start CreateRestorePoint: CloseProcesses: Task: {4EE9EDF2-DB23-45CF-AB46-FC4A4DAB0826} - System32\Tasks\rmzgrpqkon => Rundll32.exe "C:\Windows\SysWOW64\Recoveryj.dll",QAQYFCJJMK Task: {E5F135E4-8C7A-4129-8A19-C832D5862512} - System32\Tasks\Logo Extension => Rundll32.exe "C:\Users\Marcel Schenkels\AppData\Local\Logo Extension\Bin\LogoExtension.dll",#3 <==== AANDACHT Task: C:\Windows\Tasks\rmzgrpqkon.job => rundll32.exe 0 C:\Windows\SysWOW64\Recoveryj.dll AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0] AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [140] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" FirewallRules: [{EE46176E-256A-4619-90FB-20062F28C5E9}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe FirewallRules: [{718B4A57-7589-49AE-86BA-4E33FE9AE34C}] => (Allow) C:\Users\Marcel Schenkels\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe FirewallRules: [{46C7CC2B-374D-42B8-B462-31FDF130AD6D}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe FirewallRules: [{91438F18-6BAC-440F-9D7C-18419D787209}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe FirewallRules: [{CEE839DB-B358-449B-B9C3-6A96FD48B114}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe FirewallRules: [{9DDD90A9-1AD5-4046-9B58-B03461F7BC4D}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe FirewallRules: [{78B8C5B1-B70C-4DC5-99EE-ED7A9CBA248E}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{6771A0CA-A212-4A2A-AD04-512DCBB1B37A}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\GeePlayer.exe FirewallRules: [{8142697A-305D-4AAF-9057-2730854865AF}] => (Allow) C:\Users\Marcel Schenkels\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe FirewallRules: [{8BF89C12-A307-49B4-B382-C86416AF2D1E}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe FirewallRules: [{C86E99F5-A91A-4EBC-8E3C-5E2743C0FDC6}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe FirewallRules: [{5E74DFCF-43D8-4136-B304-94F91C2009B1}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe FirewallRules: [{935F0997-1C5C-43C8-A5C8-A06E04BEECF9}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe FirewallRules: [{12B48B50-311A-4A83-AE6D-46FDC40D4E50}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCmgrInstallGuide.exe FirewallRules: [{4017FF3D-67FC-4EC1-A71C-40B4A4E522AE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCTray.exe FirewallRules: [{F10A0488-8946-4021-B36F-B64478C2F1BC}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCMgr.exe FirewallRules: [{3D6A2BAE-2357-4C84-9F32-D0C6CBE46ABC}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCRTP.exe FirewallRules: [{6C746F60-8567-4BA0-AFAC-D11FB5D828FD}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QMDL.exe FirewallRules: [{E930ACB3-D778-43F5-A291-166375112123}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\bugreport.exe FirewallRules: [{477ABB25-DF24-47D1-9095-0C1CC527DD2C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCFileOpen.exe FirewallRules: [{A3477357-21F3-42BD-A226-D5BB15182A02}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCLeakScan.exe FirewallRules: [{064ADE17-E6A0-4065-8DC2-1C73B923796C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPConfig.exe FirewallRules: [{7E1BE218-ACF3-4774-BFAE-30234DCBF3F2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCSoftMgr.exe FirewallRules: [{847CE3D2-5D07-4577-B167-07618AD7D0BD}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\plugins\QMNetMon\QQPCNetFlow.exe FirewallRules: [{048EEE84-7267-41C6-B03F-B76443E3E7E2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCBTU.exe FirewallRules: [{73427904-F02B-4E59-B48B-D3F301E1F5ED}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCClinic.exe FirewallRules: [{2E25DF3D-BDDE-407A-8E34-67484540305A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCLaunch.exe FirewallRules: [{09C34C95-90BC-47BE-A851-E3AFC0D01766}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QMUpdate\QQPCMgrUpdate.exe FirewallRules: [{CBA05030-C9FC-498C-B5F4-10A48363AFC2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCSoftGame.exe FirewallRules: [{2EC330CB-6CBE-4DDC-9996-2AC9A12665E4}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCSysOptimize.exe FirewallRules: [{EC21D80E-5CF2-4F05-8C5A-E2F64648537A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCUpdateAVLib.exe FirewallRules: [{D83B7EEF-CD40-484B-B8B2-95D2E74089D3}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQRepair.exe FirewallRules: [{890EE081-2A1F-4046-BC7E-0FCC3E1ED606}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\Uninst.exe FirewallRules: [{5E502F12-C680-4864-B32B-0265419AE4C2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCPatch.exe FirewallRules: [{0314CDFC-5B51-4196-AB13-82C249D1F88F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\TpkUpdate.exe FirewallRules: [{3D4135FD-269E-47A6-B1E2-5B04409BDEDD}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QMAccountProtection.exe FirewallRules: [{6B7C86FB-FD5F-41F6-939B-B614BDEE92A8}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QMAdBlock.exe HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCTRAY.EXE [364776 2016-05-31] (Tencent) HKU\S-1-5-21-3968856361-3348999749-2971435428-1001\...\Run: [SMSetup] => C:\Users\Marcel Schenkels\AppData\Local\Temp\sps.exe [682688 2016-06-04] () <===== AANDACHT HKU\S-1-5-21-3968856361-3348999749-2971435428-1001\...\Run: [Browser Extensions] => C:\Users\Marcel Schenkels\AppData\Roaming\BrowserExtensions\BEHelper.exe [553968 2015-11-27] () ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QMGCShellExt64.dll [2016-05-31] (Tencent) ProxyEnable: [.DEFAULT] => Proxy is ingeschakeld. ProxyServer: [.DEFAULT] => http=127.0.0.1:51393;https=127.0.0.1:51393 HKU\S-1-5-21-3968856361-3348999749-2971435428-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97951667_hao_pg HKU\S-1-5-21-3968856361-3348999749-2971435428-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97951667_hao_pg HKU\S-1-5-21-3968856361-3348999749-2971435428-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hao123.com/?tn=97951667_hao_pg SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_20_ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtBtA0Fzz0F0FzztCyC0DtN0D0Tzu0SzzyCyBtN1L2XzutBtFtBtDtFtCtAtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StAyDtCtCtD0AzzyCtG0ByD0E0CtG0C0A0CyCtGtD0B0C0CtGtDtDzy0C0AyC0A0C0CyE0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzyyCzy0F0C0D0BtGyBtDzy0DtGyE0E0FtAtGtAyByDyBtGtA0E0F0EyDzztAtCyD0B0F0A2Q&cr=2020742463&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_20_ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtBtA0Fzz0F0FzztCyC0DtN0D0Tzu0SzzyCyBtN1L2XzutBtFtBtDtFtCtAtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StAyDtCtCtD0AzzyCtG0ByD0E0CtG0C0A0CyCtGtD0B0C0CtGtDtDzy0C0AyC0A0C0CyE0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzyyCzy0F0C0D0BtGyBtDzy0DtGyE0E0FtAtGtAyByDyBtGtA0E0F0EyDzztAtCyD0B0F0A2Q&cr=2020742463&ir= SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKU\.DEFAULT -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = SearchScopes: HKU\S-1-5-19 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = SearchScopes: HKU\S-1-5-20 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = SearchScopes: HKU\S-1-5-21-3968856361-3348999749-2971435428-1001 -> DefaultScope {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=98012088_5_dg&ch=11 SearchScopes: HKU\S-1-5-21-3968856361-3348999749-2971435428-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3968856361-3348999749-2971435428-1001 -> {4B3A7778-9E05-45A6-9732-BA704A079F57} URL = hxxps://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} SearchScopes: HKU\S-1-5-21-3968856361-3348999749-2971435428-1001 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=98012088_5_dg&ch=11 SearchScopes: HKU\S-1-5-21-3968856361-3348999749-2971435428-1001 -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325157&octid=EB_ORIGINAL_CTID&ISID=M5DE685A1-102D-4879-A9E7-DB44F3F41C77&SearchSource=58&CUI=&UM=8&UP=SPE549356A-F074-457B-A154-B8F6FC270216&D=083115&q={searchTerms}&SSPV= BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\TSWebMon64.dat [2016-05-31] (Tencent) BHO-x32: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\Marcel Schenkels\AppData\Roaming\BrowserExtensions\Coupons.dll [2015-11-27] () BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1441047214&z=916855fa4752cbf41de339bg1z7zfgfe0zcm7efb5b&from=face&uid=ST1000DM003-1CH162_Z1D8WVP8XXXXZ1D8WVP8 FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\npQMExtensionsMozilla.dll [2016-05-31] (Tencent Technology (Shenzhen) Company Limited) BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\Marcel Schenkels\AppData\Roaming\BrowserExtensions\Coupons64.dll [2015-11-27] () R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCRTP.exe [311768 2016-05-31] (Tencent) U2 QQRepaire4; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepaire4 [147176 2016-06-21] () S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [147176 2016-06-24] () R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [216856 2016-05-16] (Beijing Rising Information Technology Co., Ltd.) S2 downlkadqi; geen ImagePath S2 fukunihu; C:\Program Files (x86)\00000000-1441044375-0000-0000-448A5B23F8FF\knso1701.tmpfs [X] S2 gopibeko; C:\Users\Marcel Schenkels\AppData\Local\00000000-1441051610-0000-0000-448A5B23F8FF\snso95EE.tmp [X] S2 NixSrv; geen ImagePath S2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X] S2 totyseku; C:\Program Files (x86)\00000000-1441044375-0000-0000-448A5B23F8FF\hnsg42FB.tmp [X] R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QMUdisk64.sys [184952 2016-05-18] (Tencent) R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQSysMonX64.sys [152568 2016-05-31] (电脑管家) R3 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\softaal64.sys [42488 2016-05-31] (Tencent) R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-24] () R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [97880 2016-05-31] (Tencent) R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernelEx64.sys [141816 2016-05-31] (Tencent Technology(Shenzhen) Company Limited) R3 TcHardWare; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCHW-x64.sys [16552 2016-05-31] (Tencent) R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [95224 2016-05-31] (电脑管家) R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\TS888x64.sys [38520 2016-06-24] (Tencent) S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\TSDefenseBT64.sys [28984 2016-05-31] (Tencent) R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\TsNetHlpX64.sys [55800 2016-05-31] () R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\TSSysKit64.sys [94712 2016-05-31] (电脑管家) S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 C:\Users\Marcel Schenkels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 C:\ProgramData\Tencent C:\Windows\SysWOW64\Drivers\TS888x64.sys C:\ProgramData\TXQMPC C:\Windows\Tasks\rmzgrpqkon.job C:\Users\Marcel Schenkels\AppData\Local\Temp\sps.exe C:\Windows\System32\Drivers\TFsFltX64.sys C:\Windows\system32\Drivers\TAOAccelerator64.sys C:\Windows\system32\Drivers\TAOKernelEx64.sys C:\Program Files (x86)\Rising C:\Program Files (x86)\Tencent C:\Program Files (x86)\Crossbrowse C:\Users\Marcel Schenkels\AppData\Roaming\IQIYI Video C:\program files (x86)\common files\tencent C:\Users\Marcel Schenkels\AppData\Roaming\BrowserExtensions C:\Users\Marcel Schenkels\AppData\Roaming\8vQAnZGIUceNeGIfK6CoV4BZ C:\Users\Marcel Schenkels\AppData\Roaming\dDcylh4157q C:\Users\Marcel Schenkels\AppData\Roaming\uRAR4Dapt2LDg6Tfx64s6piMD2k C:\ProgramData\DP45977C.lfl C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\IQIYI Video EmptyTemp: RemoveProxy: end