVPN Project) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een maand (aangemaakt) =================== (Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.) 2020-06-30 09:20 - 2020-06-30 09:21 - 000000000 ____D C:\FRST 2020-06-30 09:08 - 2020-06-30 09:08 - 000196456 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-06-30 09:08 - 2020-06-30 09:08 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-06-29 23:05 - 2020-06-29 22:56 - 008402608 _____ (Malwarebytes) C:\Users\Gebruiker\Downloads\adwcleaner_8.0.5.exe 2020-06-29 22:56 - 2020-06-29 22:56 - 000000000 ____D C:\AdwCleaner 2020-06-29 16:28 - 2020-06-29 22:54 - 000367690 _____ C:\Windows\ntbtlog.txt 2020-06-28 11:09 - 2020-06-28 11:09 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\NVIDIA Corporation 2020-06-28 11:08 - 2020-06-28 11:08 - 000000000 ____D C:\Users\Gebruiker\AppData\LocalLow\Pathea Games 2020-06-27 08:53 - 2020-06-27 08:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-06-26 10:08 - 2020-06-26 10:08 - 000185748 _____ C:\Users\Gebruiker\Downloads\VanDerLee Verkooporder81756.pdf 2020-06-25 19:11 - 2020-06-25 19:11 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2020-06-25 19:11 - 2020-06-25 19:11 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2020-06-25 19:11 - 2020-06-25 19:11 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2020-06-25 19:11 - 2020-06-25 19:11 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx.sys 2020-06-25 19:11 - 2020-06-25 19:11 - 000044552 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2020-06-24 10:11 - 2020-06-24 10:11 - 000550290 _____ C:\Users\Gebruiker\Downloads\Factuur 2020 06-25.pdf 2020-06-23 14:13 - 2020-06-23 14:13 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-06-23 14:13 - 2020-06-23 14:13 - 000120432 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2020-06-11 11:07 - 2020-06-29 16:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2020-06-08 11:09 - 2020-06-08 11:09 - 000000000 ____D C:\Program Files (x86)\ExpressVPN 2020-06-08 10:57 - 2020-06-30 09:07 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys ==================== Een maand (gewijzigd) ================== (Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.) 2020-06-30 09:19 - 2009-07-14 06:45 - 000032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-06-30 09:19 - 2009-07-14 06:45 - 000032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-06-30 09:13 - 2011-04-12 15:00 - 000745748 _____ C:\Windows\system32\perfh013.dat 2020-06-30 09:13 - 2011-04-12 15:00 - 000153700 _____ C:\Windows\system32\perfc013.dat 2020-06-30 09:13 - 2009-07-14 07:13 - 001670888 _____ C:\Windows\system32\PerfStringBackup.INI 2020-06-30 09:13 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2020-06-30 09:09 - 2015-06-18 17:13 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Dropbox 2020-06-30 09:08 - 2016-12-23 22:07 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\discord 2020-06-30 09:07 - 2016-12-18 03:14 - 000001016 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2020-06-30 09:07 - 2014-04-25 14:33 - 000000000 ____D C:\ProgramData\NVIDIA 2020-06-30 09:07 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-06-29 19:49 - 2014-06-29 17:47 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\ElevatedDiagnostics 2020-06-29 17:50 - 2016-11-18 16:18 - 000000000 ____D C:\Users\Gebruiker\AppData\LocalLow\Mozilla 2020-06-29 16:29 - 2009-07-14 06:45 - 007671848 _____ C:\Windows\system32\FNTCACHE.DAT 2020-06-29 16:28 - 2014-05-06 16:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-06-29 16:24 - 2014-05-24 10:25 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\CrashDumps 2020-06-29 15:57 - 2016-12-18 03:14 - 000001020 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2020-06-27 10:41 - 2016-11-17 19:38 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2020-06-27 08:53 - 2016-12-18 03:14 - 000000000 ____D C:\Program Files (x86)\Dropbox 2020-06-25 09:47 - 2014-05-06 22:45 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\vlc 2020-06-24 10:03 - 2020-02-27 09:46 - 000004032 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1582789614 2020-06-24 08:44 - 2020-04-03 09:24 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\DYMOConnect 2020-06-22 21:06 - 2014-05-06 16:24 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-06-22 21:06 - 2014-05-06 16:24 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-06-22 21:06 - 2014-05-06 16:24 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-06-22 16:59 - 2015-03-25 16:28 - 000003840 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1399726773 2020-06-09 10:48 - 2014-04-25 13:26 - 000321792 _____ C:\Users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.DAT 2020-06-08 11:09 - 2019-09-17 12:20 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk 2020-06-08 11:09 - 2019-04-14 10:46 - 000002087 _____ C:\Users\Public\Desktop\ExpressVPN.lnk 2020-06-08 11:09 - 2019-04-14 10:46 - 000002087 _____ C:\ProgramData\Desktop\ExpressVPN.lnk 2020-06-08 11:09 - 2019-04-14 10:46 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\ExpressVPN 2020-06-08 11:09 - 2016-11-17 20:05 - 000000000 ____D C:\ProgramData\Package Cache 2020-06-08 10:34 - 2014-05-06 17:21 - 000000000 ____D C:\Users\Gebruiker\Documents\My Kindle Content 2020-06-05 15:01 - 2014-05-06 16:27 - 000000000 ____D C:\Users\Gebruiker\Documents\Calibrebibliotheek 2020-06-04 14:17 - 2015-06-01 14:17 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2020-06-01 11:26 - 2014-05-08 10:16 - 000000132 _____ C:\Users\Gebruiker\AppData\Roaming\Adobe PNG Format CS5 Prefs 2020-05-31 15:32 - 2016-03-01 16:17 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Ubisoft Game Launcher ==================== Bestanden in de root van sommige mappen ======== 2014-05-28 14:36 - 2019-10-11 10:01 - 000000132 _____ () C:\Users\Gebruiker\AppData\Roaming\Adobe AIFF Format CS5 Prefs 2018-02-11 17:44 - 2018-02-11 17:44 - 000000132 _____ () C:\Users\Gebruiker\AppData\Roaming\Adobe IllExport Filter CS5 Prefs 2014-05-08 10:16 - 2020-06-01 11:26 - 000000132 _____ () C:\Users\Gebruiker\AppData\Roaming\Adobe PNG Format CS5 Prefs 2018-01-22 17:58 - 2018-01-30 20:29 - 000001595 _____ () C:\Users\Gebruiker\AppData\Roaming\SAS7_000.DAT 2014-05-09 17:26 - 2018-05-05 15:53 - 000001456 _____ () C:\Users\Gebruiker\AppData\Local\Adobe Save for Web 12.0 Prefs 2017-02-20 19:57 - 2017-03-08 16:12 - 000020480 _____ () C:\Users\Gebruiker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-02-01 19:10 - 2018-04-22 18:57 - 000007667 _____ () C:\Users\Gebruiker\AppData\Local\Resmon.ResmonCfg 2018-04-08 11:30 - 2018-04-08 11:30 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\{5791E756-187E-4600-AD62-AB781833E4D1} 2017-09-18 12:52 - 2017-09-18 12:52 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\{63AF0501-40BC-4850-AFCB-F751D751E269} 2018-05-06 09:49 - 2018-05-06 09:49 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\{6C833CFA-6179-477E-A37C-432173A0FFD5} 2017-08-03 22:39 - 2017-08-03 22:39 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\{A6100239-D3F4-4F7D-BDE0-CFECE4B47AD0} 2017-11-14 14:27 - 2017-11-14 14:27 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\{A6B1FD5A-CC21-4EFE-9514-A18DB3E96A8A} ==================== SigCheck ============================ (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) LastRegBack: 2020-06-20 15:48 ==================== Einde van FRST.txt ======================== Addition.txt malwarebytes.txt
  4. CW1990
    Also, I want to add that my malware bytes has disabled all active protection now. I am unable to turn it on. It will not work. Is this because of safe mode? Or is it broken? And how do I fix it?
  5. CW1990 started following Possible Ransomware
  6. CW1990
    Hi, this afternoon my word doc as well as my browser suddenly shut down. I got a popup from malwarebytes about a ransomware. Then the PC suddenly shut down. I immediately pulled the plug on the internet and started up in safe mode, ran a full malware bytes scan including rootkit. However, it came back clean. I then ran an Adware Cleaner tool from yours, which also came back clean. Should I be further worried? Or did I just avoid a major hit? How do I know the PC is safe? I've included several of the files from the scans I've mentioned. malwarebytes ransomware.txt full scan.txt AdwCleaner[S00].txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept