start
CreateRestorePoint:
ContextMenuHandlers1: [CuteFTP 9] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
ContextMenuHandlers1: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
ContextMenuHandlers2: [CuteFTP 9] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
ContextMenuHandlers2: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
ContextMenuHandlers4: [CuteFTP 9] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
ContextMenuHandlers4: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
Task: {23F0C2EF-6B47-4979-926E-6E1F83AAF090} - System32\Tasks\{F50CEDF6-7AE2-46DA-803A-7D6CC7B89C39} => C:\Users\Bert\AppData\Roaming\eiaoOe.exe [1617-11-26] (Microsoft Corporation) <==== AANDACHT
Task: {388B647F-DCE1-4F18-B242-31A553D7EAD0} - System32\Tasks\{0C2C98D0-B75C-4D70-B677-ADEAE6E3A934} => C:\Users\Bert\vEVgXIoUKWO.exe [1617-11-26] (Microsoft Corporation)
C:\Users\Bert\AppData\Roaming\eiaoOe.exe
C:\Users\Bert\vEVgXIoUKWO.exe
Task: {88C01A23-D407-4F50-ADCF-5C76D2096952} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => %windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries <==== AANDACHT
Task: {B74356F8-466F-4422-96D0-13D6F0CFE47E} - System32\Tasks\849df5cb61850c07d009495969b24e01 => sc start 849df5cb61850c07d009495969b24e01 <==== AANDACHT
Task: {CEB84593-5D20-40AE-8C68-9BD473173B5A} - \NCH Software\switchShakeIcon -> Geen bestand <==== AANDACHT
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
AlternateDataStreams: C:\ProgramData\Spotnet:spn.k [428]
AlternateDataStreams: C:\ProgramData\TEMP:5D10C173 [123]
AlternateDataStreams: C:\Users\Bert\AppData\Local\Temporary Internet Files:A1HvpYaYiPTGVOnPxcPx1 [2552]
AlternateDataStreams: C:\Users\Bert\AppData\Local\V5vTWf0ryF:gv7wURmO6pxlkhWKI9TPmleV [2082]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-1928288486-2430286864-780397381-1000\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM -> DefaultScope waarde ontbreekt
SearchScopes: HKLM -> {082A952F-67F3-4A29-B165-243002A26831} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
SearchScopes: HKLM -> {119846F4-1520-4B81-9C39-4515FF79ECF0} URL = 
SearchScopes: HKU\S-1-5-21-1928288486-2430286864-780397381-1000 -> DefaultScope {082A952F-67F3-4A29-B165-243002A26831} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
SearchScopes: HKU\S-1-5-21-1928288486-2430286864-780397381-1000 -> {082A952F-67F3-4A29-B165-243002A26831} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
SearchScopes: HKU\S-1-5-21-1928288486-2430286864-780397381-1000 -> {119846F4-1520-4B81-9C39-4515FF79ECF0} URL = 
SearchScopes: HKU\S-1-5-21-1928288486-2430286864-780397381-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8FF26136-E20E-412A-BDCB-701B3AD93AF2}&mid=05c8150385fa47cc95c2d157cabf5950-d5569ddb55e380a869eaeabac38ffc1f339da88b&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0117avt&pr=fr&d=2017-01-21 16:38:02&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Geen Naam -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Geen bestand
Toolbar: HKLM - Geen Naam - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Geen bestand
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  Geen bestand
Handler: WSWSVCUchrome - Geen CLSID Waarde - 
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [Geen bestand]
C:\Program Files\Common Files\AVG Secure Search
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
2018-04-01 11:23 - 2016-01-15 02:18 - 000000268 _____ C:\Windows\Tasks\AutoKMS.job
EmptyTemp:
end