Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 21-08-2016 01 Gestart door Mundus-Warnants (26-08-2016 10:53:39) Run:1 Gestart vanaf C:\Users\Mundus-Warnants\Desktop Geladen Profielen: Mundus-Warnants (Beschikbare Profielen: Mundus-Warnants) Boot Modus: Normal ============================================== fixlist inhoud: ***************** start CreateRestorePoint: CloseProcesses: Task: {991EBFF8-7632-4DAE-89A5-3BE101441CE2} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== AANDACHT Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== AANDACHT WMI_ActiveScriptEventConsumer_ASEC: <===== AANDACHT ShortcutWithArgument: C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com FirewallRules: [{80472134-9F00-4E01-9845-C5CF0A2B92A4}] => (Allow) C:\Users\Mundus-Warnants\AppData\Local\Temp\MPCOnline\MPCDownload.exe FirewallRules: [{2F4C8978-22B5-43AD-9C62-1AC7BFC6E1A2}] => (Allow) C:\Users\Mundus-Warnants\AppData\Local\Temp\MPCOnline\MPCDownload.exe FirewallRules: [{900D3860-78FD-4EB7-989A-541896970A76}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{D05CC054-6A35-4374-95A3-0D2A6500058E}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{184113B6-287D-4D1C-8B56-A17016C76865}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{8410554B-4089-4A79-A4B9-5C1C3B99FF87}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe HKLM-x32\...\Run: [AdAnti] => C:\Program Files (x86)\AdAnti\AdAnti.exe [4291688 2016-08-15] () ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => Geen bestand ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll Geen bestand S2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [X] S2 ziphost; c:\program files\ziptool\ziphost.dll [X] <==== AANDACHT R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== AANDACHT C:\Windows\System32\DRIVERS\ucguard.sys C:\Program Files\¿ìѹ c:\program files\ziptool C:\Program Files (x86)\AdAnti C:\Program Files (x86)\UCBrowser C:\Program Files (x86)\SrpnFiles C:\Users\Mundus-Warnants\Downloads\sh-remover.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\净广大师 C:\Users\Mundus-Warnants\AppData\Roaming\AdAnti13.exe C:\Users\Mundus-Warnants\AppData\Roaming\Kuaizip C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk C:\Users\Mundus-Warnants\AppData\Roaming\Softlink C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 C:\Users\Mundus-Warnants\AppData\Roaming\ziptool_wc-9025_setup.exe C:\Users\Mundus-Warnants\AppData\Roaming\ziptool_wc-9015_setup.exe C:\WINDOWS\Tasks\UCBrowserUpdater.job C:\Users\Mundus-Warnants\AppData\Local\app C:\WINDOWS\System32\Tasks\UCBrowserUpdater C:\Users\Mundus-Warnants\AppData\Local\UCBrowser Hosts: EmptyTemp: end ***************** start CreateRestorePoint: CloseProcesses: Task: {991EBFF8-7632-4DAE-89A5-3BE101441CE2} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== AANDACHT Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== AANDACHT WMI_ActiveScriptEventConsumer_ASEC: <===== AANDACHT ShortcutWithArgument: C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com FirewallRules: [{80472134-9F00-4E01-9845-C5CF0A2B92A4}] => (Allow) C:\Users\Mundus-Warnants\AppData\Local\Temp\MPCOnline\MPCDownload.exe FirewallRules: [{2F4C8978-22B5-43AD-9C62-1AC7BFC6E1A2}] => (Allow) C:\Users\Mundus-Warnants\AppData\Local\Temp\MPCOnline\MPCDownload.exe FirewallRules: [{900D3860-78FD-4EB7-989A-541896970A76}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{D05CC054-6A35-4374-95A3-0D2A6500058E}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{184113B6-287D-4D1C-8B56-A17016C76865}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{8410554B-4089-4A79-A4B9-5C1C3B99FF87}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe HKLM-x32\...\Run: [AdAnti] => C:\Program Files (x86)\AdAnti\AdAnti.exe [4291688 2016-08-15] () ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => Geen bestand ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll Geen bestand S2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [X] S2 ziphost; c:\program files\ziptool\ziphost.dll [X] <==== AANDACHT R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== AANDACHT C:\Windows\System32\DRIVERS\ucguard.sys C:\Program Files\¿ìѹ c:\program files\ziptool C:\Program Files (x86)\AdAnti C:\Program Files (x86)\UCBrowser C:\Program Files (x86)\SrpnFiles C:\Users\Mundus-Warnants\Downloads\sh-remover.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\净广大师 C:\Users\Mundus-Warnants\AppData\Roaming\AdAnti13.exe C:\Users\Mundus-Warnants\AppData\Roaming\Kuaizip C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk C:\Users\Mundus-Warnants\AppData\Roaming\Softlink C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 C:\Users\Mundus-Warnants\AppData\Roaming\ziptool_wc-9025_setup.exe C:\Users\Mundus-Warnants\AppData\Roaming\ziptool_wc-9015_setup.exe C:\WINDOWS\Tasks\UCBrowserUpdater.job C:\Users\Mundus-Warnants\AppData\Local\app C:\WINDOWS\System32\Tasks\UCBrowserUpdater C:\Users\Mundus-Warnants\AppData\Local\UCBrowser Hosts: EmptyTemp: end => niet gevonden ==== Eind van Fixlog 10:53:40 ====