start CreateRestorePoint: () C:\Windows\Temp\g6D0.tmp.exe () C:\Windows\Temp\gFB27.tmp.exe (BY) C:\Program Files (x86)\e5wadvunwie\NCVM8R9QUSB29LV.exe (BY) C:\Program Files (x86)\20sh32j01hm\OFL54YMHAOZN6AS.exe () C:\Users\Stephanie & Nathalie\AppData\Local\Temp\c7-593fe-c74-8d6ae-d7e5a5055bc0f\HMDRDKGQNS.exe C:\Program Files (x86)\e5wadvunwie C:\Program Files (x86)\20sh32j01hm (BY) C:\Program Files\ONCMKPSO99\8G6NSSU93.exe C:\Program Files\ONCMKPSO99 (you) C:\Users\Stephanie & Nathalie\AppData\Local\Temp\35-814b0-114-d399e-2458e589b18be\SOJYHVGGBK.exe (BY) C:\Program Files\QR969L4HEQ\L8HWXW6RO.exe (BY) C:\Program Files\7UGW0ZMWW8\7UGW0ZMWW.exe (BY) C:\Program Files\HMXG7773YL\HMXG7773Y.exe (BY) C:\Program Files\X7WXJRQSKG\X7WXJRQSK.exe (BY) C:\Program Files\K61N7F3VOM\R9PA7IZFI.exe (BY) C:\Program Files\K5IETJDDV7\EJ0LLN3WQ.exe (BY) C:\Program Files\JSUIMNB4XH\JSUIMNB4X.exe (BY) C:\Program Files\T4KCYJTYIM\T4KCYJTYI.exe (BY) C:\Program Files\XJ12TIK7Q1\U02I9KTTJ.exe (BY) C:\Program Files\ONCMKPSO99\8G6NSSU93.exe C:\Program Files\QR969L4HEQ C:\Program Files\7UGW0ZMWW8 C:\Program Files\HMXG7773YL C:\Program Files\X7WXJRQSKG C:\Program Files\K61N7F3VOM C:\Program Files\K5IETJDDV7 C:\Program Files\JSUIMNB4XH C:\Program Files\T4KCYJTYIM C:\Program Files\XJ12TIK7Q1 C:\Program Files\ONCMKPSO99 HKLM\...\Run: [gplyra] => C:\Users\Stephanie & Nathalie\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== AANDACHT C:\Users\Stephanie & Nathalie\AppData\Roaming\gplyra HKLM-x32\...\Run: [AVBoost] => C:\Program Files (x86)\AVBoost\AVBoost.exe [129024 2017-05-29] () C:\Program Files (x86)\AVBoost HKLM-x32\...\Run: [BestZiper] => C:\Program Files (x86)\BZip\BestZiper.exe [1513472 2017-04-05] () <==== AANDACHT HKLM\...\RunOnce: [OMEWPRODUCT_OX9ZV] => C:\Program Files (x86)\e5wadvunwie\NCVM8R9QUSB29LV.exe [53248 2017-07-16] (BY) <==== AANDACHT HKLM\...\RunOnce: [OMEWPRODUCT_ZYY4O] => C:\Program Files (x86)\20sh32j01hm\OFL54YMHAOZN6AS.exe [53248 2017-07-16] (BY) <==== AANDACHT HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id_HMDRDKGQNS.exe] => C:\Users\Stephanie & Nathalie\AppData\Local\Temp\c7-593fe-c74-8d6ae-d7e5a5055bc0f\HMDRDKGQNS.exe [437760 2017-07-16] () <==== AANDACHT C:\Program Files (x86)\BZip C:\Program Files (x86)\e5wadvunwie C:\Program Files (x86)\20sh32j01hm HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== AANDACHT HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== AANDACHT HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== AANDACHT HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== AANDACHT HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== AANDACHT HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== AANDACHT HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== AANDACHT HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== AANDACHT HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== AANDACHT HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== AANDACHT HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== AANDACHT HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== AANDACHT HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== AANDACHT HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== AANDACHT HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== AANDACHT HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== AANDACHT HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== AANDACHT HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== AANDACHT HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== AANDACHT HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== AANDACHT HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== AANDACHT HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== AANDACHT HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== AANDACHT HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== AANDACHT HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== AANDACHT HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== AANDACHT HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== AANDACHT HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== AANDACHT HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== AANDACHT HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== AANDACHT HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== AANDACHT HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== AANDACHT HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== AANDACHT HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== AANDACHT HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== AANDACHT HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== AANDACHT HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== AANDACHT HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== AANDACHT HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== AANDACHT HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== AANDACHT HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== AANDACHT HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== AANDACHT HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== AANDACHT HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== AANDACHT HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== AANDACHT HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [2694144 2017-07-04] () <==== AANDACHT HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [SOJYHVGGBK.exe] => C:\Users\Stephanie & Nathalie\AppData\Local\Temp\35-814b0-114-d399e-2458e589b18be\SOJYHVGGBK.exe [119808 2017-07-16] (you) <==== AANDACHT HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [MN8FDVX6UJUPJ81] => C:\Program Files\QR969L4HEQ\L8HWXW6RO.exe [1040896 2017-07-16] (BY) HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [0WPZMEN6OSCQZMO] => C:\Program Files\7UGW0ZMWW8\7UGW0ZMWW.exe [1040896 2017-07-16] (BY) HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [F9VL9RDIDTCJ1JV] => C:\Program Files\HMXG7773YL\HMXG7773Y.exe [1040896 2017-07-16] (BY) HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [2WLWHYMBW1USUAV] => C:\Program Files\X7WXJRQSKG\X7WXJRQSK.exe [1040896 2017-07-16] (BY) HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [MCR3MO60TF8LI53] => C:\Program Files\K61N7F3VOM\R9PA7IZFI.exe [1040896 2017-07-16] (BY) HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [9M1FZTAH13VRYSO] => C:\Program Files\K5IETJDDV7\EJ0LLN3WQ.exe [1040896 2017-07-16] (BY) HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [EVWB0TIP8UW24E8] => C:\Program Files\JSUIMNB4XH\JSUIMNB4X.exe [1040896 2017-07-16] (BY) HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [6WWYWUK1OM10PBC] => C:\Program Files\T4KCYJTYIM\T4KCYJTYI.exe [1040896 2017-07-16] (BY) HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [HHSTN3KL6DWT5D0] => C:\Program Files\XJ12TIK7Q1\U02I9KTTJ.exe [1040896 2017-07-16] (BY) HKU\S-1-5-21-46182450-2483365633-3711743669-1000\...\Run: [NDE89127RFKAU29] => C:\Program Files\ONCMKPSO99\8G6NSSU93.exe [1040896 2017-07-17] (BY) C:\Program Files (x86)\YeaDesktop C:\Program Files\QR969L4HEQ C:\Program Files\7UGW0ZMWW8 C:\Program Files\HMXG7773YL C:\Program Files\X7WXJRQSKG C:\Program Files\K61N7F3VOM C:\Program Files\K5IETJDDV7 C:\Program Files\JSUIMNB4XH C:\Program Files\T4KCYJTYIM C:\Program Files\XJ12TIK7Q1 C:\Program Files\ONCMKPSO99 GroupPolicy: Restrictie - Chrome <==== AANDACHT SearchScopes: HKU\S-1-5-21-46182450-2483365633-3711743669-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Geen Naam -> {451C804F-C205-4F03-B48E-537EC94937BF} -> Geen bestand BHO-x32: Geen Naam -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> Geen bestand Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - Geen bestand Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - Geen bestand FF Extension: (Geen Naam) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi\ [niet gevonden] FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be => niet gevonden FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi => niet gevonden FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => niet gevonden FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\Stephanie & Nathalie\AppData\Local\htyh\application\htwebHelper.dll [Geen bestand] FF Plugin HKU\S-1-5-21-46182450-2483365633-3711743669-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Stephanie & Nathalie\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF" CHR NewTab: Default -> Not-active:"chrome-extension://kpocjpoifmommoiiiamepombpeoaehfh/stubby.html" CHR Extension: (海淘1号) - C:\Users\Stephanie & Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh [2017-07-01] CHR HKU\S-1-5-21-46182450-2483365633-3711743669-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] - 2017-07-17 00:11 - 2017-07-17 00:19 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\y2rqnaqchjk 2017-07-17 00:11 - 2017-07-17 00:19 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\db5p4agv1yw 2017-07-16 20:46 - 2017-07-16 20:54 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\tzghebdiiqw 2017-07-16 20:46 - 2017-07-16 20:54 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\spjldohjoix 2017-07-16 20:42 - 2017-07-16 20:44 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\uniwp0lg3wa 2017-07-16 20:42 - 2017-07-16 20:44 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\ugzlm0nmihj 2017-07-16 20:42 - 2017-07-16 20:44 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\rjcw4h0brxc 2017-07-16 20:42 - 2017-07-16 20:44 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\j4a21lm4gya 2017-07-16 20:42 - 2017-07-16 20:43 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\sro353vzplv 2017-07-16 20:42 - 2017-07-16 20:43 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\1xsotunpgzp 2017-07-16 20:34 - 2017-07-16 20:35 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\vjljj25dbzt 2017-07-16 17:54 - 2017-07-16 20:30 - 00000140 _____ C:\WINDOWS\Reimage.ini 2017-07-16 17:42 - 2017-07-16 17:46 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\3nqbu1nbyue 2017-07-16 17:42 - 2017-07-16 17:46 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\2hcqcxuyi5l 2017-07-16 17:16 - 2017-07-16 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop 2017-07-16 17:16 - 2017-07-16 17:16 - 00000000 ____D C:\Program Files (x86)\YiuAskUn 2017-07-16 17:16 - 2017-07-16 17:16 - 00000000 ____D C:\Program Files (x86)\YiuAskU2 2017-07-16 17:16 - 2017-07-16 17:16 - 00000000 ____D C:\Program Files (x86)\YiuAskU 2017-07-16 17:16 - 2017-07-16 17:16 - 00000000 ____D C:\Program Files (x86)\YiuAskIE 2017-07-16 17:16 - 2017-07-16 17:16 - 00000000 ____D C:\Program Files (x86)\YeaDesktop 2017-07-16 17:15 - 2017-07-16 17:17 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\zbvizrhb3rq 2017-07-16 17:15 - 2017-07-16 17:17 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\0wco0bzgxbx 2017-07-16 17:15 - 2017-07-16 17:15 - 00000000 ____D C:\Program Files (x86)\MafarchUn 2017-07-16 17:15 - 2017-07-16 17:15 - 00000000 ____D C:\Program Files (x86)\MafarchU2 2017-07-16 17:15 - 2017-07-16 17:15 - 00000000 ____D C:\Program Files (x86)\MafarchU 2017-07-16 17:15 - 2017-07-16 17:15 - 00000000 ____D C:\Program Files (x86)\MafarchIE 2017-07-16 17:14 - 2017-07-16 17:17 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\xfoynwofhbn 2017-07-16 17:14 - 2017-07-16 17:17 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\vvslqmn1dh3 2017-07-16 17:14 - 2017-07-16 17:16 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\abfjsu4uw20 2017-07-16 17:14 - 2017-07-16 17:16 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Roaming\5rd4jz4yov0 2017-07-16 17:14 - 2017-07-16 17:14 - 00000000 ____D C:\Program Files (x86)\e5wadvunwie 2017-07-16 17:14 - 2017-07-16 17:14 - 00000000 ____D C:\Program Files (x86)\BZip 2017-07-16 17:14 - 2017-07-16 17:14 - 00000000 ____D C:\Program Files (x86)\AVBoost 2017-07-16 17:14 - 2017-07-16 17:14 - 00000000 ____D C:\Program Files (x86)\20sh32j01hm 2017-07-12 16:11 - 2017-07-12 16:18 - 00000000 ____D C:\Users\Stephanie & Nathalie\AppData\Local\IIIQF ContextMenuHandlers01: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => -> Geen bestand ContextMenuHandlers01: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => -> Geen bestand ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Geen bestand ContextMenuHandlers01: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => -> Geen bestand ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Geen bestand ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Geen bestand Task: {2904EFDF-DF77-4E7E-8BA3-8B0B99442A83} - System32\Tasks\U2_B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => rundll32 "C:\Program Files (x86)\MafarchU2\flQL7zj.dll",#1 Task: {98981C52-999E-475D-BA8B-8B00C17D94DE} - System32\Tasks\U2_2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => rundll32 "C:\Program Files (x86)\YiuAskU2\EUJHowC.dll",#1 Task: {AAD4029B-C335-4D4E-BE90-CB36B608B188} - System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B2 => rundll32 "C:\Program Files (x86)\YiuAskU\nISNhLA.dll",#1 <==== AANDACHT Task: {C037CD2B-352E-4FB0-9DE3-ADB4AB346AA5} - System32\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B7835112 => rundll32 "C:\Program Files (x86)\MafarchU\FROG8da.dll",#1 <==== AANDACHT Task: {D3156FDA-8FB7-4C43-B4AC-CA30971E173E} - System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => rundll32 "C:\Program Files (x86)\YiuAskU\nISNhLA.dll",#1 <==== AANDACHT Task: {F9A9E59C-AD2A-44C3-965F-ABEF27E5237B} - System32\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => rundll32 "C:\Program Files (x86)\MafarchU\FROG8da.dll",#1 <==== AANDACHT Task: C:\WINDOWS\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B.job => C:\Program Files (x86)\YiuAskU\nISNhLA.dll <==== AANDACHT Task: C:\WINDOWS\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511.job => C:\Program Files (x86)\MafarchU\FROG8da.dll <==== AANDACHT Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== AANDACHT Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== AANDACHT Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== AANDACHT Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== AANDACHT EmptyTemp: end