Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version) Tool run by Sander on di 15-01-2019 at 18:33:27,86. Microsoft Windows 10 Pro 10.0.17134 x64 Running in: Normal Mode Internet Access Detected Launched: E:\Users\Sander\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2019-01-14-220410.log 81566 bytes C:\zoek-results2019-01-15-161445.log 85549 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} E:\Program Files\FileZilla FTP Client\fzshellext_64.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~3\{6A1798B4-4BC3-42D3-8545-B1A43208F7FC} deleted successfully C:\Users\Sander\AppData\Local\DBG deleted successfully C:\Users\Sander\AppData\Local\PeerDistRepub deleted successfully ==== Running Processes ====================== c:\program files\avast software\avast\avastsvc.exe E:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Festo\CODESYSV3\GatewayPLC\ServiceControl.exe C:\WINDOWS\SysWOW64\Ext2Srv.EXE C:\WINDOWS\SysWOW64\lkads.exe C:\Program Files (x86)\GlassWire\GWCtlSrv.exe C:\WINDOWS\System32\drivers\o2flash.exe C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files (x86)\Popcorn Time\Updater.exe C:\Program Files (x86)\Festo\CODESYSV3\GatewayPLC\GatewayService.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe C:\Program Files (x86)\National Instruments\MAX\nimxs.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe E:\Program Files (x86)\Input Director\IDWinService.exe E:\Program Files (x86)\mosquitto\mosquitto.exe C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe C:\WINDOWS\SysWOW64\lktsrv.exe C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe E:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe C:\Program Files (x86)\Dell\Dell Data Protection\Authentication\Bin\DPAgent.exe C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe C:\Program Files (x86)\GlassWire\GWIdlMon.exe C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE C:\Users\Sander\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Sander\AppData\Roaming\Spotify\Spotify.exe C:\Users\Sander\AppData\Roaming\Spotify\Spotify.exe C:\Users\Sander\AppData\Roaming\Spotify\Spotify.exe E:\Program Files (x86)\Input Director\InputDirector.exe C:\Users\Sander\AppData\Roaming\Spotify\Spotify.exe C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNABFSWK.EXE C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Users\Sander\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileCoAuth.exe C:\Program Files (x86)\TeamViewer\tv_w32.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\GlassWire\GlassWire.exe C:\Program Files\behringer\bcd3kcpan.exe C:\Program Files (x86)\Dropbox\Client\Dropbox.exe C:\Program Files (x86)\Dropbox\Client\Dropbox.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe C:\Program Files (x86)\Dropbox\Client\Dropbox.exe C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Festo\CODESYSV3\GatewayPLC\GatewaySysTray.exe C:\Program Files (x86)\Festo\CODESYSV3\GatewayPLC\CODESYSControlSysTray.exe C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [AGMService] - Adobe Genuine Monitor Service - c:\program files (x86)\common files\adobe\adobegcclient\agmservice.exe R2 - [AGSService] - Adobe Genuine Software Integrity Service - c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe R2 - [ApHidMonitorService] - Alps HID Monitor Service - c:\program files\delltpad\hidmonitorsvc.exe R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe R2 - [BcmBtRSupport] - Bluetooth Driver Management Service - c:\windows\system32\btwrsupportservice.exe R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe R2 - [ClickToRunSvc] - Klik-en-klaar-service van Microsoft Office - c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe R2 - [CodeMeter.exe] - CodeMeter Runtime Server - c:\program files (x86)\codemeter\runtime\bin\codemeter.exe R2 - [CODESYS Gateway V3] - CODESYS Gateway V3 Version 3.5.7.20 - c:\program files (x86)\festo\codesysv3\gatewayplc\gatewayservice.exe R2 - [CODESYS ServiceControl] - CODESYS ServiceControl Version 3.5.7.0 - c:\program files (x86)\festo\codesysv3\gatewayplc\servicecontrol.exe R2 - [Credential Vault Host Control Service] - Credential Vault Host Control Service - e:\program files\broadcom corporation\broadcom ush host components\cv\bin\hostcontrolservice.exe R2 - [Credential Vault Host Storage] - Credential Vault Host Storage - e:\program files\broadcom corporation\broadcom ush host components\cv\bin\hoststorageservice.exe R2 - [DbxSvc] - DbxSvc - c:\windows\system32\dbxsvc.exe R2 - [DDVCollectorSvcApi] - Dell Data Vault Service API - c:\program files\dell\delldatavault\ddvcollectorsvcapi.exe R2 - [DDVDataCollector] - Dell Data Vault Collector - c:\program files\dell\delldatavault\ddvdatacollector.exe R2 - [DDVRulesProcessor] - Dell Data Vault Processor - c:\program files\dell\delldatavault\ddvrulesprocessor.exe R2 - [Dell Hardware Support] - Dell Hardware Support - c:\program files\dell\supportassistagent\pcdr\supportassist\6.0.6992.1466\dsapi.exe R2 - [DellMgmtAgent] - DellMgmtAgent - e:\program files\dell\dell data protection\client security framework\dell.securityframework.agent.exe R2 - [DellMgmtLoader] - DellMgmtLoader - e:\program files\dell\dell data protection\client security framework\dcf.loader.exe R2 - [ewserver] - SOLIDWORKS Electrical Collaborative Server - c:\program files\solidworks corp\solidworks electrical\server\ewserver.exe R2 - [GlassWire] - GlassWire Control Service - c:\program files (x86)\glasswire\gwctlsrv.exe R2 - [igfxCUIService2.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe R2 - [InputDirector] - Input Director Service - e:\program files (x86)\input director\idwinservice.exe R2 - [Intel(R) PROSet Monitoring Service] - Intel(R) PROSet Monitoring Service - c:\windows\system32\iprosetmonitor.exe R2 - [lkClassAds] - NI PSP Service Locator - c:\windows\syswow64\lkads.exe R2 - [lkTimeSync] - NI Time Synchronization - c:\windows\syswow64\lktsrv.exe R2 - [MacriumService] - Macrium Service - c:\program files\macrium\common\macriumservice.exe R2 - [MSSQL$TEW_SQLEXPRESS] - SQL Server (TEW_SQLEXPRESS) - c:\programdata\solidworks electrical\mssql12.tew_sqlexpress\mssql\binn\sqlservr.exe R2 - [mxssvr] - NI Configuration Manager - c:\program files (x86)\national instruments\max\nimxs.exe R2 - [NIApplicationWebServer] - NI Application Web Server - c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe R2 - [niauth] - NI Authentication Service - c:\program files (x86)\national instruments\shared\niauth\niauth_daemon.exe R2 - [NIDomainService] - NI Domain Service - c:\program files (x86)\national instruments\shared\security\nidmsrv.exe R2 - [NIHardwareService] - NIHardwareService - c:\program files\common files\native instruments\hardware\nihardwareservice.exe R2 - [nimDNSResponder] - NI mDNS Responder Service - c:\program files (x86)\national instruments\shared\mdns responder\nimdnsresponder.exe R2 - [NINetworkDiscovery] - NI Network Discovery - c:\program files (x86)\national instruments\shared\ni network discovery\nidiscsvc.exe R2 - [NiSvcLoc] - NI Service Locator - c:\program files (x86)\national instruments\shared\nisvcloc\nisvcloc.exe R2 - [NISystemWebServer] - NI System Web Server - c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe R2 - [NITaggerService] - NI Variable Engine - c:\program files (x86)\national instruments\shared\tagger\tagsrv.exe R2 - [NVDisplay.ContainerLocalSystem] - NVIDIA Display Container LS - c:\program files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe R2 - [NVWMI] - NVIDIA WMI Provider - c:\windows\system32\nvwmi64.exe R2 - [O2FLASH] - O2FLASH - c:\windows\system32\drivers\o2flash.exe R2 - [RemoteSolverDispatcher] - Remote Solver for Flow Simulation 2018 - c:\program files\solidworks corp\solidworks flow simulation\bincfw\remotesolverdispatcherservice.exe R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe R2 - [SDIOAssist] - SDIOAssist - c:\windows\system32\sdioassist.exe R2 - [SecurityHealthService] - Service Windows Defender-beveiligingscentrum - c:\windows\system32\securityhealthservice.exe R2 - [sedsvc] - Windows Remediation Service - c:\program files\rempl\sedsvc.exe R2 - [SgrmBroker] - System Guard Runtime Monitor Broker - c:\windows\system32\sgrmbroker.exe R2 - [SQLBrowser] - SQL Server Browser - c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe R2 - [SQLWriter] - SQL Server VSS Writer - c:\program files\microsoft sql server\90\shared\sqlwriter.exe R2 - [SupportAssistAgent] - Dell SupportAssist - c:\program files\dell\supportassistagent\bin\supportassistagent.exe R2 - [SWVisualize2018.Queue.Server] - SWVisualize2018.Queue.Server - c:\program files\solidworks corp\solidworks visualize\swvisualize.queue.server.exe R2 - [tcsd_win32.exe] - Security Innovation TCS - e:\program files\dell\dell data protection\drivers\tss\bin\tcsd_win32.exe R2 - [TeamViewer] - TeamViewer 13 - c:\program files (x86)\teamviewer\teamviewer_service.exe R2 - [Update service] - Update service - c:\program files (x86)\popcorn time\updater.exe R2 - [WirelessKB850NotificationService] - Wireless Keyboard 850 Notification Service - c:\windows\system32\wirelesskb850notificationservice.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [aswbIDSAgent] - aswbIDSAgent - c:\program files\avast software\avast\x64\aswidsagenta.exe R3 - [DellMgmtServer] - DellMgmtServer - e:\program files\dell\dell data protection\client security framework\dell.securityframework.localserver.exe R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe R3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S2 - [dbupdate] - Dropbox-update-service (dbupdate) - c:\program files (x86)\dropbox\update\dropboxupdate.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [AvastWscReporter] - AvastWscReporter - c:\program files\avast software\avast\wsc_proxy.exe S3 - [CODESYS Control Win V3] - CODESYS Control Win V3 Version 3.5.7.20 - c:\program files (x86)\festo\codesysv3\gatewayplc\codesyscontrolservice.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [CoordinatorServiceHost] - DTSInterops - c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe S3 - [dbupdatem] - Dropbox-update-service (dbupdatem) - c:\program files (x86)\dropbox\update\dropboxupdate.exe S3 - [Dell.CommandPowerManager.Service] - Dell.CommandPowerManager.Service - c:\windows\system32\dllhost.exe S3 - [diagnosticshub.standardcollector.service] - Microsoft(R) Diagnostics Hub Standard Collector-service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [EPLAN Client Service] - EPLAN Client Service - c:\program files\eplan\common\eclientservice.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FlexNet Licensing Service 64] - FlexNet Licensing Service 64 - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe S3 - [FlexNet Licensing Service] - FlexNet Licensing Service - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe S3 - [GoogleChromeElevationService] - Google Chrome Elevation Service - c:\program files (x86)\google\chrome\application\71.0.3578.98\elevation_service.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [impi_hydra] - Intel(R) MPI Library Hydra Process Manager - c:\program files\common files\solidworks shared\simulation worker agent\hydra_service.exe S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [OpcEnum] - OpcEnum - c:\windows\syswow64\opcenum.exe S3 - [OpenVPNService] - OpenVPN Service - c:\program files\openvpn\bin\openvpnserv.exe S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [rpcapd] - Remote Packet Capture Protocol v.0 (experimental) - c:\program files (x86)\winpcap\rpcapd.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [Sense] - Windows Defender Advanced Threat Protection Service - c:\program files\windows defender advanced threat protection\mssense.exe S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [SolidWorks Licensing Service] - SolidWorks Licensing Service - c:\program files (x86)\common files\solidworks shared\service\solidworkslicensing.exe S3 - [spectrum] - Windows Perception Service - c:\windows\system32\spectrum.exe S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe S3 - [SwitchBoard] - Adobe SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe S3 - [TcAdsWcfHost] - TcAdsWcfHost - e:\twincat\adsapi\tcadswcf\v4.0.30319\tcadswcfhost.exe S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VsEtwService120] - Visual Studio ETW Event Collection Service - c:\program files\microsoft visual studio 12.0\common7\packages\debugger\services\vsetwservice.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Windows Defender Antivirus Network Inspection Service - c:\programdata\microsoft\windows defender\platform\4.18.1807.18075-0\nissrv.exe S3 - [WinDefend] - Windows Defender Antivirus Service - c:\programdata\microsoft\windows defender\platform\4.18.1807.18075-0\msmpeng.exe S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe S3 - [xbgm] - Xbox Game Monitoring - c:\windows\system32\xbgmsvc.exe S4 - [AppVClient] - Microsoft App-V Client - c:\windows\system32\appvclient.exe S4 - [DpHost] - Dell Data Protection Security Tools Authentication Service - e:\program files\dell\dell data protection\authentication\bin\dphostw.exe S4 - [NIApplicationWebServer64] - NI Application Web Server (64-bit) - c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe S4 - [SQLAgent$TEW_SQLEXPRESS] - SQL Server Agent (TEW_SQLEXPRESS) - c:\programdata\solidworks electrical\mssql12.tew_sqlexpress\mssql\binn\sqlagent.exe S4 - [ssh-agent] - OpenSSH Authentication Agent - c:\windows\system32\openssh\ssh-agent.exe S4 - [UevAgentService] - User Experience Virtualization Service - c:\windows\system32\agentservice.exe x2 - [mosquitto] - Mosquitto Broker - e:\program files (x86)\mosquitto\mosquitto.exe ==== System Specs ====================== Windows: Windows 10 Professional (64-bit) (Build 0) Memory (RAM): 16290 MB CPU Info: Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz CPU Speed: 2698,2 MHz Sound Card: LG TV (NVIDIA High Definition A | Luidsprekers / koptelefoons (Re | Display Adapters: Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | NVIDIA Quadro K1100M | NVIDIA Quadro K1100M | NVIDIA Quadro K1100M | NVIDIA Quadro K1100M Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Intel(R) Ethernet Connection I217-LM | Bluetooth Device (Personal Area Network) | VirtualBox Host-Only Ethernet Adapter | Dell Wireless 1550 802.11ac | Microsoft Wi-Fi Direct Virtual Adapter | Microsoft Wi-Fi Direct Virtual Adapter #2 CD / DVD Drives: 1x (F: | ) F: MATSHITADVD+-RW UJ8FB Ports: COM12 | COM11 | COM13 LPT1 Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 238,0GB | E: 465,2GB Hard Disks - Free: C: 93,5GB | E: 214,0GB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | 02/01/18 | DELL - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: Dell Inc. 0T3YTY Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Avast Antivirus On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Avast Antivirus disabled (Outdated) Microsoft Edge Version: 42.17134.1.0 Internet Explorer Version: 11.523.17134.0 Google Chrome version: 71.0.3578.98 Sun Java version: 1.8.0_181 (32-bit) Sun Java version: 1.8.0_181 (64-bit) Flash Player version: 11.1.102.55 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Sander\AppData\Local\Temp ==== 2019-01-15 17:33:14 8377C99BF813BE986D07730F5C433382 68096 ----a-w- C:\Users\Sander\AppData\Local\Temp\ZAScan.exe 2019-01-15 17:33:14 75375C22C72F1BEB76BEA39C22A1ED68 167936 ----a-w- C:\Users\Sander\AppData\Local\Temp\unzip.exe 2019-01-15 17:33:14 1A3F82F420340222F13C5633AEB716D6 533851 ----a-w- C:\Users\Sander\AppData\Local\Temp\sr.exe 2019-01-15 17:19:39 FAE35794A3C18376D6C2CC86DEFE683A 268696 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\IntlProvider.dll 2019-01-15 17:19:39 F68D8D3CDF2A69ADFA17103A59BA07C7 148376 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\SetupPlatformProvider.dll 2019-01-15 17:19:39 E6679058420F314DC0F7139FD9C49CD6 389536 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\DismCore.dll 2019-01-15 17:19:39 D6A1638D1A5BD55CC28CBA3A7E1929CF 558496 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\VhdProvider.dll 2019-01-15 17:19:39 CDD5552F2B7624CA4FC68DB1B55C5942 144800 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\OSProvider.dll 2019-01-15 17:19:39 CA35BB40B7F0EC8BA57DC88CEFB3050E 210840 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\MsiProvider.dll 2019-01-15 17:19:39 C8BA59C9D2621156CA769BCF28D3B8AA 777624 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\SysprepProvider.dll 2019-01-15 17:19:39 C01C1EC1FFAC8FED5E5166DCB4E5474A 566688 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\AppxProvider.dll 2019-01-15 17:19:39 B709B8C7A005ABF044707E37B3A1BA9F 102816 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\GenericProvider.dll 2019-01-15 17:19:39 A962C955A7D4C88D314EF1D50C5DF166 59288 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\IBSProvider.dll 2019-01-15 17:19:39 991D6AE0BC07F4F3D4A528F90D02E58A 879520 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\CbsProvider.dll 2019-01-15 17:19:39 56AB21899EF18D30D925832D1FB5C270 188312 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\OfflineSetupProvider.dll 2019-01-15 17:19:39 559E29CD253437916D691CC6F9C378E8 60832 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\FolderProvider.dll 2019-01-15 17:19:39 5350CC7E1136515660C8113FFFE7C7A7 261016 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\UnattendProvider.dll 2019-01-15 17:19:39 506518C464D0D4826C8AA57F92ABC41E 112544 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\AssocProvider.dll 2019-01-15 17:19:39 4C307D34CA5FAA593DBF304DD1FCB75F 164256 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\CompatProvider.dll 2019-01-15 17:19:39 4B97768646625C388BAE917423261A0D 77728 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\LogProvider.dll 2019-01-15 17:19:39 44CB9FE41AFD8A36E27D76C701D0376A 267168 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\SmiProvider.dll 2019-01-15 17:19:39 3E0658FB0FAE420080B53BB2D04F3D4A 579584 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\FfuProvider.dll 2019-01-15 17:19:39 377E7264DFC1F1A5A7A245A06077182F 177568 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\DismCorePS.dll 2019-01-15 17:19:39 2A1EE8DF1DD0335605DCC5015C60EBC0 144056 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\DismHost.exe 2019-01-15 17:19:39 1EEF6AA1BB47B0E15A94CBF06C4C268E 249248 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\DismProv.dll 2019-01-15 17:19:39 1CEF37AF7EC6DA526489CE13FD7681F4 419744 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\DmiProvider.dll 2019-01-15 17:19:39 133DE38C30B57FBF903305B1FDB0325D 744352 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\ProvProvider.dll 2019-01-15 17:19:39 0BF68FD4B49AEEC6F93672E31220BB28 1296792 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\TransmogProvider.dll 2019-01-15 17:19:39 09DDFD9D4CAC11982EAA5FA907882227 628128 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\WimProvider.dll 2019-01-15 17:19:39 01DB32511EC1363BA9D6A693C84B260E 220056 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\ImagingProvider.dll 2019-01-15 15:24:16 FAE35794A3C18376D6C2CC86DEFE683A 268696 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\IntlProvider.dll 2019-01-15 15:24:16 F68D8D3CDF2A69ADFA17103A59BA07C7 148376 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\SetupPlatformProvider.dll 2019-01-15 15:24:16 E6679058420F314DC0F7139FD9C49CD6 389536 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\DismCore.dll 2019-01-15 15:24:16 D6A1638D1A5BD55CC28CBA3A7E1929CF 558496 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\VhdProvider.dll 2019-01-15 15:24:16 CDD5552F2B7624CA4FC68DB1B55C5942 144800 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\OSProvider.dll 2019-01-15 15:24:16 CA35BB40B7F0EC8BA57DC88CEFB3050E 210840 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\MsiProvider.dll 2019-01-15 15:24:16 C8BA59C9D2621156CA769BCF28D3B8AA 777624 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\SysprepProvider.dll 2019-01-15 15:24:16 C01C1EC1FFAC8FED5E5166DCB4E5474A 566688 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\AppxProvider.dll 2019-01-15 15:24:16 B709B8C7A005ABF044707E37B3A1BA9F 102816 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\GenericProvider.dll 2019-01-15 15:24:16 A962C955A7D4C88D314EF1D50C5DF166 59288 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\IBSProvider.dll 2019-01-15 15:24:16 991D6AE0BC07F4F3D4A528F90D02E58A 879520 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\CbsProvider.dll 2019-01-15 15:24:16 56AB21899EF18D30D925832D1FB5C270 188312 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\OfflineSetupProvider.dll 2019-01-15 15:24:16 559E29CD253437916D691CC6F9C378E8 60832 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\FolderProvider.dll 2019-01-15 15:24:16 5350CC7E1136515660C8113FFFE7C7A7 261016 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\UnattendProvider.dll 2019-01-15 15:24:16 506518C464D0D4826C8AA57F92ABC41E 112544 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\AssocProvider.dll 2019-01-15 15:24:16 4C307D34CA5FAA593DBF304DD1FCB75F 164256 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\CompatProvider.dll 2019-01-15 15:24:16 4B97768646625C388BAE917423261A0D 77728 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\LogProvider.dll 2019-01-15 15:24:16 44CB9FE41AFD8A36E27D76C701D0376A 267168 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\SmiProvider.dll 2019-01-15 15:24:16 3E0658FB0FAE420080B53BB2D04F3D4A 579584 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\FfuProvider.dll 2019-01-15 15:24:16 377E7264DFC1F1A5A7A245A06077182F 177568 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\DismCorePS.dll 2019-01-15 15:24:16 2A1EE8DF1DD0335605DCC5015C60EBC0 144056 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\DismHost.exe 2019-01-15 15:24:16 1EEF6AA1BB47B0E15A94CBF06C4C268E 249248 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\DismProv.dll 2019-01-15 15:24:16 1CEF37AF7EC6DA526489CE13FD7681F4 419744 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\DmiProvider.dll 2019-01-15 15:24:16 133DE38C30B57FBF903305B1FDB0325D 744352 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\ProvProvider.dll 2019-01-15 15:24:16 0BF68FD4B49AEEC6F93672E31220BB28 1296792 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\TransmogProvider.dll 2019-01-15 15:24:16 09DDFD9D4CAC11982EAA5FA907882227 628128 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\WimProvider.dll 2019-01-15 15:24:16 01DB32511EC1363BA9D6A693C84B260E 220056 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\ImagingProvider.dll 2019-01-15 10:03:03 D52F08ACCA2EDF3E3146EB68EB7D25B4 26008 ----a-w- C:\Users\Sander\AppData\Local\Temp\{BE2FD5DD-E6FE-45FF-8622-2E8C6FAD9B8B}\TcCopyInf.exe 2019-01-15 10:03:03 9F4490BFC852D1AE830FC77FCFAB1619 29592 ----a-w- C:\Users\Sander\AppData\Local\Temp\{BE2FD5DD-E6FE-45FF-8622-2E8C6FAD9B8B}\TcCopyInf64.exe 2019-01-15 10:03:03 02D6E03DC26A46112854D4416A0CBC02 229272 ----a-w- C:\Users\Sander\AppData\Local\Temp\{BE2FD5DD-E6FE-45FF-8622-2E8C6FAD9B8B}\TcSwitchRuntime.exe 2019-01-15 10:03:03 011D6D52899961A0F148C849F699F394 402040 ----a-w- C:\Users\Sander\AppData\Local\Temp\{BE2FD5DD-E6FE-45FF-8622-2E8C6FAD9B8B}\vswhere.exe ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2019-01-11 19:51:33 A114DFD178BC397E2303CB878E5F6C43 6571584 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-01-11 19:51:29 57FB06B865C4ED8DE13A41F490E4F888 22016512 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2019-01-11 19:51:29 5484B120505A91665004D4B2A59831E5 4514816 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2019-01-11 19:51:28 1230CFEBC536BDDAE1BF46CBD6A204CE 19405312 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2019-01-11 19:51:27 7B6922810024C3EBA821CB71E9FEEFC6 11902976 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2019-01-11 19:51:27 78A503DA2CD3FBA56B3BC8A978AE536A 5775872 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll 2019-01-11 19:51:26 D66E4A723FC335B67AAC8CA5491C9CA7 2478664 ----a-w- C:\WINDOWS\SysWOW64\combase.dll 2019-01-11 19:51:26 1DB1CE20DB6DD53B90D3550F741954F9 2253696 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2019-01-11 19:51:25 CC007F3D7C1E98A9E5F6354F613BD212 1989040 ----a-w- C:\WINDOWS\SysWOW64\msxml6.dll 2019-01-11 19:51:25 C4D62A77D6C8336C5252473405340BD8 5307392 ----a-w- C:\WINDOWS\SysWOW64\d2d1.dll 2019-01-11 19:51:25 C1D23D5FC2336CF1AA781DC654D477F9 1628160 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2019-01-11 19:51:24 F6B684D81AF54D531678A4CAF80FA01D 880048 ----a-w- C:\WINDOWS\SysWOW64\WinTypes.dll 2019-01-11 19:51:24 659A8E81A2586BEA967FF9F5424DFC2B 594432 ----a-w- C:\WINDOWS\SysWOW64\Windows.Web.dll 2019-01-11 19:51:24 4CDC4DF8BFE49383D2F36F5606BB11EB 352768 ----a-w- C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-01-11 19:51:24 1EF6524C3134B30B4597DE6067DBEB56 608768 ----a-w- C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-01-11 19:51:23 F8C96E6512FCA15FBD5D56C74508CC96 581808 ----a-w- C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-01-11 19:51:23 ECDF2758DA823BF35AA492AD1B535740 1036288 ----a-w- C:\WINDOWS\SysWOW64\aadtb.dll 2019-01-11 19:51:23 DB19C23ACD7CFFFEE2D6FFEA13EE7710 317440 ----a-w- C:\WINDOWS\SysWOW64\dhcpcore.dll 2019-01-11 19:51:23 D6555D5A9586FD5483299C66110096BE 153088 ----a-w- C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll 2019-01-11 19:51:23 D213D40F8DC79448CEC224AD7D7C931F 251904 ----a-w- C:\WINDOWS\SysWOW64\msIso.dll 2019-01-11 19:51:23 C4D0BB3CAD87D6489EE3C438082CC73C 578560 ----a-w- C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-01-11 19:51:23 BC9C729AAC339E2B4B7730D17DDC995E 778240 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll 2019-01-11 19:51:23 B71381B8F5BC33312D8D84453F505464 331264 ----a-w- C:\WINDOWS\SysWOW64\edgeIso.dll 2019-01-11 19:51:23 6EC9A41704EB538E2C6CFF5B00EA4D09 330752 ----a-w- C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll 2019-01-11 19:51:23 6BF66A9631E39DC9FBBFCC550AD6CF77 516608 ----a-w- C:\WINDOWS\SysWOW64\wlidprov.dll 2019-01-11 19:51:23 408632ABF411FE886240FDD6D2DD7012 1361408 ----a-w- C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-01-11 19:51:23 2A49C79CF63F0E6CF5761B4E5EB9177B 381240 ----a-w- C:\WINDOWS\SysWOW64\msv1_0.dll 2019-01-11 19:51:23 1DAF25DD6150CB71B437644811BFD321 231936 ----a-w- C:\WINDOWS\SysWOW64\wlidcredprov.dll 2019-01-11 19:51:22 C5A164C271FB51180CF5A84E9E3299D4 310272 ----a-w- C:\WINDOWS\SysWOW64\wincorlib.dll 2019-01-11 19:51:22 AFA943864CEF75F9331400ED54C56075 165888 ----a-w- C:\WINDOWS\SysWOW64\windowslivelogin.dll 2019-01-11 19:51:22 754BC46ED548745E38048207EE76DE01 500736 ----a-w- C:\WINDOWS\SysWOW64\wlidcli.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2019-01-14 20:44:06 F4902D445173DB08D1062D4F63AAC7DC 1483576 ----a-w- C:\WINDOWS\Sysnative\mcupdate_GenuineIntel.dll 2019-01-11 19:51:33 8F0041F4D4BA034278BF975B8999D652 7520104 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Protection.PlayReady.dll 2019-01-11 19:51:32 AA2F734011F93AB2C91A6A283B41D31E 25856512 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2019-01-11 19:51:32 2F18160D2A2BA7342688948FB94FCFE5 22715392 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2019-01-11 19:51:30 0D02868B0E1DFCD934F2417231BBCC79 4939776 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2019-01-11 19:51:29 CDEBC68F7AB7573BBE2EE73634CF7B3B 9084216 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2019-01-11 19:51:28 84426EB584536D85BD6C38BF87B7D958 7573504 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll 2019-01-11 19:51:27 E90167A718C90500F08976B4D2808C95 3292152 ----a-w- C:\WINDOWS\Sysnative\combase.dll 2019-01-11 19:51:27 72648F39F7519965B8B832B2EF0696CB 12710912 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2019-01-11 19:51:27 3BFF51BD731D903EB68C065B76AF35D6 4383744 ----a-w- C:\WINDOWS\Sysnative\EdgeContent.dll 2019-01-11 19:51:26 AE9386D20C2F3FD9283B6D8982C70C5F 1221432 ----a-w- C:\WINDOWS\Sysnative\hvix64.exe 2019-01-11 19:51:26 75DEB0B60FDFEE671ADFE37908AD82A9 2765344 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2019-01-11 19:51:26 0FD96D51808AA03D51836481945C969F 2465792 ----a-w- C:\WINDOWS\Sysnative\msxml6.dll 2019-01-11 19:51:26 06E2B357FB96DBE7182C4904B9A60172 2368512 ----a-w- C:\WINDOWS\Sysnative\WebRuntimeManager.dll 2019-01-11 19:51:25 FA620D7AAAD49F636BC3DE2269830A72 2247680 ----a-w- C:\WINDOWS\Sysnative\wlidsvc.dll 2019-01-11 19:51:25 EF688DEA876CB8054E8E286DB3B43929 1029944 ----a-w- C:\WINDOWS\Sysnative\hvax64.exe 2019-01-11 19:51:25 C94D04F80A3A336A12C1D82FEE40F6EC 1805312 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2019-01-11 19:51:25 6C6A2935D37B7849B4269A2FE95165CC 1371136 ----a-w- C:\WINDOWS\Sysnative\aadtb.dll 2019-01-11 19:51:25 4B8C32E3BEE4E1A18B528DB15D7A734E 808448 ----a-w- C:\WINDOWS\Sysnative\EdgeManager.dll 2019-01-11 19:51:25 2383579559B1EB66C4FA2297119CEDD0 1159680 ----a-w- C:\WINDOWS\Sysnative\rpcss.dll 2019-01-11 19:51:25 0FBCBA92A1A149B4F196D5DE111C87B7 1364992 ----a-w- C:\WINDOWS\Sysnative\bcastdvruserservice.dll 2019-01-11 19:51:24 FE4EB5743F0C6953017F747E725EA99F 662528 ----a-w- C:\WINDOWS\Sysnative\wlidprov.dll 2019-01-11 19:51:24 F33CE6D7E59CEB4784461ED16EF4F7A8 1063224 ----a-w- C:\WINDOWS\Sysnative\SecConfig.efi 2019-01-11 19:51:24 E120E1845192C29BF4E17E9F1D26A588 894464 ----a-w- C:\WINDOWS\Sysnative\webplatstorageserver.dll 2019-01-11 19:51:24 C0C57224484134333186A5324E017A4B 1363536 ----a-w- C:\WINDOWS\Sysnative\WinTypes.dll 2019-01-11 19:51:24 B76E469396354C8E39346619791FDB03 717312 ----a-w- C:\WINDOWS\Sysnative\Windows.Web.dll 2019-01-11 19:51:24 881ECFF174A420CB6FF1F826889A48DA 505344 ----a-w- C:\WINDOWS\Sysnative\edgeIso.dll 2019-01-11 19:51:24 6D105F78819294023D28C8F63DC782B2 268304 ----a-w- C:\WINDOWS\Sysnative\browserbroker.dll 2019-01-11 19:51:24 643D4BBCCBACF3B7DE92A7AB8FBA979C 1549824 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2019-01-11 19:51:24 47D4898A19720CB6E44FD9CAB7344D1E 433152 ----a-w- C:\WINDOWS\Sysnative\MusNotification.exe 2019-01-11 19:51:24 25F594F1E3639BC8B9B67785D6F1B47A 899072 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll 2019-01-11 19:51:24 11C7AA643118671639A7677668E9B3A6 456192 ----a-w- C:\WINDOWS\Sysnative\Windows.Graphics.Printing.Workflow.dll 2019-01-11 19:51:24 0E0D6FD6FD094D235AC150735CFBC285 566568 ----a-w- C:\WINDOWS\Sysnative\tcblaunch.exe 2019-01-11 19:51:23 D6BD91642F17E3A675F41F06654B3367 352768 ----a-w- C:\WINDOWS\Sysnative\dhcpcore.dll 2019-01-11 19:51:23 CF39143CD7C7B12C8F255A89CB80D0A7 342528 ----a-w- C:\WINDOWS\Sysnative\browserexport.exe 2019-01-11 19:51:23 A193999AB71D8212006D4BC4D8650740 43536 ----a-w- C:\WINDOWS\Sysnative\browser_broker.exe 2019-01-11 19:51:23 8B536A4A5E34A0D8F6241581E884E348 436024 ----a-w- C:\WINDOWS\Sysnative\msv1_0.dll 2019-01-11 19:51:23 8AB62C0BC8BFD8A5B1DB506BAFDE5B4C 714752 ----a-w- C:\WINDOWS\Sysnative\wlidcli.dll 2019-01-11 19:51:23 5BCE10696D6C2105CCF06317002B2CA1 209408 ----a-w- C:\WINDOWS\Sysnative\MicrosoftAccountTokenProvider.dll 2019-01-11 19:51:23 3FE7E9B37174839F2572F470615D6AFF 134968 ----a-w- C:\WINDOWS\Sysnative\hvloader.dll 2019-01-11 19:51:23 383A6CD5CADF3500FFF91715ECB1E01C 713272 ----a-w- C:\WINDOWS\Sysnative\MSVideoDSP.dll 2019-01-11 19:51:23 13D65CB65EFACB300EA06BA878212ACA 1708544 ----a-w- C:\WINDOWS\Sysnative\MSPhotography.dll 2019-01-11 19:51:23 0DD6AB9BA3CE309E3500CCE381866DA3 153088 ----a-w- C:\WINDOWS\Sysnative\dssvc.dll 2019-01-11 19:51:22 94A17851470CE137752A7664814BBC31 64000 ----a-w- C:\WINDOWS\Sysnative\iemigplugin.dll 2019-01-11 19:51:22 8ACD8B56951CC34FE38E98F7F95F07B0 225792 ----a-w- C:\WINDOWS\Sysnative\windowslivelogin.dll 2019-01-11 19:51:22 6B41F588865C5FEDD1B378F2A5BAF27A 1310 ----a-w- C:\WINDOWS\Sysnative\tcbres.wim 2019-01-11 19:51:22 253F56655A68C2AB7D11A5378E637FF5 154112 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll 2019-01-11 19:51:22 197F2063AB3EBF57CB2034C228EE57D0 79360 ----a-w- C:\WINDOWS\Sysnative\Print.Workflow.Source.dll 2019-01-11 19:51:22 0E065637F4FCB3E752BE92BB749A2A63 285184 ----a-w- C:\WINDOWS\Sysnative\wlidcredprov.dll 2019-01-08 13:07:28 F91F3935C4E6DA8A517B989DFC73AA2C 51024 ----a-w- C:\WINDOWS\Sysnative\DbxSvc.exe ====== C:\WINDOWS\Sysnative\drivers ===== 2019-01-11 19:51:25 D17E3E9423FC7493DECD896B699E5407 2421288 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys 2019-01-11 19:51:23 C87059D18F28CDDBD9188C1E32A05473 709728 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2019-01-11 19:51:23 78284C8CA31F9DC0B572F34CCA29A360 81920 ----a-w- C:\WINDOWS\Sysnative\drivers\wanarp.sys 2019-01-11 19:51:23 5BC33B3FEC9C98149D8225CED349901C 76088 ----a-w- C:\WINDOWS\Sysnative\drivers\hvservice.sys 2019-01-11 19:51:23 43C0423E16C823E22BA9E50DB06FB275 170808 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2019-01-11 19:51:23 2C6B9EE839C968B37C0E263827E97184 128824 ----a-w- C:\WINDOWS\Sysnative\drivers\tm.sys 2019-01-08 13:07:28 5479FE2D8FEE02FECD534510B407C034 47800 ----a-w- C:\WINDOWS\Sysnative\drivers\dbx-stable.sys 2019-01-08 13:07:28 5479FE2D8FEE02FECD534510B407C034 47800 ----a-w- C:\WINDOWS\Sysnative\drivers\dbx-dev.sys 2019-01-08 13:07:28 5479FE2D8FEE02FECD534510B407C034 47800 ----a-w- C:\WINDOWS\Sysnative\drivers\dbx-canary.sys 2018-12-24 22:20:14 3CE93283525FA3B9792FAFC1F06CDEC3 32872 ----a-w- C:\WINDOWS\Sysnative\drivers\bcd3000wdm_x64.sys 2018-12-24 22:20:14 145B2FCF11FDDA5C1D3C3DEC36402A0F 54888 ----a-w- C:\WINDOWS\Sysnative\drivers\bcd3000_x64.sys 2018-12-18 20:00:54 7B4BAF7E03A9C9304A3E3F418717965C 2333 ----a-w- C:\WINDOWS\Sysnative\drivers\mrvdp.inf ====== C:\WINDOWS\Tasks ====== 2019-01-08 18:56:11 DE4ADDEF1997B29BEC80D587A96374AE 3870 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player PPAPI Notifier ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2019-01-14 21:57:06 -------- d-----w- C:\Program Files\Common Files\DESIGNER 2019-01-14 19:02:22 -------- d-----w- C:\Program Files\Macrium 2018-12-24 22:19:49 -------- d-----w- C:\Program Files\behringer 2018-12-24 14:49:41 -------- d-----w- C:\Program Files\Native Instruments 2018-12-24 14:49:41 -------- d-----w- C:\Program Files\Common Files\Native Instruments ======= C:\PROGRA~2 ===== 2018-12-24 22:52:31 -------- d-----w- C:\PROGRA~2\COMMON~1\Native Instruments 2018-12-24 15:02:27 -------- d-----w- C:\PROGRA~2\VirtualDJ ======= C: ===== ====== C:\Users\Sander\AppData\Roaming ====== 2019-01-15 17:31:27 -------- d-----w- C:\Users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2019-01-14 21:56:43 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Skype 2019-01-12 21:32:06 -------- d-----w- C:\Users\Sander\AppData\Roaming\dvdcss 2019-01-09 11:13:03 -------- d-----w- C:\Users\Sander\AppData\Local\Dell Inc 2019-01-02 22:26:04 -------- d-----w- C:\Users\Sander\AppData\Roaming\QGroundControl.org 2019-01-02 22:10:20 -------- d-----w- C:\Users\Sander\AppData\Local\QGroundControl.org 2018-12-27 21:31:27 0BF24384F41D57E1869CC6F9919BC5E3 132 ----a-w- C:\Users\Sander\AppData\Roaming\Adobe PNG Format CS6 Prefs 2018-12-24 16:08:26 -------- d-----w- C:\Users\Sander\AppData\Roaming\Native Instruments 2018-12-24 16:08:26 -------- d-----w- C:\Users\Sander\AppData\Local\Native Instruments 2018-12-24 16:08:26 -------- d-----w- C:\Users\Sander\AppData\Local\cache 2018-12-24 15:02:39 -------- d-----w- C:\Users\Sander\AppData\Local\VirtualDJ ====== C:\Users\Sander ====== 2019-01-15 17:31:25 E7DFCA01F394755C11F853602CB2608A 4 ---ha-w- C:\ProgramData\cm-lock 2019-01-14 21:56:58 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\OneDrive 2019-01-14 19:02:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium 2019-01-09 10:10:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-01-02 22:25:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGroundControl 2018-12-24 22:53:28 -------- dc-h--w- C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E} 2018-12-24 22:52:10 -------- dc-h--w- C:\ProgramData\{972BEEDB-39CF-495B-A950-BFDB60512E9F} 2018-12-24 22:51:56 -------- dc-h--w- C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7} 2018-12-24 22:51:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2018-12-24 14:49:49 -------- d-----w- C:\ProgramData\Native Instruments ====== C: exe-files == 2019-01-15 17:33:14 8377C99BF813BE986D07730F5C433382 68096 ----a-w- C:\Users\Sander\AppData\Local\Temp\ZAScan.exe 2019-01-15 17:33:14 75375C22C72F1BEB76BEA39C22A1ED68 167936 ----a-w- C:\Users\Sander\AppData\Local\Temp\unzip.exe 2019-01-15 17:33:14 1A3F82F420340222F13C5633AEB716D6 533851 ----a-w- C:\Users\Sander\AppData\Local\Temp\sr.exe 2019-01-15 17:19:39 2A1EE8DF1DD0335605DCC5015C60EBC0 144056 ----a-w- C:\Users\Sander\AppData\Local\Temp\168D31CB-CDF7-427A-8044-07DD374B9E9A\DismHost.exe 2019-01-15 15:24:16 2A1EE8DF1DD0335605DCC5015C60EBC0 144056 ----a-w- C:\Users\Sander\AppData\Local\Temp\B02E2D9B-4048-4165-BF40-B1569DF33271\DismHost.exe 2019-01-15 10:03:03 D52F08ACCA2EDF3E3146EB68EB7D25B4 26008 ----a-w- C:\Users\Sander\AppData\Local\Temp\{BE2FD5DD-E6FE-45FF-8622-2E8C6FAD9B8B}\TcCopyInf.exe 2019-01-15 10:03:03 9F4490BFC852D1AE830FC77FCFAB1619 29592 ----a-w- C:\Users\Sander\AppData\Local\Temp\{BE2FD5DD-E6FE-45FF-8622-2E8C6FAD9B8B}\TcCopyInf64.exe 2019-01-15 10:03:03 02D6E03DC26A46112854D4416A0CBC02 229272 ----a-w- C:\Users\Sander\AppData\Local\Temp\{BE2FD5DD-E6FE-45FF-8622-2E8C6FAD9B8B}\TcSwitchRuntime.exe 2019-01-15 10:03:03 011D6D52899961A0F148C849F699F394 402040 ----a-w- C:\Users\Sander\AppData\Local\Temp\{BE2FD5DD-E6FE-45FF-8622-2E8C6FAD9B8B}\vswhere.exe 2019-01-14 21:56:57 CD7DC286D2FDFACB965C3E10967B2199 1517280 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2019-01-14 21:56:57 85C17B1582B381C34E1E9E6D2C1861DC 1669856 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 2019-01-14 21:56:57 69B9EF9C6ADBBB13DC545C00B48F4702 20466392 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\OneDriveSetup.exe 2019-01-14 21:56:57 69B9EF9C6ADBBB13DC545C00B48F4702 20466392 ----a-w- C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe 2019-01-14 21:56:44 95C4A764D538341B62F5F183C0DE655C 229080 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe 2019-01-14 21:56:44 62BB6F8FED4F31B26DAA085918B0C2EB 215264 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileCoAuth.exe 2019-01-14 21:55:55 A8F8F30393D5095B4E97EE4B03252D1F 33832 ----a-w- C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OsfInstallerBgt.exe 2019-01-14 21:55:55 9ED4C5A69401205CBC0299DCA92D2013 1093712 ----a-w- C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe 2019-01-14 21:55:55 4779269C9F9AB738704B64B89BA8FF02 294048 ----a-w- C:\Program Files\Microsoft Office\root\Office16\msoasb.exe 2019-01-14 21:39:39 9793DB7D36AFBCEABE1204BBA0060E8D 1971560 ----a-w- C:\Program Files\Common Files\AVG\Overseer\overseer.exe 2019-01-11 19:51:31 475F1D8B828B3A6A2D610B4AABBA292F 14966600 ----a-w- C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 2019-01-11 19:51:30 0C692AFB64A56ADC76EEE2F97A78EEA3 13600056 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 2019-01-11 19:51:29 CDEBC68F7AB7573BBE2EE73634CF7B3B 9084216 ----a-w- C:\Windows\System32\ntoskrnl.exe 2019-01-11 19:51:26 CEF8855465ACC563A705027AA9B6F9CF 3239752 ----a-w- C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe 2019-01-11 19:51:26 AE9386D20C2F3FD9283B6D8982C70C5F 1221432 ----a-w- C:\Windows\System32\hvix64.exe 2019-01-11 19:51:25 EF688DEA876CB8054E8E286DB3B43929 1029944 ----a-w- C:\Windows\System32\hvax64.exe 2019-01-11 19:51:24 47D4898A19720CB6E44FD9CAB7344D1E 433152 ----a-w- C:\Windows\System32\MusNotification.exe 2019-01-11 19:51:24 45700AFF91F0E540F26A032A65E72706 552960 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe 2019-01-11 19:51:24 0E0D6FD6FD094D235AC150735CFBC285 566568 ----a-w- C:\Windows\System32\tcblaunch.exe 2019-01-11 19:51:23 CF39143CD7C7B12C8F255A89CB80D0A7 342528 ----a-w- C:\Windows\System32\browserexport.exe 2019-01-11 19:51:23 B87B855FD3CD2053B80D8A5438A22CE5 497152 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cain.exe 2019-01-11 19:51:23 A193999AB71D8212006D4BC4D8650740 43536 ----a-w- C:\Windows\System32\browser_broker.exe 2019-01-11 19:51:23 8CFD2CCD0C6A3AC09B2A5AF288C5296A 237576 ----a-w- C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 2019-01-11 19:51:23 77B080C6A93DE0924542AFD19726AD8C 280576 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 2019-01-11 19:51:23 4214B50ECA003F5D8CE68FE85BBE3E1D 844320 ----a-w- C:\Windows\Boot\PCAT\memtest.exe 2019-01-09 11:14:03 C8D7B9DF3A7DFC49BE5E2AE98182D1AF 29000 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\Updater\6.0.6992.1466\UpdaterUI.exe 2019-01-09 11:13:52 D9FC1CB75059534A8F9C983B90EE99B0 45384 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\SystemIdleCheck.exe 2019-01-09 11:13:52 B8A4276F8165371BE5A81E3D206A7E95 140096 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\hybridGPUSwitch.exe 2019-01-09 11:13:52 8BB9D96711A5F94F3181788AE5F02831 43848 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\resourceUtil.exe 2019-01-09 11:13:52 65704D3756B4974EF59A6D652FCA0D2A 48960 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\obistutil.exe 2019-01-09 11:13:52 30A1918D2C360DA65E689691A99801DF 337224 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\pcdrwi.exe 2019-01-09 11:13:52 2A8A445946E974CE6F81E126A9D24062 664904 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\pcd.exe 2019-01-09 11:13:52 280AFE242EAFC4C007A75A6F53E053C5 1293632 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\Uninstaller.exe 2019-01-09 11:13:52 1C0215B456CB5342D8CB2C4F1F6B9EEB 21320 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\wifiradio.exe 2019-01-09 11:13:51 E5013E9CFCB78324A16C3047615EF8EE 1035072 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\DSAPI.exe 2019-01-09 11:13:51 8BDD880DECEB24C9D5E595E335A66992 71488 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\LogGrabber.exe 2019-01-09 11:13:51 89D5C17FC8A7CCB943818A277372B805 23880 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\PcdrEngine.exe 2019-01-09 11:13:51 2FFD11911E074EE0CA4F9D364B6271C9 19776 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\FilterDriverFix.exe 2019-01-09 11:13:51 2046A8C478969A45D1C6D65D36BD648D 403264 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\MessageBoxPluginProcess.exe 2019-01-09 10:10:42 F91F3935C4E6DA8A517B989DFC73AA2C 51024 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbxsvc.exe 2019-01-09 10:10:42 A86A985F3986E7F7B5346B98F391CA15 4050752 ----a-w- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 2019-01-09 10:10:42 7EA9541A7778CD58187890301B8CCDE1 43856 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbxsvc.exe 2019-01-09 10:10:42 425597482411554532049CA343C43577 169552 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe 2019-01-09 10:10:11 7068B12178849948853AEAD8155B2775 91954008 ----a-w- C:\Program Files (x86)\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\64.4.141\DropboxClient_64.4.141.exe === C: other files == 2019-01-15 17:31:52 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\Sander\AppData\Local\Temp\_MEI194282\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2019-01-15 17:31:52 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Sander\AppData\Local\Temp\_MEI194282\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2019-01-14 21:56:44 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\CollectOneDriveLogs.bat 2019-01-11 20:08:51 448FC5EC19445AA203729A9894703F00 6413 ----a-w- C:\ProgramData\SupportAssist\Client\Agent\ClickFeed\SupportAssist_F6BXH12_20190111210851_log.zip 2019-01-11 19:51:25 D17E3E9423FC7493DECD896B699E5407 2421288 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2019-01-11 19:51:23 C87059D18F28CDDBD9188C1E32A05473 709728 ----a-w- C:\Windows\System32\drivers\cng.sys 2019-01-11 19:51:23 78284C8CA31F9DC0B572F34CCA29A360 81920 ----a-w- C:\Windows\System32\drivers\wanarp.sys 2019-01-11 19:51:23 5BC33B3FEC9C98149D8225CED349901C 76088 ----a-w- C:\Windows\System32\drivers\hvservice.sys 2019-01-11 19:51:23 43C0423E16C823E22BA9E50DB06FB275 170808 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2019-01-11 19:51:23 2C6B9EE839C968B37C0E263827E97184 128824 ----a-w- C:\Windows\System32\drivers\tm.sys 2019-01-09 16:38:13 DE94D3F68323FD3844448E34E794C3DA 7117 ----a-w- C:\ProgramData\SupportAssist\Client\Agent\reports\F6BXH12_SupportAssistClient_20190109173813\HardwareLogs.zip 2019-01-09 16:27:26 BCA3B2A0479CA200628CCB1EEF2D091C 3205 ----a-w- C:\Users\Sander\AppData\Local\SolidWorks\CXPA\20190109172721_26.3.0.0063.zip 2019-01-09 11:13:52 CA6931FCBC1492D7283AA9DC0149032E 50640 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\iqvw64e.sys 2019-01-09 11:13:52 67ECCCB304DF2D72D1ED0CF2E35E4858 37696 ----a-w- C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\drivers\pcdrndisprot\x64\pcdrndisprot.sys 2019-01-09 10:10:43 EE0D7A2EE003C3A72C86B98D45436512 30191493 ----a-w- C:\Program Files (x86)\Dropbox\Client\python-packages-36.zip 2019-01-09 10:10:42 6DEE777BC859E8E0C6BC01117C1B6ABD 37040 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-stable.sys 2019-01-09 10:10:42 6DEE777BC859E8E0C6BC01117C1B6ABD 37040 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-dev.sys 2019-01-09 10:10:42 6DEE777BC859E8E0C6BC01117C1B6ABD 37040 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-canary.sys 2019-01-09 10:10:42 5479FE2D8FEE02FECD534510B407C034 47800 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-stable.sys 2019-01-09 10:10:42 5479FE2D8FEE02FECD534510B407C034 47800 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-dev.sys 2019-01-09 10:10:42 5479FE2D8FEE02FECD534510B407C034 47800 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-canary.sys 2019-01-08 23:46:31 493ADA5ED54C46D13EB0A37DF16A7C78 723463 ----a-w- C:\ProgramData\SupportAssist\Client\Agent\reports\F6BXH12_SupportAssistClient_20190109004631\HardwareLogs.zip 2019-01-08 22:38:10 4568BCEEBD94DF82C626E8114687AEC9 203743 ----a-w- C:\ProgramData\SupportAssist\Client\Agent\reports\F6BXH12_SupportAssistClient_20190108233810\HardwareLogs.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-206212355-4137757536-372733183-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Sander\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Spotify"="C:\Users\Sander\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized" "InputDirector"="E:\Program Files (x86)\Input Director\InputDirector.exe /hide" "GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart" "Greenshot"="E:\Program Files\Greenshot\Greenshot.exe" "Steam"="E:\Program Files (x86)\Steam\steam.exe -silent" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "NIRegistrationWizard"="C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1043" "Franz"="C:\Users\Sander\AppData\Local\Programs\franz\Franz.exe" "GlassWire"="C:\Program Files (x86)\GlassWire\glasswire.exe -hide" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "GatewaySysTray"="C:\Program Files (x86)\Festo\CODESYSV3\GatewayPLC\GatewaySysTray.exe" "CODESYSControlSysTray"="C:\Program Files (x86)\Festo\CODESYSV3\GatewayPLC\CODESYSControlSysTray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Sander\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Spotify"="C:\Users\Sander\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized" "InputDirector"="E:\Program Files (x86)\Input Director\InputDirector.exe /hide" "GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart" "Greenshot"="E:\Program Files\Greenshot\Greenshot.exe" "Steam"="E:\Program Files (x86)\Steam\steam.exe -silent" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "NIRegistrationWizard"="C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1043" "Franz"="C:\Users\Sander\AppData\Local\Programs\franz\Franz.exe" "GlassWire"="C:\Program Files (x86)\GlassWire\glasswire.exe -hide" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe /s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "WavesSvc"="C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe" "AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui" "iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" "CNAP2 Launcher"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" "Reflect UI"="C:\Program Files\Macrium\Common\ReflectUI.exe" "SecurityHealth"="%ProgramFiles%\Windows Defender\MSASCuiL.exe" ==== Startup Folders ====================== 2018-12-24 22:20:14 885 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BCD3000 Control Panel.lnk 2018-11-19 10:13:14 2286 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk 2018-09-05 08:26:02 1302 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk 2018-09-03 15:28:13 2769 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2018 Fast Start.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\Windows\explorer.exe [06-07-2018 15:17] C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [23-04-2018 11:31] C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [23-04-2018 11:31] C:\WINDOWS\tasks\MATLAB R2018a Startup Accelerator.job --a-------- C:\Program Files\MATLAB\R2018a\bin\win64\MATLABStartupAccelerator.exe [06-02-2018 07:16] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe] "C:\WINDOWS\SysNative\tasks\Avast Emergency Update" [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe] "C:\WINDOWS\SysNative\tasks\Dell SupportAssistAgent AutoUpdate" [C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\JKIUpdateTask" [C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe] "C:\WINDOWS\SysNative\tasks\MATLAB R2018a Startup Accelerator" [C:\Program Files\MATLAB\R2018a\bin\win64\MATLABStartupAccelerator.exe] "C:\WINDOWS\SysNative\tasks\NIUpdateServiceCheckTask" [C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe] "C:\WINDOWS\SysNative\tasks\NIUpdateServiceStartupTask" [C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe] "C:\WINDOWS\SysNative\tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\nview\nwiz.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-206212355-4137757536-372733183-1001" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\RtHDVBg_PushButton" ["C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Avast Software\Overseer" [C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe] "C:\WINDOWS\SysNative\tasks\AVG\Overseer" [C:\Program Files\Common Files\AVG\Overseer\overseer.exe] "C:\WINDOWS\SysNative\tasks\S-1-5-21-206212355-4137757536-372733183-1001\DataSenseLiveTileTask" [%SystemRoot%\System32\DataUsageLiveTileTask.exe] "C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization" ["E:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe"] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2018-09-03 15:19:27 -------- d-----w- C:\PROGRA~3\AVAST Software 2018-09-03 19:45:23 -------- d-----w- C:\PROGRA~3\Dassault Systemes 2018-09-03 19:48:21 -------- d-----w- C:\PROGRA~3\SOLIDWORKS Flow Simulation 2018-09-03 19:48:26 -------- d-----w- C:\PROGRA~3\COSMOS Applications 2018-09-05 07:49:01 -------- d-----w- C:\PROGRA~3\National Instruments 2018-09-05 08:29:50 -------- d-----w- C:\PROGRA~3\JKI 2018-09-06 11:33:01 -------- d-----w- C:\PROGRA~3\MathWorks 2018-09-07 08:45:31 -------- d-----w- C:\PROGRA~3\IVI Foundation 2018-09-18 15:11:18 -------- d-----w- C:\PROGRA~3\Brother 2018-11-19 07:24:28 -------- d-----w- C:\PROGRA~3\CodeMeter 2018-11-19 07:27:12 -------- d-----w- C:\PROGRA~3\CODESYS 2018-11-19 07:28:41 -------- d-----w- C:\PROGRA~3\CoDeSysOPC 2018-11-19 07:29:26 -------- d-----w- C:\PROGRA~3\PackageManagerCLI 2018-11-20 10:08:18 -------- d-----w- C:\PROGRA~3\Festo 2018-12-24 14:49:49 -------- d-----w- C:\PROGRA~3\Native Instruments 2018-12-24 22:51:56 -------- dc-h--w- C:\PROGRA~3\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7} 2018-12-24 22:52:10 -------- dc-h--w- C:\PROGRA~3\{972BEEDB-39CF-495B-A950-BFDB60512E9F} 2018-12-24 22:53:28 -------- dc-h--w- C:\PROGRA~3\{E6BAC835-2683-4B88-A967-6EF6093B576E} ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [23-04-2018 15:11] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== Profilepath: C:\Users\Sander\AppData\Roaming\Mozilla\Firefox\Profiles\6pcy3k7c.default 4CCDA227AF8DE758D232B9A0D3E8763E - C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL - Microsoft Office 2016 - C:\PROGRA1\SOLIDW1\SOLIDW2\Bin\npcomposerplayerwebplugin.dll - [?] F3D74EAD674CAD808DC2C3326F970403 - C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.1710.11 19C6FF90D40C1C647B41AAEDE24E9957 - C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U171 - C:\Program Files x86\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - [?] - C:\Program Files x86\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - [?] - C:\Program Files x86\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll - [?] 303ED7F87EFFBA40B9CE7AC564DD77BC - E:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin ==== Chromium Look ====================== Google Chrome Version: 71.0.3578.98 HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Slides - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Docs - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf TV - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh Direct APK Downloader - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bifidglkmlbfohchohkkpdkjokajibgg Skype Calling - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij YouTube - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Firebug Lite for Google Chromeâ„¢ - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench Honey - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj Awaken the Force Within - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeojddkbfhdgnnicgkgogjnbkdljibb Adblock for Youtube - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk Tampermonkey - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo Gmail Offline - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk Sheets - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi AdBlock on YouTube - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom MQTTLens - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemojaaeigabkbcookmlgmdigohjobjm AVG Web TuneUp - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmdocpbnblchppecickbipihlkehdfg Google Drive App Launcher - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh Google Maps - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh Google Mail Checker - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff Chrome Web Store Payments - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm Space Planet - Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [GatewaySysTray] "C:\Program Files (x86)\Festo\CODESYSV3\GatewayPLC\GatewaySysTray.exe" O4 - HKLM\..\Run: [CODESYSControlSysTray] "C:\Program Files (x86)\Festo\CODESYSV3\GatewayPLC\CODESYSControlSysTray.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\Sander\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Spotify] C:\Users\Sander\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized O4 - HKCU\..\Run: [InputDirector] "E:\Program Files (x86)\Input Director\InputDirector.exe" /hide O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [Greenshot] "E:\Program Files\Greenshot\Greenshot.exe" O4 - HKCU\..\Run: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" O4 - HKCU\..\Run: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1043 O4 - HKCU\..\Run: [Franz] "C:\Users\Sander\AppData\Local\Programs\franz\Franz.exe" O4 - HKCU\..\Run: [GlassWire] "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE') O4 - Global Startup: BCD3000 Control Panel.lnk = C:\Program Files\behringer\bcd3kcpan.exe O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe O4 - Global Startup: NI Error Reporting.lnk = C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe O4 - Global Startup: SOLIDWORKS 2018 Fast Start.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\national instruments\shared\mdns responder\nimdnsnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.*.* O16 - DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} (Web Control) - http://192.168.2.101/web.cab O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: @oem22.inf,%HidMonitor.SvcDisp%;Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\DellTPad\HidMonitorSvc.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe O23 - Service: @oem21.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: CODESYS Control Win V3 Version 3.5.7.20 (CODESYS Control Win V3) - 3S-Smart Software Solutions GmbH - C:\Program Files (x86)\Festo\CODESYSV3\GatewayPLC\CODESYSControlService.exe O23 - Service: CODESYS Gateway V3 Version 3.5.7.20 (CODESYS Gateway V3) - 3S-Smart Software Solutions GmbH - C:\Program Files (x86)\Festo\CODESYSV3\GatewayPLC\GatewayService.exe O23 - Service: CODESYS ServiceControl Version 3.5.7.0 (CODESYS ServiceControl) - 3S-Smart Software Solutions GmbH - C:\Program Files (x86)\Festo\CODESYSV3\GatewayPLC\ServiceControl.exe O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - E:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe O23 - Service: Credential Vault Host Storage - Broadcom Corporation - E:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe O23 - Service: Dropbox-update-service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: Dropbox-update-service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing) O23 - Service: Dell Command | Power Manager Notify (dcpm-notify) - Dell Inc. - C:\Program Files\Dell\CommandPowerManager\NotifyService.exe O23 - Service: Dell Data Vault Service API (DDVCollectorSvcApi) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe O23 - Service: Dell Data Vault Collector (DDVDataCollector) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe O23 - Service: Dell Data Vault Processor (DDVRulesProcessor) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe O23 - Service: Dell Hardware Support - PC-Doctor, Inc. - C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\DSAPI.exe O23 - Service: DellMgmtAgent - CREDANT Technologies, Inc. - E:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Agent.exe O23 - Service: DellMgmtLoader - Dell Inc. - E:\Program Files\Dell\Dell Data Protection\Client Security Framework\DCF.Loader.exe O23 - Service: DellMgmtServer - Dell, Inc. - E:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.LocalServer.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: EPLAN Client Service - EPLAN Software & Service GmbH & Co. KG - C:\Program Files\EPLAN\Common\EClientService.exe O23 - Service: SOLIDWORKS Electrical Collaborative Server (ewserver) - Unknown owner - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe O23 - Service: Ext2Fsd Service Manager (Ext2Srv) - www.ext2fsd.com - C:\WINDOWS\SysWOW64\Ext2Srv.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe O23 - Service: GlassWire Control Service (GlassWire) - SecureMix LLC - C:\Program Files (x86)\GlassWire\GWCtlSrv.exe O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) MPI Library Hydra Process Manager (impi_hydra) - Intel Corporation - C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe O23 - Service: Input Director Service (InputDirector) - Unknown owner - E:\Program Files (x86)\Input Director\IDWinService.exe O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NI PSP Service Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\SysWOW64\lkads.exe O23 - Service: NI Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\SysWOW64\lktsrv.exe O23 - Service: Macrium Service (MacriumService) - Paramount Software UK Ltd - C:\Program Files\Macrium\Common\MacriumService.exe O23 - Service: Mosquitto Broker (mosquitto) - Unknown owner - E:\Program Files (x86)\mosquitto\mosquitto.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\MAX\nimxs.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe O23 - Service: NI Authentication Service (niauth) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe O23 - Service: NI Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: NI mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe O23 - Service: NI Network Discovery (NINetworkDiscovery) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe O23 - Service: NI Service Locator (NiSvcLoc) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe O23 - Service: NI System Web Server (NISystemWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe O23 - Service: NI Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA WMI Provider (NVWMI) - Unknown owner - C:\WINDOWS\system32\nvwmi64.exe (file missing) O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\System32\drivers\o2flash.exe (file missing) O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\SysWOW64\Opcenum.exe O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: Remote Solver for Flow Simulation 2018 (RemoteSolverDispatcher) - Mentor Graphics Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: SDIOAssist - Unknown owner - C:\Windows\System32\SDIOAssist.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: Dell SupportAssist (SupportAssistAgent) - Dell Inc. - C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: SWVisualize2018.Queue.Server - Dassault Systèmes - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe O23 - Service: TcAdsWcfHost - Beckhoff Automation GmbH - E:\TwinCAT\AdsApi\TcAdsWcf\v4.0.30319\TcAdsWcfHost.exe O23 - Service: Security Innovation TCS (tcsd_win32.exe) - Security Innovation, Inc. - E:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: Update service - Popcorn Time - C:\Program Files (x86)\Popcorn Time\Updater.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @oem66.inf,%WirelessKB850NotificationSvcDisplayName%;Wireless Keyboard 850 Notification Service (WirelessKB850NotificationService) - Unknown owner - C:\WINDOWS\system32\WirelessKB850NotificationService.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing) ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on di 15-01-2019 at 18:40:49,28 ======================