start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\...\Run: [EpicScale] => [X] HKU\S-1-5-18\...\Run: [] => [X] HKLM\...\Providers\m75pkb0c: C:\Program Files (x86)\Tuwishprikudom Agent\local64spl.dll [312832 2017-02-10] () AppInit_DLLs: C:\ProgramData\Hotfresh\Domtough.dll => Geen bestand AppInit_DLLs-x32: C:\ProgramData\Hotfresh\S-anla.dll => Geen bestand ShellExecuteHooks: Geen Naam - {7FF42358-ECD1-11E6-946D-64006A5CFC23} - C:\Users\vanessa\AppData\Roaming\Prilecergutain\Woatdrusent.dll -> Geen bestand Startup: C:\Users\vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2015-01-14] ShortcutTarget: TornTvDownloader.lnk -> C:\Users\vanessa\AppData\Roaming\TornTV.com\TornTV Downloader.exe (Geen bestand) GroupPolicy: Restrictie - Windows Defender <======= AANDACHT HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zEd9PYP5nSeswmzBv6DjgHGAqoc-KKTe-aUmJItgMBOxJT9FT2ZWLPDg7Hv8aaTiyKL0fLYZucxqvHji3gMiRnHZ1nW3_yJWs4YfMRisRi54R9NTnydyPh5zcvQmbAtOlDwf94WHMv032mnxAgttwa2Wc,&q={searchTerms} SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zEd9PYP5nSeswmzBv6DjgHGAqoc-KKTe-aUmJItgMBOxJT9FT2ZWLPDg7Hv8aaTiyKL0fLYZucxqvHji3gMiRnHZ1nW3_yJWs4YfMRisRi54R9NTnydyPh5zcvQmbAtOlDwf94WHMv032mnxAgttwa2Wc,&q={searchTerms} SearchScopes: HKU\S-1-5-21-3158286090-3323772245-4144222817-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zEd9PYP5nSeswmzBv6DjgHGAqoc-KKTe-aUmJItgMBOxJT9FT2ZWLPDg7Hv8aaTiyKL0fLYZucxqvHji3gMiRnHZ1nW3_yJWs4YfMRisRi54R9NTnydyPh5zcvQmbAtOlDwf94WHMv032mnxAgttwa2Wc,&q={searchTerms} archScopes: HKU\S-1-5-21-3158286090-3323772245-4144222817-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zEd9PYP5nSeswmzBv6DjgHGAqoc-KKTe-aUmJItgMBOxJT9FT2ZWLPDg7Hv8aaTiyKL0fLYZucxqvHji3gMiRnHZ1nW3_yJWs4YfMRisRi54R9NTnydyPh5zcvQmbAtOlDwf94WHMv032mnxAgttwa2Wc,&q={searchTerms} R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [455168 2017-02-11] () [Bestand niet getekend] <==== AANDACHT R2 mweshield; C:\Program Files\My Web Shield\mweshield.exe [931640 2016-08-31] ("My Web Shield") <==== AANDACHT R2 mweshieldup; C:\Program Files\My Web Shield\mweshieldup.exe [348472 2016-08-31] ("My Web Shield") <==== AANDACHT S4 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [760320 2017-02-11] () [Bestand niet getekend] R2 WinSAPSvc; C:\Users\vanessa\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-02-15] (TODO: ) [Bestand niet getekend] S2 WinSnare; C:\Users\vanessa\AppData\Roaming\WinSnare\WinSnare.dll [779776 2017-02-08] (InterSect Alliance Pty Ltd) [Bestand niet getekend] S2 FirefoxDL; "C:\Users\vanessa\AppData\Local\Temp\1\QQBrowser.exe" -isvc [X] <==== AANDACHT S2 GoogleChromeUpService; C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51504 /local:br [X] <==== AANDACHT R2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== AANDACHT R1 mwescontroller; C:\WINDOWS\system32\drivers\mwescontroller.sys [57680 2016-08-31] () <==== AANDACHT U3 idsvc; geen ImagePath R1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] 2017-02-17 20:07 - 2017-02-17 20:07 - 00000000 ____D C:\Program Files (x86)\Standuck 2017-02-17 20:08 - 2016-05-23 03:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys 2017-02-17 20:08 - 2016-05-19 07:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys 2017-02-16 18:42 - 2017-02-17 18:02 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job 2017-02-16 18:42 - 2017-02-17 18:02 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job 2017-02-16 18:42 - 2017-02-17 18:02 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job 2017-02-16 18:42 - 2017-02-16 18:42 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3 2017-02-16 18:42 - 2017-02-16 18:42 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2 2017-02-16 18:42 - 2017-02-16 18:42 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1 2017-02-14 18:53 - 2017-02-17 18:02 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\WinSAPSvc 2017-02-14 18:01 - 2017-02-18 17:32 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader 2017-02-14 18:01 - 2017-02-14 18:01 - 00003344 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel 2017-02-11 13:23 - 2017-02-18 19:59 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\WinSnare 2017-02-11 13:23 - 2017-02-18 19:59 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.0) 2017-02-11 13:23 - 2017-02-17 20:07 - 00003660 _____ C:\WINDOWS\System32\Tasks\Milimili 2017-02-11 13:23 - 2017-02-16 18:38 - 00000000 ____D C:\ProgramData\WinSAPSvc 2017-02-11 13:23 - 2017-02-11 13:23 - 00000000 ____D C:\Program Files (x86)\WinArcher 2017-02-11 13:23 - 2017-02-11 13:23 - 00000000 ____D C:\Program Files (x86)\MIO 2017-02-11 13:20 - 2017-02-14 17:59 - 00000000 ____D C:\Program Files (x86)\m75pkb0c 2017-02-11 13:18 - 2017-02-11 13:18 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2017-02-11 13:17 - 2017-02-11 13:17 - 00000000 ____D C:\Program Files\m75pkb0c 2017-02-10 23:16 - 2017-02-11 09:09 - 00000000 ____D C:\Program Files\My Web Shield 2017-02-10 23:16 - 2016-08-31 16:00 - 00057680 _____ C:\WINDOWS\system32\Drivers\mwescontroller.sys 2017-02-10 23:15 - 2017-02-16 18:38 - 00000000 ____D C:\Program Files (x86)\Pluteward 2017-02-10 23:15 - 2017-02-10 23:15 - 00000000 ____D C:\Users\vanessa\AppData\Local\Cevtherlepit 2017-02-10 20:08 - 2017-02-10 20:08 - 00250912 _____ C:\WINDOWS\SysWOW64\kz.exe 2017-02-10 18:50 - 2017-02-11 00:27 - 00000000 ____D C:\Users\vanessa\AppData\Local\AdvinstAnalytics 2017-02-10 18:49 - 2017-02-10 18:49 - 00003744 _____ C:\WINDOWS\System32\Tasks\{C4CEC978-8CCC-4085-BFCA-1BF2BFA616CC} 2017-02-10 18:46 - 2017-02-10 18:50 - 00000000 ____D C:\Users\vanessa\AppData\Local\app 2017-02-10 18:42 - 2017-02-10 18:42 - 00000000 ____D C:\Users\vanessa\AppData\Local\UCBrowser 2017-02-10 18:41 - 2017-02-10 20:05 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2017-02-10 18:40 - 2017-02-11 22:13 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\KuaiZip 2017-02-10 18:40 - 2017-02-10 18:40 - 00003778 _____ C:\WINDOWS\System32\Tasks\Therqoght 2017-02-10 18:40 - 2017-02-10 18:40 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Softlink 2017-02-10 18:39 - 2017-02-10 18:40 - 00000000 ____D C:\ProgramData\Microleaves 2017-02-10 18:38 - 2017-02-14 18:41 - 00000000 ____D C:\Program Files (x86)\Plizoy 2017-02-10 18:38 - 2017-02-11 00:27 - 00000000 ____D C:\Program Files (x86)\Tuwishprikudom Agent 2017-02-10 18:38 - 2017-02-10 23:26 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Prilecergutain 2017-02-10 18:38 - 2017-02-10 18:38 - 00006124 _____ C:\WINDOWS\System32\Tasks\Tuwishprikudom Agent 2017-02-10 18:38 - 2017-02-10 18:38 - 00000000 ____D C:\Users\vanessa\AppData\Local\Chinoly 2017-02-10 18:37 - 2017-02-17 18:02 - 00000396 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job 2017-02-10 18:37 - 2017-02-17 18:02 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job 2017-02-10 18:37 - 2017-02-17 18:02 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job 2017-02-10 18:37 - 2017-02-17 18:02 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job 2017-02-10 18:37 - 2017-02-16 18:42 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian 2017-02-10 18:37 - 2017-02-16 18:42 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard 2017-02-10 18:37 - 2017-02-16 18:42 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange 2017-02-10 18:37 - 2017-02-16 18:42 - 00003284 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater 2017-02-10 18:37 - 2017-02-16 18:42 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3 2017-02-10 18:37 - 2017-02-16 18:42 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2 2017-02-10 18:37 - 2017-02-16 18:42 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1 2017-02-10 18:37 - 2017-02-10 18:37 - 00000000 _____ C:\TOSTACK 2017-02-10 18:36 - 2017-02-16 18:42 - 00000000 ____D C:\Program Files (x86)\Microleaves 2017-02-10 18:36 - 2017-02-11 00:27 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-02-10 18:36 - 2017-02-11 00:27 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-02-10 18:58 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\0Uninst.exe 2017-02-10 18:59 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\1Uninst.exe 2017-02-10 18:59 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\2Uninst.exe 2017-02-10 20:06 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\3Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\4Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\5Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\6Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\7Uninst.exe 2017-02-10 20:08 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\8Uninst.exe 2017-02-10 18:38 - 2017-02-10 18:38 - 1171283 _____ ( ) C:\Users\vanessa\AppData\Local\Temp\F410.tmp.exe 2016-10-14 09:45 - 2016-10-14 09:46 - 70524384 _____ (Dropbox, Inc.) C:\Users\vanessa\AppData\Local\Temp\{2120DB75-9822-4293-B619-7D9EDC3F54F6}-DropboxClient_12.4.22.exe CustomCLSID: HKU\S-1-5-21-3158286090-3323772245-4144222817-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-1B0DD044C0A8}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Geen bestand Task: {0083C0FA-48C6-425F-9714-2BC9439E9889} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Geen bestand <==== AANDACHT Task: {05EF5E49-EBFC-471A-B890-54FC29D13BB1} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Geen bestand <==== AANDACHT Task: {183B134C-228C-4C55-8B78-0BFF491C32C5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Geen bestand <==== AANDACHT Task: {358A3699-DFB1-468E-93F9-1683416BFCB8} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== AANDACHT Task: {3B9EC416-1E67-4F5B-B16A-8D7D62F677FB} - System32\Tasks\FoxTab => C:\Users\vanessa\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== AANDACHT Task: {3D5DF73E-6359-4547-A672-6B8FF421E4D6} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== AANDACHT Task: {42F1CE3E-C6B3-49C6-AA2C-EDABE320D28F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Geen bestand <==== AANDACHT Task: {44BC5C08-11E3-43FC-B2BC-91C5A2F1027B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Geen bestand <==== AANDACHT Task: {48263287-2FF5-40E0-BBC2-01F0669C1019} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== AANDACHT Task: {64F32E9C-556E-465C-90B6-0489BA7E8CC5} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRssReader\BikaQ.exe Task: {75568441-CE91-40EE-A3CC-EE4B4A100A5A} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== AANDACHT Task: {8EAB414A-1081-4EE1-97F6-745528465E3D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Geen bestand <==== AANDACHT Task: {9442AFF2-AD6A-44B2-A3AB-F497035D4B85} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT Task: {98CFF42C-20CF-49F2-8C1E-A5C89B830515} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== AANDACHT Task: {9EBC554F-0CC0-449C-B2D7-C8F3EEC3C41B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Geen bestand <==== AANDACHT Task: {A26343AE-98DF-4985-8A9A-4A4B6A54A06A} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== AANDACHT Task: {B179E463-EBA8-4891-BCFC-0D0E7C49D62A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Geen bestand <==== AANDACHT Task: {B77E4CA6-BED6-44D4-97FD-CB653FECB945} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== AANDACHT Task: {B9BC8D8D-A7ED-47BD-9495-7FA1B2DA5B28} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT Task: {BA02D130-B815-43BA-ABBE-C0006AE378EE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT Task: {BC55924A-1A94-41BA-A40E-2F5E69BE285A} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-07] () Task: {BDEA1F76-9B11-46B2-A44F-C11899466456} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== AANDACHT Task: {C63734A2-1184-4778-A190-92C66021FA18} - System32\Tasks\{C4CEC978-8CCC-4085-BFCA-1BF2BFA616CC} => pcalua.exe -a "C:\Program Files (x86)\Common Files\VoyaQvosoft\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\VoyaQvosoft\uninstall.dat" -a uninstallme C1457568-24FC-45DD-BC7B-DE8223E364A0 DeviceId=465fbaee-88a9-f0e3-1ae1-1f6520cee8df BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet Task: {D99846DE-E800-4007-AAB9-87D683E0C960} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== AANDACHT Task: {D99846DE-E800-4007-AAB9-87D683E0C960} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== AANDACHT Task: {D840CD15-5947-4ADE-8BAE-A5E4A9A6FF76} - System32\Tasks\Tuwishprikudom Agent => C:\Program Files (x86)\Plizoy\planut.exe [2017-02-10] (Glarysoft Ltd) Task: {DD5CDEA9-BC70-4C89-A3A6-D7AF8A651548} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== AANDACHT Task: {DF7D08AB-E02E-46F4-91D9-FE3A4EA0B480} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\vanessa\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== AANDACHT Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== AANDACHT Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== AANDACHT Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== AANDACHT Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== AANDACHT Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== AANDACHT Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== AANDACHT Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== AANDACHT AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0] Reboot: end