CMD: type C:\Users\omar\AppData\Roaming\vnlgp\vnlgp\start.cmd File: C:\Users\omar\AppData\Roaming\vnlgp\vnlgp\start.cmd HKLM\...\Run: [vnlgp] => C:\Users\omar\AppData\Roaming\vnlgp\vnlgp\start.cmd [ ] <==== AANDACHT C:\Users\omar\AppData\Roaming\vnlgp Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2521950895-1173571020-801938669-1001.job => C:\Users\Kinderen\AppData\Local\GoToMeeting\17052\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2521950895-1173571020-801938669-1001.job => C:\Users\Kinderen\AppData\Local\GoToMeeting\17052\g2mupload.exe File: C:\Windows\System32:tdsrset_i.gfc AlternateDataStreams: C:\Windows\System32:tdsrset_i.gfc [5846] S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [802920 2020-08-13] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S3 UniSafe; C:\Windows\system32\drivers\UniSafe.sys [572632 2020-12-13] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1995624 2017-10-20] (Mixlr Ltd -> ShiningMorning Inc.) irewallRules: [{97A1F2BA-66A7-4223-B797-0A5159847653}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe => Geen bestand FirewallRules: [{4F2217C1-A417-4E2F-9BD7-DCBB09921A01}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe => Geen bestand FirewallRules: [{767CDB33-2270-47EE-BD24-3571170D0B40}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe => Geen bestand FirewallRules: [{CA1160CD-1267-47ED-A78C-C590AC179E42}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe => Geen bestand FirewallRules: [{80CD056E-E4D1-4DC0-8940-4679EBAC8287}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe => Geen bestand FirewallRules: [{A681F3AC-0DC7-4EF0-A144-B3118666DC40}] => (Allow) C:\Program Files\Cold Turkey\ServiceHub.Power.exe => Geen bestand FirewallRules: [{823424AC-9A49-4197-8DD6-8727F4BF493F}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe => Geen bestand FirewallRules: [{0DB1FA5E-3C05-4B75-AC38-225389E4C966}] => (Allow) C:\Program Files\Cold Turkey\ServiceHub.Power.exe => Geen bestand FirewallRules: [{FC9F0179-8212-4AAC-B07E-20CD401F2265}] => (Allow) C:\Users\omar\AppData\Roaming\Zoom\bin\airhost.exe => Geen bestand FirewallRules: [TCP Query User{E7D6F5E5-5CE3-4FCD-8B4E-6ABA06F04F15}C:\users\kinderen\appdata\local\programs\opera\68.0.3618.165\opera.exe] => (Block) C:\users\kinderen\appdata\local\programs\opera\68.0.3618.165\opera.exe => Geen bestand FirewallRules: [UDP Query User{9DDBC3AA-15F2-4CCA-9311-E44AB1C8A79C}C:\users\kinderen\appdata\local\programs\opera\68.0.3618.165\opera.exe] => (Block) C:\users\kinderen\appdata\local\programs\opera\68.0.3618.165\opera.exe => Geen bestand FirewallRules: [TCP Query User{CD3A8046-EA56-49C4-87A6-8DB7AAC8B232}C:\users\kinderen\appdata\local\programs\opera\68.0.3618.173\opera.exe] => (Allow) C:\users\kinderen\appdata\local\programs\opera\68.0.3618.173\opera.exe => Geen bestand FirewallRules: [UDP Query User{EBB4B77A-6118-48FE-ACBF-7431650140FA}C:\users\kinderen\appdata\local\programs\opera\68.0.3618.173\opera.exe] => (Allow) C:\users\kinderen\appdata\local\programs\opera\68.0.3618.173\opera.exe => Geen bestand FirewallRules: [TCP Query User{9BA05B6A-E323-438D-9FD6-476D87F12EE0}C:\users\kinderen\appdata\local\programs\opera\68.0.3618.173_0\opera.exe] => (Block) C:\users\kinderen\appdata\local\programs\opera\68.0.3618.173_0\opera.exe => Geen bestand FirewallRules: [UDP Query User{3DE2CB83-A80D-4260-88ED-075C79A797B2}C:\users\kinderen\appdata\local\programs\opera\68.0.3618.173_0\opera.exe] => (Block) C:\users\kinderen\appdata\local\programs\opera\68.0.3618.173_0\opera.exe => Geen bestand FirewallRules: [TCP Query User{91AC7EC7-2440-4C63-8977-E5EF2BE5F5CE}C:\users\kinderen\appdata\local\programs\opera\69.0.3686.95\opera.exe] => (Block) C:\users\kinderen\appdata\local\programs\opera\69.0.3686.95\opera.exe => Geen bestand FirewallRules: [UDP Query User{AA669EE6-01D1-489A-B61F-9D10A058B94F}C:\users\kinderen\appdata\local\programs\opera\69.0.3686.95\opera.exe] => (Block) C:\users\kinderen\appdata\local\programs\opera\69.0.3686.95\opera.exe => Geen bestand FirewallRules: [{6B99CF14-C115-4EEC-90DC-9E5B8B180DAC}] => (Allow) C:\Users\omar\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{F4A19A33-9173-4071-BDBE-F558240BE4B5}] => (Allow) C:\Users\omar\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{F1E31BE7-D448-45C9-8F3A-ADB8B0864EF6}] => (Allow) C:\Users\omar\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{65332082-D127-4139-ADE9-65445B6E6010}] => (Allow) C:\Users\omar\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{1402D348-4727-49D0-9ED0-F3FA2CAFF746}] => (Allow) D:\program files\txgameassistant\appmarket\DL\syzs_dl_svr.exe => Geen bestand FirewallRules: [{23579066-29A1-4889-A238-6AE83E3C9ADE}] => (Allow) D:\program files\txgameassistant\appmarket\DL\syzs_dl_svr.exe => Geen bestand FirewallRules: [{5D12AAB6-D7A8-4254-85C3-B084B9AE6140}] => (Allow) D:\program files\txgameassistant\appmarket\DL\syzs_dl_svr.exe => Geen bestand FirewallRules: [{E6D5F7A0-F146-458C-9353-5C065EA3EFF3}] => (Allow) D:\program files\txgameassistant\appmarket\DL\syzs_dl_svr.exe => Geen bestand FirewallRules: [TCP Query User{3D99CB92-CA78-476A-854E-B19C7481D9C4}C:\users\kinderen\appdata\local\programs\opera\70.0.3728.189\opera.exe] => (Block) C:\users\kinderen\appdata\local\programs\opera\70.0.3728.189\opera.exe => Geen bestand FirewallRules: [UDP Query User{139EBA71-5F02-4C3B-9894-E9386D57D40A}C:\users\kinderen\appdata\local\programs\opera\70.0.3728.189\opera.exe] => (Block) C:\users\kinderen\appdata\local\programs\opera\70.0.3728.189\opera.exe => Geen bestand FirewallRules: [{5B63A12B-25C5-4180-BC3C-540EA5A6839A}] => (Allow) D:\program files\txgameassistant\appmarket\DL\syzs_dl_svr.exe => Geen bestand FirewallRules: [{22CAB938-A578-4E08-9479-680FAA8051CB}] => (Allow) D:\program files\txgameassistant\appmarket\DL\syzs_dl_svr.exe => Geen bestand FirewallRules: [TCP Query User{334DD5F7-BF0B-42D0-8F0A-853ACA790155}C:\users\kinderen\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Block) C:\users\kinderen\appdata\local\programs\opera\71.0.3770.228\opera.exe => Geen bestand FirewallRules: [UDP Query User{0B43D609-4274-4124-9701-C3F94BF7935E}C:\users\kinderen\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Block) C:\users\kinderen\appdata\local\programs\opera\71.0.3770.228\opera.exe => Geen bestand FirewallRules: [{69281D11-81AC-4D09-B709-0D55FE6C51B9}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe => Geen bestand FirewallRules: [TCP Query User{201B0D92-CAE8-4F94-BD3B-D5BC1FB4AA46}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe => Geen bestand FirewallRules: [UDP Query User{5FDFB8A5-7294-48C5-A85A-E1DE7341C40C}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe => Geen bestand FirewallRules: [TCP Query User{77F4C424-74F7-4BEE-A1F1-7EF9CBD94EF0}C:\program files\unity hub\unity hub.exe] => (Block) C:\program files\unity hub\unity hub.exe => Geen bestand FirewallRules: [UDP Query User{B8E13F95-2D96-4FBB-90B3-DF8259DBFCBD}C:\program files\unity hub\unity hub.exe] => (Block) C:\program files\unity hub\unity hub.exe => Geen bestand File: C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe File: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe File: C:\Windows\system32\Rtlihvs.dll CMD: SFC /scannow CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" Reboot: