start CreateRestorePoint: ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> Geen bestand Task: {19B6D1BB-F1FB-490B-96CB-CC50DC4A27FB} - System32\Tasks\{C1641EAA-9862-41A8-89F8-003617048B0B} => C:\Windows\system32\pcalua.exe -a C:\Users\Patric\Downloads\WindowsPhone.exe -d C:\Users\Patric\Downloads ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand Task: {337438B7-1477-45D8-946F-68652F1EF9A6} - System32\Tasks\{F53C1370-A93B-4F0B-AB90-D36CC57CFD24} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\ Task: {B8B3E95A-FB99-4B13-B098-B0D5ABC9BE85} - System32\Tasks\Driver Booster SkipUAC (Patric) => C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe C:\Program Files (x86)\IObit\Driver Booster Task: {D563E44E-5F28-4EDC-BAB2-069DAF7A35AD} - System32\Tasks\{8B264623-B443-485E-BCBD-49A857D34C7B} => C:\Windows\system32\pcalua.exe -a "C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CA6R12C5\WindowsPhone.exe" -d C:\Users\Patric\Desktop Task: {DE0F25A8-BF27-45CD-8D2B-BAEB86A72733} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe C:\Program Files (x86)\AVG\AVG PC TuneUp 2017-12-27 13:49 - 2017-12-27 13:49 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe 2017-12-27 13:49 - 2017-12-27 13:49 - 000017512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll 2017-12-27 13:49 - 2017-12-27 13:49 - 000037480 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll 2017-12-27 13:49 - 2017-12-27 13:49 - 000110696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll 2017-12-27 13:49 - 2017-12-27 13:49 - 000100968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll 2017-12-27 13:49 - 2017-12-27 13:49 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll 2017-12-27 13:49 - 2017-12-27 13:49 - 000337512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll 2017-12-27 13:49 - 2017-12-27 13:49 - 000084072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll 2017-12-27 13:49 - 2017-12-27 13:49 - 000040040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll 2017-12-27 13:49 - 2017-12-27 13:49 - 000021096 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll C:\Program Files (x86)\Lavasoft AlternateDataStreams: C:\ProgramData\Temp:373E1720 [119] AlternateDataStreams: C:\Users\Patric\Downloads:Shareaza.GUID [16] AlternateDataStreams: C:\Users\Patric\Desktop\Facebook.website:TASKICON_0news-1751121550 [2302] AlternateDataStreams: C:\Users\Patric\Desktop\Facebook.website:TASKICON_1messages-431041656 [2302] AlternateDataStreams: C:\Users\Patric\Desktop\Facebook.website:TASKICON_2events-250898981 [2302] AlternateDataStreams: C:\Users\Patric\Desktop\Facebook.website:TASKICON_3friends-215113587 [2302] AlternateDataStreams: C:\Users\Patric\Downloads\Nieuwe map:Shareaza.GUID [16] AlternateDataStreams: C:\Users\Patric\Downloads\Passware Password Recovery Kit Enterprise v10.3.2585 incl serial:Shareaza.GUID [16] AlternateDataStreams: C:\Users\Patric\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302] AlternateDataStreams: C:\Users\Patric\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302] AlternateDataStreams: C:\Users\Patric\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302] AlternateDataStreams: C:\Users\Patric\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302] IE trusted site: HKU\S-1-5-21-523000165-1516823666-2951625117-1001\...\webcompanion.com -> hxxp://webcompanion.com C:\Users\Patric\Downloads\esetsmartinstaller_enu.exe HKU\S-1-5-21-523000165-1516823666-2951625117-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7704168 2017-12-27] (Lavasoft) SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler: linkscanner - Geen CLSID Waarde Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Geen bestand Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Geen bestand Handler: skype-ie-addon-data - Geen CLSID Waarde FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be => niet gevonden FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 RSUSBSTOR; System32\Drivers\RTS5121.sys [X] S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X] U3 tmlwf; geen ImagePath U3 tmwfp; geen ImagePath S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X] 2017-12-27 13:50 - 2017-12-27 13:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2017-12-27 13:49 - 2017-12-27 13:49 - 000000000 ____D C:\ProgramData\Lavasoft 2017-12-27 13:49 - 2017-12-27 13:49 - 000000000 ____D C:\Program Files (x86)\Lavasoft 2017-12-27 13:50 - 2017-12-27 13:50 - 000000000 ____D C:\Users\Patric\AppData\Roaming\Lavasoft 2017-12-27 13:50 - 2017-12-27 13:50 - 000000000 ____D C:\Users\Patric\AppData\Local\Lavasoft 2017-12-09 08:32 - 2017-10-16 12:16 - 000000000 ____D C:\Users\Patric\AppData\LocalLow\IObit 2017-12-09 08:32 - 2017-10-16 12:15 - 000000000 ____D C:\ProgramData\IObit 2017-12-07 14:18 - 2017-10-16 12:16 - 000000000 ____D C:\Users\Patric\AppData\Roaming\IObit EmptyTemp: end