start
CreateRestorePoint:
(Solvusoft Corporation) C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA1A (de data item heeft 313 mee tekens).
ShellExecuteHooks-x32: Geen Naam - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  -> Geen bestand
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
HKU\S-1-5-21-748706070-3823825615-209406529-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms}
HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
Toolbar: HKU\S-1-5-21-748706070-3823825615-209406529-1001 -> Geen Naam - {5B291E6C-9A74-4034-971B-A4B007A0B315} -  Geen bestand
CHR dev: Chrome dev build gedetecteerd! <======= AANDACHT
CHR Extension: (Google Wallet) - C:\Users\Katrien & Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== AANDACHT
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
2017-06-13 18:39 - 2017-06-13 19:25 - 00000392 _____ C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Startup.job
2017-06-13 18:39 - 2017-06-13 18:39 - 00002808 _____ C:\Windows\System32\Tasks\WinThruster64-Katrien & Joachim-Startup
2017-06-13 18:33 - 2017-06-13 19:12 - 00000400 _____ C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Notification.job
2017-06-13 18:33 - 2017-06-13 18:33 - 00003500 _____ C:\Windows\System32\Tasks\WinThruster64-Katrien & Joachim-Notification
2017-06-13 18:33 - 2017-06-13 18:33 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Roaming\Solvusoft
2017-06-13 18:32 - 2017-06-13 18:32 - 00002055 _____ C:\Users\Public\Desktop\WinThruster.lnk
2017-06-13 18:31 - 2017-06-13 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
2017-06-13 18:31 - 2017-06-13 18:31 - 00000000 ____D C:\Program Files\Solvusoft
2017-06-13 18:31 - 2017-06-13 18:31 - 00000000 ____D C:\Program Files (x86)\Solvusoft
2017-06-13 18:29 - 2017-06-13 18:33 - 00000000 ___HD C:\ProgramData\{B96EB44A-7860-4F13-BC9A-0A73CA5F11C2}
2017-06-13 18:29 - 2017-06-13 18:33 - 00000000 ____D C:\ProgramData\Solvusoft
2017-06-13 18:28 - 2017-06-13 18:28 - 08932000 _____ (Solvusoft Corporation ) C:\Users\Katrien & Joachim\Downloads\Setup_WinThruster_2016.exe
2017-06-13 18:28 - 2017-06-13 18:28 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Local\IIIQF
2017-06-13 18:16 - 2017-06-13 18:17 - 00000085 _____ C:\Windows\wininit.ini
2017-06-13 14:33 - 2017-06-13 14:33 - 00000000 __SHD C:\found.003
2017-06-12 20:11 - 2017-06-12 20:11 - 00000000 ____D C:\9e8d90d4e8d767e63aefb145c9c3cd
2017-06-12 19:41 - 2017-06-12 19:42 - 00000000 ____D C:\e3e87185d3012d681569c0cc
2017-06-12 19:40 - 2017-06-12 19:41 - 00000000 ____D C:\07de1941a6655bff87f4ca687bfa6fb1
2017-06-07 18:08 - 2017-06-07 18:08 - 00000000 ____D C:\0e401510c2a156fe29087cc622b804
2017-06-07 15:49 - 2017-06-07 15:50 - 00000000 ____D C:\9994b9c06ad91d4c4af8
2017-06-05 17:14 - 2017-06-05 17:15 - 00000000 ____D C:\b43d768a66c4e057f0d1265c64
2017-05-31 21:43 - 2017-05-31 21:44 - 00000000 ____D C:\3ee6476d63d61fe788e5152e473226
2017-05-22 22:49 - 2017-05-22 22:50 - 00000000 ____D C:\297f3ce97be1ba4668fb
2017-05-20 19:59 - 2017-05-20 19:59 - 00000000 ____D C:\38c34574efb1428ff4
2017-05-19 20:50 - 2017-05-19 20:51 - 00000000 ____D C:\e64e1d7efbeaed43c4eb00033d5c69
Task: {657CA394-5E8E-4198-AC4C-06AF2C87D683} - System32\Tasks\WinThruster64-Katrien & Joachim-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe [2015-10-11] (Solvusoft Corporation) <==== AANDACHT
Task: {7556A526-CC12-402D-A7B3-99BFD51F773F} - System32\Tasks\WinThruster64-Katrien & Joachim-Notification => C:\Program Files\Solvusoft\WinThruster\Sync.exe [2015-10-11] (Solvusoft Corporation) <==== AANDACHT
Task: {D041C68A-BEA2-45FC-9FD0-D331D661FEB6} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe 5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== AANDACHT
Task: C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== AANDACHT
AlternateDataStreams: C:\ProgramData\Temp:FB1B13D8 [137]
FirewallRules: [{D521FAF2-EC81-4FF5-AAD6-EBEACF1A645C}] => (Allow) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{A44CDA78-2B6E-44BE-99BF-7500DCF667F8}] => (Allow) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{DB9F6E7A-31C7-4F0A-8134-4B7218817837}] => (Allow) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{9E2B175B-9D47-4CF5-87B6-14CBC413C03A}] => (Allow) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{B6D1BA9C-CFD0-480F-AACC-18906F5691EE}] => (Allow) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{2BA31A48-4AA8-4241-B7A5-D8ACD41A0A0C}] => (Allow) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
Reboot:
end