Mededeling

Collapse
No announcement yet.

veel vastlopers + link werkt niet

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • veel vastlopers + link werkt niet

    Het ingevoerde bericht is te kort. Verleng het bericht tot minimaal 3 tekens.
    Bijgevoegde Bestanden
    Last edited by f.r.a.n.k; 08-01-20, 02:59.

  • #2
    Goede morgen,

    Welke link werkt niet ?

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      De Farbar tool. Links klikken, enkel of dubbel, geeft een 404 error, zowel 32 als 64 bit versie.

      Rechts klikken en run as admin dan verschijnt dit (zie foto)
      Last edited by f.r.a.n.k; 14-01-20, 08:42.

      Comment


      • #4
        Click image for larger version

Name:	thumbnail.jpg
Views:	1
Size:	89,8 KB
ID:	1070793

        Comment


        • #5
          klik op ignore

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            dan enkel een zwart DOS scherm met een cursor die pinkt, verder niks , geen start knop, geen scanner

            Comment


            • #7
              Hallo?
              De Farbar scan werkt niet of de link is kapot volgens mij.
              Kan iemand fixen of nakijken?

              Comment


              • #8
                Download de Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
                Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

                Farbar Recovery Scan Tool uitvoeren
                • Dubbelklik op FRST.exe om de tool te starten.
                • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
                • Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.
                • Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
                • Voeg beide logbestanden als bijlage toe aan het volgende bericht.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Nog es hetzelfde. 404 Not Found

                  Comment


                  • #10
                    Download OTL naar je Bureaublad
                    • Dubbelklik op OTL.com om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
                    • Zet een vinkje bij Scan All Users.
                    • Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
                      • Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
                      • Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      OLT scan uitgevoerd.

                      Eerst even dit. Onderstaand bericht naar Telenet en hun antwoord. Deze extra beveiligingstips gelezen maar nog niet uitgevoerd. Zelfde bericht ook gestuurd naar Base, ook van hen kreeg ik anti-phishing tips om nog uit te voeren.

                      Betreft: hacking/spionage/online stalking

                      Ik verdenk mijn buren ervan dat ze een manier hebben gevonden om spyware op mijn smartphone en pc te installeren.
                      Ze kunnen zien welke sites ik bezoek op m'n pc én smartphone, locaties van mobiel toestel zien, sms berichten meelezen, kunnen meeluisteren via de micro, en zelfs meekijken met de achterste camera (de voorste niet, die heb ik afgeplakt).

                      Op welke manier ze dat gedaan hebben weet ik niet. Wel zeker is dat mijn privacy ernstig geschonden word. Ik ben niet paranoia. Ze praten hun mond ver voorbij en ik geloof mijn oren wél. We zijn al lange tijd in een ruzie of een rare soort haat-liefde verhouding verwikkeld.

                      In december '19 heb ik dit gemeld aan de gegevensbeschermingsautoriteit in Brussel. Zij konden me niet helpen wegens niet bedrijfsgerelateerd. Ze raadden me aan om naar de politie te gaan. Heb ik gedaan vrijdag 31/1. Ze hebben mijn klacht genoteerd, voorlopig is het nog afwachten wat het resultaat is.

                      De privacyschending gebeurt dus vooral op m'n smartphone (merk HUAWEI, een bedrijf dat ook verdacht word van spionage), met Wi-Fi van Telenet. De SIM-kaart die erin zit komt van BASE.

                      Wat kan ik doen om het te doen stoppen?
                      Ik moet echt actie ondernemen, bewijs proberen vinden, en vraag daarvoor gespecialiseerde hulp. Want als ik niks doe word misschien ook mijn bankrekening leeggehaald.

                      za 3:04 p.m.
                      Gezien
                      Telenet
                      Hey Frankie. Goh, dat klinkt wel heel serieus zeg. Ik zou toch eens beginnen met het paswoord van je netwerk te veranderen. Ook kan je overwegen om Safespot te nemen. Hiermee kan je zelf heel je netwerk en al je apparaten beschermen. Je vindt er hier meer informatie over terug: http://bit.ly/347PYlj. Het laatste advies dat ik je nog kan geven is het onderzoek bij de politie af wachten.
                      Filip
                      za 4:32 p.m.
                      Hallo Filip, het is ook behoorlijk serieus, deze spy dinges is nog maar een deel vh probleem. Bedankt voor de tips en link.
                      ma 12:50 p.m
                      Last edited by f.r.a.n.k; 26-02-20, 14:42.

                      Comment


                      • #12
                        En hier de 2 OLT logs.

                        Zijn hier sporen of bewijzen van spyware in te vinden? (BELANGRIJK!)

                        OTL logfile created on: 26/02/2020 15:00:40 - Run 1
                        OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
                        Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
                        Internet Explorer (Version = 9.11.9600.19596)
                        Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

                        1,97 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 76,17% Memory free
                        3,93 Gb Paging File | 3,16 Gb Available in Paging File | 80,25% Paging File free
                        Paging file location(s): ?:\pagefile.sys [binary data]

                        %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
                        Drive C: | 297,99 Gb Total Space | 88,01 Gb Free Space | 29,53% Space Free | Partition Type: NTFS

                        Computer Name: KIDS-PC | User Name: KIDS | Logged in as Administrator.
                        Boot Mode: Normal | Scan Mode: All users | Quick Scan
                        Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

                        ========== Processes (SafeList) ==========

                        PRC - [2020/02/26 14:58:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.com
                        PRC - [2020/02/11 01:14:01 | 005,446,216 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
                        PRC - [2020/02/08 15:49:49 | 005,570,712 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
                        PRC - [2020/02/08 12:42:45 | 008,000,600 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
                        PRC - [2020/02/08 12:42:45 | 000,029,272 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
                        PRC - [2017/05/29 20:40:10 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
                        PRC - [2017/03/03 19:10:26 | 007,348,440 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
                        PRC - [2016/08/29 15:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
                        PRC - [2009/07/14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe


                        ========== Modules (No Company Name) ==========

                        MOD - [2020/02/11 01:14:01 | 003,125,128 | ---- | M] () -- C:\Program Files\Malwarebytes\Anti-Malware\QtANGLE.dll
                        MOD - [2020/02/08 12:42:45 | 000,442,968 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
                        MOD - [2020/02/08 12:42:45 | 000,189,528 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
                        MOD - [2020/02/08 12:42:45 | 000,138,336 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\liblz4.dll
                        MOD - [2020/02/08 12:42:45 | 000,108,120 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Events.dll
                        MOD - [2020/02/08 12:42:45 | 000,107,608 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
                        MOD - [2020/02/08 12:42:45 | 000,087,128 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
                        MOD - [2020/02/08 12:42:45 | 000,068,696 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\MozCompressor.dll
                        MOD - [2020/02/08 12:42:45 | 000,062,040 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
                        MOD - [2020/02/08 12:42:45 | 000,023,640 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Compression.dll
                        MOD - [2020/01/16 17:01:22 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\baeba07d679c64186da10d94e07653b0 \System.WorkflowServices.ni.dll
                        MOD - [2020/01/16 15:42:26 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4540d2764eeae15ed2fb9b6aeef7d91f \PresentationFramework.Classic.ni.dll
                        MOD - [2020/01/16 15:42:19 | 014,357,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9035f8a425d5081e125987f4b018e7f0 \PresentationFramework.ni.dll
                        MOD - [2020/01/16 15:42:05 | 012,260,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d75ae3419a23cebd3fadfb67b3e12db\Pre sentationCore.ni.dll
                        MOD - [2020/01/16 15:41:55 | 003,358,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\02c69e21d72a00fbf7b717b4a4682d9a\WindowsB ase.ni.dll
                        MOD - [2020/01/15 15:28:15 | 010,824,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2bef38851483abae82f1172c1aaa604c\System.ni.dll
                        MOD - [2020/01/15 15:28:09 | 021,019,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni .dll
                        MOD - [2019/07/11 16:13:26 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\90aa1fea68aaf4cbc9e944c33bf725f4 \System.ServiceModel.Web.ni.dll
                        MOD - [2019/07/10 02:27:45 | 001,090,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\428e48b9524bf09741eb25fe3875cecd \System.IdentityModel.ni.dll
                        MOD - [2019/07/10 02:27:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3dfbba7cde935a8e49a4d49b9006c4a9 \System.Runtime.Serialization.ni.dll
                        MOD - [2019/07/10 02:27:41 | 017,496,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\881bcf4616a4cbafef3fe066a23988f9\ System.ServiceModel.ni.dll
                        MOD - [2019/07/10 02:27:24 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\68aa76137a27fd9c275dd6c05e478c3f\SMDiag nostics.ni.dll
                        MOD - [2019/05/15 13:05:53 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\d57f656331dc82ad5a83b9843c3e2484\Syst em.Xml.Linq.ni.dll
                        MOD - [2019/05/15 13:05:24 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\c4244e0e8998fbe57733e0cbec6563fc \System.ComponentModel.DataAnnotations.ni.dll
                        MOD - [2019/05/15 13:04:54 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3b259d3ceb1962e723584a04cfab357a\System.C ore.ni.dll
                        MOD - [2019/05/15 13:04:40 | 001,058,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\bda2113f273e7bf6eba84f3d0d1a66c3\Sy stem.Management.ni.dll
                        MOD - [2019/05/15 02:10:16 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6c5ffb1571d7ca0fabb930d0c77947e4 \System.ServiceProcess.ni.dll
                        MOD - [2019/05/15 02:10:08 | 011,935,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8c2e7f1fa8f0ef49a3ae977b5dddeae5\System.We b.ni.dll
                        MOD - [2019/05/15 02:10:02 | 000,777,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\21705e843038bb8e8b4c0d232364b068 \System.Runtime.Remoting.ni.dll
                        MOD - [2019/05/15 02:10:01 | 006,658,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\022128ba26e9262d96d2fd3645abcce3\System.D ata.ni.dll
                        MOD - [2019/05/15 02:09:38 | 012,437,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\91efd50cedcf22003233d52464c01816 \System.Windows.Forms.ni.dll
                        MOD - [2019/05/15 02:09:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8f5842a3d4d666059db685b319e3a5b3\Syste m.Drawing.ni.dll
                        MOD - [2019/05/15 02:09:27 | 005,469,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\992b101b45c1e2e5563fee65ab5fd691\System.Xm l.ni.dll
                        MOD - [2019/05/15 02:09:17 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94fe1557aab4bc059482da7d99e97641 \System.Configuration.ni.dll
                        MOD - [2019/05/15 02:08:34 | 008,008,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e10fc0c922927179f29b495cf47d62dc\System.ni.dll
                        MOD - [2019/05/15 02:08:20 | 011,516,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23349d393ecff063c3152fcf5229b2ab\mscorlib.ni .dll
                        MOD - [2017/04/06 14:05:04 | 002,975,744 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


                        ========== Services (SafeList) ==========

                        SRV - [2020/02/22 15:57:03 | 000,223,432 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
                        SRV - [2020/02/21 21:06:38 | 000,963,568 | ---- | M] (Google LLC) [On_Demand | Stopped] -- C:\Program Files\Google\Chrome\Application\80.0.3987.122\elevation_service.exe -- (GoogleChromeElevationService)
                        SRV - [2020/02/08 15:49:49 | 005,570,712 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
                        SRV - [2020/02/08 13:00:44 | 000,335,416 | ---- | M] (Adobe) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
                        SRV - [2020/02/08 12:42:45 | 000,029,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe -- (WCAssistantService)
                        SRV - [2019/12/17 01:27:31 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
                        SRV - [2019/12/10 09:38:57 | 000,054,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
                        SRV - [2018/08/13 22:48:52 | 000,940,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
                        SRV - [2018/01/01 03:00:09 | 001,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
                        SRV - [2016/08/26 12:26:34 | 000,339,968 | ---- | M] (Popcorn Time) [Disabled | Stopped] -- C:\Program Files\Popcorn Time\Updater.exe -- (Update service)
                        SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
                        SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
                        SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
                        SRV - [2007/06/25 20:17:04 | 000,537,840 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\dlbkcoms.exe -- (dlbk_device)


                        ========== Driver Services (SafeList) ==========

                        DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
                        DRV - [2020/02/26 12:57:15 | 000,178,952 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\System32\drivers\MbamChameleon.sys -- (MBAMChameleon)
                        DRV - [2020/02/26 12:57:12 | 000,213,912 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
                        DRV - [2018/11/19 03:05:06 | 000,015,360 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbccgpfilter.sys -- (ew_usbccgpfilter)
                        DRV - [2012/06/20 10:51:34 | 000,017,672 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
                        DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
                        DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
                        DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
                        DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
                        DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
                        DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
                        DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
                        DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
                        DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
                        DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)


                        ========== Standard Registry (SafeList) ==========


                        ========== Internet Explorer ==========

                        IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


                        IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

                        IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



                        IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
                        IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-BE
                        IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 68 C4 90 BB DC D2 01 [binary data]
                        IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 70 9A A3 D6 AD ED D2 01 [binary data]
                        IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
                        IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                        IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

                        ========== FireFox ==========

                        FF - prefs.js..browser.search.cohort: "nov17-1"
                        FF - prefs.js..browser.search.countryCode: "BE"
                        FF - prefs.js..browser.search.defaultenginename: "Bing Default Search"
                        FF - prefs.js..browser.search.hiddenOneOffs: "Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)"
                        FF - prefs.js..browser.search.region: "BE"
                        FF - prefs.js..browser.search.selectedEngine: "Bing Default Search"
                        FF - prefs.js..browser.search.useDBForOrder: true
                        FF - prefs.js..browser.startup.homepage: "www.google.be"
                        FF - user.js - File not found

                        FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_321.dll ()
                        FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
                        FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
                        FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
                        FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

                        FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 73.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
                        FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 73.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

                        [2018/05/29 14:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Extensions
                        [2017/11/26 18:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\SystemExtensionsDev
                        [2019/11/16 23:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data
                        [2019/03/28 23:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
                        [2018/05/29 14:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\[email protected]
                        [2019/11/16 23:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\[email protected]
                        [2018/09/18 15:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\[email protected]
                        [2019/05/06 20:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\[email protected]
                        [2019/03/28 23:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\[email protected]
                        [2020/02/15 16:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\extensions
                        [2019/04/02 02:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++1ed2d95a-bcf6-4e74-b33d-f772ac30ed8c^userContextId=4294967295
                        [2020/02/26 14:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++1ed2d95a-bcf6-4e74-b33d-f772ac30ed8c^userContextId=4294967295\idb
                        [2019/05/24 03:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++275669c6-b38f-4b99-bc33-9bf539869c60^userContextId=4294967295
                        [2020/02/24 22:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++275669c6-b38f-4b99-bc33-9bf539869c60^userContextId=4294967295\idb
                        [2019/11/01 13:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++32d12a65-1643-4f9d-af6a-3ede7e72845a
                        [2020/02/26 14:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++32d12a65-1643-4f9d-af6a-3ede7e72845a\idb
                        [2019/03/28 23:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++32d12a65-1643-4f9d-af6a-3ede7e72845a^userContextId=4294967295
                        [2020/02/26 14:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++32d12a65-1643-4f9d-af6a-3ede7e72845a^userContextId=4294967295\idb
                        [2019/03/28 23:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++57613682-622b-4d28-9fe0-2d4a7d9e4da6^userContextId=4294967295
                        [2020/02/26 14:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++57613682-622b-4d28-9fe0-2d4a7d9e4da6^userContextId=4294967295\idb
                        [2019/04/02 02:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++795af31c-1f4d-4773-b7eb-309e96d3e921^userContextId=4294967295
                        [2020/02/26 14:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++795af31c-1f4d-4773-b7eb-309e96d3e921^userContextId=4294967295\idb
                        [2020/01/10 07:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++b8c361f7-56dc-4108-9d40-ffdc78b81090^userContextId=4294967295
                        [2020/02/24 22:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++b8c361f7-56dc-4108-9d40-ffdc78b81090^userContextId=4294967295\idb
                        [2019/12/19 05:03:27 | 000,056,413 | ---- | M] () (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\extensions\[email protected]
                        [2019/12/14 02:05:50 | 000,660,855 | ---- | M] () (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\extensions\[email protected]
                        [2019/12/13 02:05:05 | 000,738,336 | ---- | M] () (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\extensions\[email protected]
                        [2020/02/15 16:19:51 | 001,968,172 | ---- | M] () (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
                        [2020/02/08 12:52:51 | 000,001,046 | ---- | M] () -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\searchplugins\bing.xml

                        ========== Chrome ==========

                        CHR - default_search_provider: ()
                        CHR - default_search_provider: search_url =
                        CHR - default_search_provider: suggest_url =
                        CHR - plugin: Error reading preferences file
                        CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
                        CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
                        CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
                        CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
                        CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
                        CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.9_0\
                        CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
                        CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\
                        CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7919.1028.0.0_0\

                        O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
                        O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Eyeo GmbH)
                        O4 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
                        O4 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
                        O4 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000..\Run: [utweb] "C:\Users\KIDS\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED File not found
                        O4 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (Lavasoft)
                        O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
                        O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
                        O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
                        O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
                        O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
                        O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
                        O13 - gopher Prefix: missing
                        O15 - HKU\.DEFAULT\..Trusted Domains: localhost (* in Trusted sites)
                        O15 - HKU\.DEFAULT\..Trusted Domains: webcompanion.com (http in Trusted sites)
                        O15 - HKU\S-1-5-18\..Trusted Domains: localhost (* in Trusted sites)
                        O15 - HKU\S-1-5-18\..Trusted Domains: webcompanion.com (http in Trusted sites)
                        O15 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\..Trusted Domains: localhost (* in Trusted sites)
                        O15 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\..Trusted Domains: webcompanion.com (http in Trusted sites)
                        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.2 195.130.131.2
                        O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBD7D39D-D3F6-4058-97E9-AEB4CD46494E}: DhcpNameServer = 195.130.130.2 195.130.131.2
                        O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
                        O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
                        O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
                        O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
                        O32 - HKLM CDRom: AutoRun - 1
                        O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
                        O33 - MountPoints2\{29e5588e-9b53-11e7-aca5-7071bc1d425d}\Shell - "" = AutoRun
                        O33 - MountPoints2\{29e5588e-9b53-11e7-aca5-7071bc1d425d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
                        O33 - MountPoints2\{502a9a30-9747-11e9-84c7-7071bc1d425d}\Shell - "" = AutoRun
                        O33 - MountPoints2\{502a9a30-9747-11e9-84c7-7071bc1d425d}\Shell\AutoRun\command - "" = E:\HiSuiteDownLoader.exe
                        O33 - MountPoints2\{664dffed-fa66-11e8-a193-7071bc1d425d}\Shell - "" = AutoRun
                        O33 - MountPoints2\{664dffed-fa66-11e8-a193-7071bc1d425d}\Shell\AutoRun\command - "" = F:\HiSuiteDownLoader.exe
                        O33 - MountPoints2\{c77b07f3-f8a1-11e8-b8be-7071bc1d425d}\Shell - "" = AutoRun
                        O33 - MountPoints2\{c77b07f3-f8a1-11e8-b8be-7071bc1d425d}\Shell\AutoRun\command - "" = F:\HiSuiteDownLoader.exe
                        O33 - MountPoints2\{d9c5366a-981a-11e8-a11b-7071bc1d425d}\Shell - "" = AutoRun
                        O33 - MountPoints2\{d9c5366a-981a-11e8-a11b-7071bc1d425d}\Shell\AutoRun\command - "" = J:\HiSuiteDownLoader.exe
                        O33 - MountPoints2\E\Shell - "" = AutoRun
                        O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\HiSuiteDownLoader.exe
                        O33 - MountPoints2\F\Shell - "" = AutoRun
                        O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HiSuiteDownLoader.exe
                        O33 - MountPoints2\J\Shell - "" = AutoRun
                        O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\HiSuiteDownLoader.exe
                        O34 - HKLM BootExecute: (autocheck autochk *)
                        O35 - HKLM\..comfile [open] -- "%1" %*
                        O35 - HKLM\..exefile [open] -- "%1" %*
                        O37 - HKLM\...com [@ = comfile] -- "%1" %*
                        O37 - HKLM\...exe [@ = exefile] -- "%1" %*
                        O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
                        O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
                        O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

                        ========== Files/Folders - Created Within 30 Days ==========

                        [2020/02/26 12:57:15 | 000,178,952 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MbamChameleon.sys
                        [2020/02/26 12:57:12 | 000,213,912 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamswissarmy.sys
                        [2020/02/08 20:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
                        [2020/02/08 20:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
                        [2020/02/08 20:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
                        [2020/02/08 20:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
                        [2020/02/08 20:01:59 | 000,000,000 | ---D | C] -- C:\Users\KIDS\AppData\Roaming\NCH Software
                        [2020/02/08 19:09:08 | 000,000,000 | ---D | C] -- C:\Users\KIDS\AppData\Roaming\iZotope
                        [2020/02/08 19:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
                        [2020/02/08 19:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST3
                        [2020/02/08 19:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
                        [2020/02/08 19:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
                        [2020/02/08 19:04:52 | 000,000,000 | ---D | C] -- C:\Users\KIDS\Documents\iZotope
                        [2020/02/08 19:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\iZotope
                        [2020/02/08 15:51:04 | 000,000,000 | ---D | C] -- C:\Users\KIDS\AppData\Local\cache
                        [2020/02/06 20:50:42 | 000,000,000 | ---D | C] -- C:\Users\KIDS\AppData\Roaming\Winamp
                        [2020/02/06 20:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp

                        ========== Files - Modified Within 30 Days ==========

                        [2020/02/26 13:07:05 | 000,035,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
                        [2020/02/26 13:07:05 | 000,035,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
                        [2020/02/26 12:57:15 | 000,178,952 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MbamChameleon.sys
                        [2020/02/26 12:57:12 | 000,213,912 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbamswissarmy.sys
                        [2020/02/26 12:57:03 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
                        [2020/02/26 12:56:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
                        [2020/02/26 12:56:54 | 1583,226,880 | -HS- | M] () -- C:\hiberfil.sys
                        [2020/02/11 01:14:01 | 000,129,056 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbae.sys
                        [2020/02/08 20:02:22 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
                        [2020/02/08 19:05:26 | 000,002,174 | ---- | M] () -- C:\Users\KIDS\Desktop\iZotope RX 5 Audio Editor.lnk
                        [2020/02/08 15:50:56 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
                        [2020/02/08 13:00:43 | 000,842,296 | ---- | M] (Adobe) -- C:\Windows\System32\FlashPlayerApp.exe
                        [2020/02/08 13:00:43 | 000,175,160 | ---- | M] (Adobe) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
                        [2020/02/06 20:50:50 | 000,000,961 | ---- | M] () -- C:\Users\KIDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
                        [2020/02/06 20:50:50 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk

                        ========== Files Created - No Company Name ==========

                        [2020/02/08 20:02:21 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
                        [2020/02/08 20:02:21 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
                        [2020/02/08 19:05:26 | 000,002,174 | ---- | C] () -- C:\Users\KIDS\Desktop\iZotope RX 5 Audio Editor.lnk
                        [2020/02/06 20:50:50 | 000,000,961 | ---- | C] () -- C:\Users\KIDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
                        [2020/02/06 20:50:50 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
                        [2018/03/23 10:15:25 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-KIDS-PC-Windows-7-Professional-(32-bit).dat
                        [2017/06/21 10:51:49 | 000,033,193 | ---- | C] () -- C:\Users\KIDS\AppData\Roaming\UserTile.png

                        ========== ZeroAccess Check ==========

                        [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

                        [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

                        [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

                        [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
                        "" = %SystemRoot%\system32\shell32.dll -- [2019/05/25 00:59:03 | 012,880,384 | ---- | M] (Microsoft Corporation)
                        "ThreadingModel" = Apartment

                        [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
                        "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
                        "ThreadingModel" = Free

                        [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
                        "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
                        "ThreadingModel" = Both

                        ========== LOP Check ==========

                        [2020/02/08 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\KIDS\AppData\Roaming\audacity
                        [2018/08/20 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\KIDS\AppData\Roaming\Digiarty
                        [2020/02/08 19:09:08 | 000,000,000 | ---D | M] -- C:\Users\KIDS\AppData\Roaming\iZotope
                        [2018/07/27 15:57:25 | 000,000,000 | ---D | M] -- C:\Users\KIDS\AppData\Roaming\JAM Software
                        [2018/07/18 18:39:36 | 000,000,000 | ---D | M] -- C:\Users\KIDS\AppData\Roaming\Zona

                        ========== Purity Check ==========



                        < End of report >

                        Comment


                        • #13
                          OTL Extras logfile created on: 26/02/2020 15:00:40 - Run 1
                          OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
                          Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
                          Internet Explorer (Version = 9.11.9600.19596)
                          Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

                          1,97 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 76,17% Memory free
                          3,93 Gb Paging File | 3,16 Gb Available in Paging File | 80,25% Paging File free
                          Paging file location(s): ?:\pagefile.sys [binary data]

                          %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
                          Drive C: | 297,99 Gb Total Space | 88,01 Gb Free Space | 29,53% Space Free | Partition Type: NTFS

                          Computer Name: KIDS-PC | User Name: KIDS | Logged in as Administrator.
                          Boot Mode: Normal | Scan Mode: All users | Quick Scan
                          Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

                          ========== Extra Registry (SafeList) ==========


                          ========== File Associations ==========

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
                          .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
                          .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

                          [HKEY_USERS\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Classes\<extension>]
                          .html [@ = FirefoxHTML-308046B0AF4A39CB] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

                          ========== Shell Spawning ==========

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
                          batfile [open] -- "%1" %*
                          cmdfile [open] -- "%1" %*
                          comfile [open] -- "%1" %*
                          cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
                          exefile [open] -- "%1" %*
                          helpfile [open] -- Reg Error: Key error.
                          hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
                          htmlfile [edit] -- Reg Error: Key error.
                          htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
                          inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
                          piffile [open] -- "%1" %*
                          regfile [merge] -- Reg Error: Key error.
                          scrfile [config] -- "%1"
                          scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
                          scrfile [open] -- "%1" /S
                          txtfile [edit] -- Reg Error: Key error.
                          Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
                          Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
                          Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
                          Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
                          Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
                          Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Winamp SA)
                          Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Winamp SA)
                          Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Winamp SA)
                          Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
                          Folder [explore] -- Reg Error: Value error.
                          Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

                          ========== Security Center Settings ==========

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
                          "cval" = 1

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
                          "VistaSp1" = Reg Error: Unknown registry data type -- File not found
                          "AntiVirusOverride" = 0
                          "AntiSpywareOverride" = 0
                          "FirewallOverride" = 0

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

                          ========== Firewall Settings ==========

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
                          "EnableFirewall" = 1
                          "DisableNotifications" = 0

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
                          "EnableFirewall" = 1
                          "DisableNotifications" = 0

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
                          "EnableFirewall" = 1
                          "DisableNotifications" = 0

                          ========== Authorized Applications List ==========

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]


                          ========== Vista Active Open Ports Exception List ==========

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
                          "{AD78F987-D857-4EB5-93D6-D1CFCF93E8A1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
                          "{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
                          "{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

                          ========== Vista Active Application Exception List ==========

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
                          "{3E04A8FE-AF37-400D-A6DE-B9CB1546DF29}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
                          "{3E94995A-CDD2-4D7D-BEE4-C4F57E50C4FF}" = protocol=6 | dir=in | app=c:\program files\popcorn time\updater.exe |
                          "{4F94DD98-0B48-4D4A-BFDE-A3984C4331DC}" = protocol=6 | dir=in | app=d:\fscommand\cksocketserver.exe |
                          "{6380092D-801C-49F7-B9FC-F81762D8003F}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
                          "{6B15B975-263F-427D-B9BA-FD65E0BC9399}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
                          "{832F2E58-1163-4B46-862D-6343FC7C97A1}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
                          "{9A998611-5007-4122-837E-91A4E977A28F}" = protocol=17 | dir=in | app=d:\fscommand\cksocketserver.exe |
                          "{B0CA75C4-4A9C-4E3E-AACE-BC9CCAE3DD5F}" = protocol=6 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
                          "{B5571575-2B1F-43D0-94BD-14988886E766}" = protocol=17 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
                          "{BB545EDD-D00E-42A0-AC0E-0DD06D379BA5}" = protocol=17 | dir=in | app=c:\program files\popcorn time\updater.exe |
                          "{C7FEBCAB-A0D5-4849-A6D0-C5920B4C1435}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
                          "{DA549BE8-67AC-459E-9D26-D4661F0BBA3A}" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
                          "{E04C5B82-B468-4965-99C3-F445AE315840}" = protocol=6 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
                          "{E814BA0D-B771-487B-985A-E7EDBAA53688}" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
                          "{F121907E-800F-4DD1-BE11-C133E7F0E9B1}" = protocol=17 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
                          "{FC768DE6-67A0-4503-86F4-FA77FD6C0C14}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
                          "TCP Query User{0833E980-302F-4D19-8819-8F32A1A7AF5B}C:\program files\popcorn time\chromecast\node.exe" = protocol=6 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
                          "TCP Query User{17D58C11-B4CA-40EB-8D5A-F52410658A1F}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
                          "TCP Query User{586BD353-2C5D-4530-B656-1965C504647C}C:\program files\popcorn time\popcorntimedesktop.exe" = protocol=6 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
                          "TCP Query User{6D5D2BEA-BD90-4CD3-8C47-750A86C64AB0}C:\program files\soulseekqt\soulseekqt.exe" = protocol=6 | dir=in | app=c:\program files\soulseekqt\soulseekqt.exe |
                          "TCP Query User{D8748003-DB54-42EE-AAD8-3C41684C2376}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
                          "UDP Query User{35CF728C-C3A0-4A65-A891-E96504E4A640}C:\program files\soulseekqt\soulseekqt.exe" = protocol=17 | dir=in | app=c:\program files\soulseekqt\soulseekqt.exe |
                          "UDP Query User{66DD4EC7-DCE8-4717-8F27-E5F3B5D779F9}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
                          "UDP Query User{6EAF5B35-8EB0-43F8-9376-252B00E352B6}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
                          "UDP Query User{BD24CF59-2D80-4EF5-BE5B-1B4472385EEB}C:\program files\popcorn time\popcorntimedesktop.exe" = protocol=17 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
                          "UDP Query User{C4F8FAEA-26DC-49C3-B572-FE67E933E4B4}C:\program files\popcorn time\chromecast\node.exe" = protocol=17 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |

                          ========== HKEY_LOCAL_MACHINE Uninstall List ==========

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
                          "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
                          "{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 4.0.4.49
                          "{41ad2668-77a4-4eaa-83d0-1bdda9e470d0}" = Web Companion
                          "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
                          "{6068A42A-C1CF-45F2-9859-5DB16287FE5D}" = msvcrt_installer
                          "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
                          "{6467504D-EF07-4BF2-A42A-96D47C50BAFC}" = Adblock Plus voor IE (32-bit)
                          "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
                          "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.8
                          "{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}" = Google Earth Pro
                          "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
                          "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
                          "{B29F8740-372B-312F-8EEE-18FF857CCBB8}" = Microsoft .NET Framework 4.8
                          "{BD46163A-0331-4A61-B65A-7B66D7C93F8E}" = vs2015_redist x86
                          "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
                          "{c239cea1-d49e-4e16-8e87-8c055765f7ec}" = Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008
                          "{C6CDA568-CD91-3CA0-9EDE-DAD98A13D6E1}" = Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25008
                          "{E6222D59-608C-3018-B86B-69BD241ACDE5}" = Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25008
                          "{f4fef76c-1aa9-441c-af7e-d27f58d898d1}_is1" = BCUninstaller
                          "{FAF5F9DA-73F2-4BF3-8268-E45AAC42B533}" = iCloud
                          "7-Zip" = 7-Zip 19.00
                          "Adobe Flash Player NPAPI" = Adobe Flash Player 32 NPAPI
                          "CCleaner" = CCleaner
                          "CDex" = CDex - Digital Audio CD Extractor and Converter
                          "Google Chrome" = Google Chrome
                          "hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
                          "hp deskjet 5550 series_Driver" = hp deskjet 5550 series
                          "hp print screen utility" = hp print screen utility
                          "iZotope RX 5_is1" = iZotope RX 5
                          "Mozilla Firefox 73.0.1 (x86 en-US)" = Mozilla Firefox 73.0.1 (x86 en-US)
                          "MozillaMaintenanceService" = Mozilla Maintenance Service
                          "Popcorn Time_is1" = Popcorn Time
                          "Soulseek2" = SoulSeek 157 NS 13e
                          "Switch" = Switch Sound File Converter
                          "VLC media player" = VLC media player
                          "Winamp" = Winamp

                          ========== HKEY_USERS Uninstall List ==========

                          [HKEY_USERS\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

                          ========== Last 20 Event Log Errors ==========

                          [ Application Events ]
                          Error - 18/07/2018 13:37:53 | Computer Name = KIDS-PC | Source = MsiInstaller | ID = 11310
                          Description =

                          Error - 18/07/2018 13:37:54 | Computer Name = KIDS-PC | Source = MsiInstaller | ID = 11310
                          Description =

                          Error - 18/07/2018 13:37:55 | Computer Name = KIDS-PC | Source = MsiInstaller | ID = 11310
                          Description =

                          Error - 18/07/2018 13:37:56 | Computer Name = KIDS-PC | Source = MsiInstaller | ID = 11310
                          Description =

                          Error - 21/07/2018 5:23:29 | Computer Name = KIDS-PC | Source = Application Hang | ID = 1002
                          Description = The program firefox.exe version 61.0.1.6759 stopped interacting with
                          Windows and was closed. To see if more information about the problem is available,
                          check the problem history in the Action Center control panel. Process ID: ba0 Start
                          Time: 01d42061beff3a4c Termination Time: 2400 Application Path: C:\Program Files\Mozilla
                          Firefox\firefox.exe Report Id: 8dc70ed9-8cc7-11e8-9ce3-7071bc1d425d

                          Error - 21/07/2018 16:20:39 | Computer Name = KIDS-PC | Source = Application Error | ID = 1000
                          Description = Faulting application name: vlc.exe, version: 2.2.4.0, time stamp:
                          0x00000004 Faulting module name: ntdll.dll, version: 6.1.7601.24168, time stamp:
                          0x5b1aa758 Exception code: 0xc0000374 Fault offset: 0x000c3b93 Faulting process id:
                          0x760 Faulting application start time: 0x01d4212f68be9c86 Faulting application path:
                          C:\Program Files\VideoLAN\VLC\vlc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
                          Report
                          Id: 882dfacc-8d23-11e8-882e-7071bc1d425d

                          Error - 26/07/2018 11:04:18 | Computer Name = KIDS-PC | Source = SideBySide | ID = 16842785
                          Description = Activation context generation failed for "E:\Windows\avastSS.scr".
                          Dependent
                          Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version=" 14.0.23918.0"
                          could not be found. Please use sxstrace.exe for detailed diagnosis.

                          Error - 7/09/2018 14:38:49 | Computer Name = KIDS-PC | Source = Application Error | ID = 1000
                          Description = Faulting application name: PopcornTimeDesktop.exe, version: 5.6.1.0,
                          time stamp: 0x5878b83a Faulting module name: ntdll.dll, version: 6.1.7601.24214,
                          time stamp: 0x5b626fd1 Exception code: 0xc0000374 Fault offset: 0x000c3b93 Faulting
                          process id: 0x714 Faulting application start time: 0x01d446d9fbc8be53 Faulting application
                          path: C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe Faulting module path:
                          C:\Windows\SYSTEM32\ntdll.dll Report Id: 425cf2d9-b2cd-11e8-bf71-7071bc1d425d

                          Error - 14/09/2018 10:26:04 | Computer Name = KIDS-PC | Source = Application Hang | ID = 1002
                          Description = The program firefox.exe version 62.0.0.6816 stopped interacting with
                          Windows and was closed. To see if more information about the problem is available,
                          check the problem history in the Action Center control panel. Process ID: fc4 Start
                          Time: 01d44c30ce43c1a3 Termination Time: 1580 Application Path: C:\Program Files\Mozilla
                          Firefox\firefox.exe Report Id:

                          Error - 17/09/2018 10:44:23 | Computer Name = KIDS-PC | Source = Application Hang | ID = 1002
                          Description = The program winamp.exe version 5.6.6.3512 stopped interacting with
                          Windows and was closed. To see if more information about the problem is available,
                          check the problem history in the Action Center control panel. Process ID: fb4 Start
                          Time: 01d44e762d675c34 Termination Time: 15 Application Path: C:\Program Files\Winamp\winamp.exe

                          Report
                          Id: 21fd334d-ba88-11e8-bf7b-7071bc1d425d

                          [ Media Center Events ]
                          Error - 24/02/2020 7:42:21 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
                          Description = 12:42:21 - Failed to retrieve MCEClientUX (Error: The underlying connection
                          was closed: An unexpected error occurred on a send.)

                          Error - 24/02/2020 7:42:28 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
                          Description = 12:42:22 - Failed to retrieve Broadband (Error: The underlying connection
                          was closed: An unexpected error occurred on a send.)

                          Error - 25/02/2020 15:32:40 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
                          Description = 20:32:40 - Failed to retrieve Directory (Error: The underlying connection
                          was closed: An unexpected error occurred on a send.)

                          Error - 25/02/2020 15:32:43 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
                          Description = 20:32:43 - Failed to retrieve MCESpotlight (Error: The underlying
                          connection was closed: An unexpected error occurred on a send.)

                          Error - 25/02/2020 15:32:45 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
                          Description = 20:32:44 - Failed to retrieve MCEClientUX (Error: The underlying connection
                          was closed: An unexpected error occurred on a send.)

                          Error - 25/02/2020 15:33:02 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
                          Description = 20:32:45 - Failed to retrieve Broadband (Error: The underlying connection
                          was closed: An unexpected error occurred on a send.)

                          Error - 26/02/2020 8:00:11 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
                          Description = 13:00:11 - Failed to retrieve Directory (Error: The underlying connection
                          was closed: An unexpected error occurred on a send.)

                          Error - 26/02/2020 8:00:14 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
                          Description = 13:00:13 - Failed to retrieve MCESpotlight (Error: The underlying
                          connection was closed: An unexpected error occurred on a send.)

                          Error - 26/02/2020 8:00:16 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
                          Description = 13:00:15 - Failed to retrieve MCEClientUX (Error: The underlying connection
                          was closed: An unexpected error occurred on a send.)

                          Error - 26/02/2020 8:00:16 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
                          Description = 13:00:16 - Failed to retrieve Broadband (Error: The underlying connection
                          was closed: An unexpected error occurred on a send.)

                          [ System Events ]
                          Error - 15/02/2020 10:45:40 | Computer Name = KIDS-PC | Source = Service Control Manager | ID = 7043
                          Description = The Malwarebytes Service service did not shut down properly after
                          receiving a preshutdown control.

                          Error - 18/02/2020 6:05:44 | Computer Name = KIDS-PC | Source = WMPNetworkSvc | ID = 866300
                          Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
                          encountered error '0x80004005'. Verify that the UPnPHost service is running and
                          that the UPnPHost component of Windows is installed properly.

                          Error - 18/02/2020 7:26:05 | Computer Name = KIDS-PC | Source = Service Control Manager | ID = 7001
                          Description = The HomeGroup Provider service depends on the Function Discovery Provider
                          Host service which failed to start because of the following error: %%1068

                          Error - 18/02/2020 7:26:07 | Computer Name = KIDS-PC | Source = Service Control Manager | ID = 7026
                          Description = The following boot-start or system-start driver(s) failed to load:
                          discache spldr Wanarpv6

                          Error - 18/02/2020 7:26:26 | Computer Name = KIDS-PC | Source = DCOM | ID = 10005
                          Description =

                          Error - 18/02/2020 7:26:48 | Computer Name = KIDS-PC | Source = DCOM | ID = 10005
                          Description =

                          Error - 18/02/2020 7:26:48 | Computer Name = KIDS-PC | Source = DCOM | ID = 10005
                          Description =

                          Error - 18/02/2020 7:26:51 | Computer Name = KIDS-PC | Source = Service Control Manager | ID = 7001
                          Description = The HomeGroup Provider service depends on the Function Discovery Provider
                          Host service which failed to start because of the following error: %%1068

                          Error - 18/02/2020 13:37:44 | Computer Name = KIDS-PC | Source = volsnap | ID = 393252
                          Description = The shadow copies of volume C: were aborted because the shadow copy
                          storage could not grow due to a user imposed limit.

                          Error - 18/02/2020 15:52:56 | Computer Name = KIDS-PC | Source = Service Control Manager | ID = 7043
                          Description = The Malwarebytes Service service did not shut down properly after
                          receiving a preshutdown control.


                          < End of report >

                          Comment


                          • #14
                            https://www.ct.nl/achtergrond/smartp...-apps-stalker/

                            https://nl.m.wikipedia.org/wiki/Spyware

                            Comment


                            • #15
                              Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
                              Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
                              (hier en hier) kan je lezen hoe je dat doet.

                              Download Zoek.exe naar het bureaublad.
                              klik hier voor meer informatie over hoe zoek.exe te gebruiken)
                              • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
                              • Klik met je rechtermuisknop op Zoek.exe en kies voor de optie Als Administrator uitvoeren.
                              • Kopieer nu onderstaande code en plak die in het grote invulvenster:
                              • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
                                Code:
                                emptyfolderscheck;delete
                                firefoxlook; 
                                Chromelook; 
                                CHRdefaults;
                                iedefaults;
                              • Klik nu op de knop "Run script".
                              • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
                              • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
                              • Post het geopende logje in het volgende bericht bijlage.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X