Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 12-06-2017 Gestart door Katrien & Joachim (13-06-2017 21:06:17) Run:1 Gestart vanaf C:\Users\Katrien & Joachim\Downloads Geladen Profielen: Katrien & Joachim (Beschikbare Profielen: Katrien & Joachim) Boot Modus: Normal ============================================== fixlist inhoud: ***************** start CreateRestorePoint: (Solvusoft Corporation) C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe HKLM-x32\...\Run: [] => [X] HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA1A (de data item heeft 313 mee tekens). ShellExecuteHooks-x32: Geen Naam - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> Geen bestand ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKU\S-1-5-21-748706070-3823825615-209406529-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms} HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770 HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Toolbar: HKU\S-1-5-21-748706070-3823825615-209406529-1001 -> Geen Naam - {5B291E6C-9A74-4034-971B-A4B007A0B315} - Geen bestand CHR dev: Chrome dev build gedetecteerd! <======= AANDACHT CHR Extension: (Google Wallet) - C:\Users\Katrien & Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== AANDACHT S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X] 2017-06-13 18:39 - 2017-06-13 19:25 - 00000392 _____ C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Startup.job 2017-06-13 18:39 - 2017-06-13 18:39 - 00002808 _____ C:\Windows\System32\Tasks\WinThruster64-Katrien & Joachim-Startup 2017-06-13 18:33 - 2017-06-13 19:12 - 00000400 _____ C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Notification.job 2017-06-13 18:33 - 2017-06-13 18:33 - 00003500 _____ C:\Windows\System32\Tasks\WinThruster64-Katrien & Joachim-Notification 2017-06-13 18:33 - 2017-06-13 18:33 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Roaming\Solvusoft 2017-06-13 18:32 - 2017-06-13 18:32 - 00002055 _____ C:\Users\Public\Desktop\WinThruster.lnk 2017-06-13 18:31 - 2017-06-13 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft 2017-06-13 18:31 - 2017-06-13 18:31 - 00000000 ____D C:\Program Files\Solvusoft 2017-06-13 18:31 - 2017-06-13 18:31 - 00000000 ____D C:\Program Files (x86)\Solvusoft 2017-06-13 18:29 - 2017-06-13 18:33 - 00000000 ___HD C:\ProgramData\{B96EB44A-7860-4F13-BC9A-0A73CA5F11C2} 2017-06-13 18:29 - 2017-06-13 18:33 - 00000000 ____D C:\ProgramData\Solvusoft 2017-06-13 18:28 - 2017-06-13 18:28 - 08932000 _____ (Solvusoft Corporation ) C:\Users\Katrien & Joachim\Downloads\Setup_WinThruster_2016.exe 2017-06-13 18:28 - 2017-06-13 18:28 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Local\IIIQF 2017-06-13 18:16 - 2017-06-13 18:17 - 00000085 _____ C:\Windows\wininit.ini 2017-06-13 14:33 - 2017-06-13 14:33 - 00000000 __SHD C:\found.003 2017-06-12 20:11 - 2017-06-12 20:11 - 00000000 ____D C:\9e8d90d4e8d767e63aefb145c9c3cd 2017-06-12 19:41 - 2017-06-12 19:42 - 00000000 ____D C:\e3e87185d3012d681569c0cc 2017-06-12 19:40 - 2017-06-12 19:41 - 00000000 ____D C:\07de1941a6655bff87f4ca687bfa6fb1 2017-06-07 18:08 - 2017-06-07 18:08 - 00000000 ____D C:\0e401510c2a156fe29087cc622b804 2017-06-07 15:49 - 2017-06-07 15:50 - 00000000 ____D C:\9994b9c06ad91d4c4af8 2017-06-05 17:14 - 2017-06-05 17:15 - 00000000 ____D C:\b43d768a66c4e057f0d1265c64 2017-05-31 21:43 - 2017-05-31 21:44 - 00000000 ____D C:\3ee6476d63d61fe788e5152e473226 2017-05-22 22:49 - 2017-05-22 22:50 - 00000000 ____D C:\297f3ce97be1ba4668fb 2017-05-20 19:59 - 2017-05-20 19:59 - 00000000 ____D C:\38c34574efb1428ff4 2017-05-19 20:50 - 2017-05-19 20:51 - 00000000 ____D C:\e64e1d7efbeaed43c4eb00033d5c69 Task: {657CA394-5E8E-4198-AC4C-06AF2C87D683} - System32\Tasks\WinThruster64-Katrien & Joachim-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe [2015-10-11] (Solvusoft Corporation) <==== AANDACHT Task: {7556A526-CC12-402D-A7B3-99BFD51F773F} - System32\Tasks\WinThruster64-Katrien & Joachim-Notification => C:\Program Files\Solvusoft\WinThruster\Sync.exe [2015-10-11] (Solvusoft Corporation) <==== AANDACHT Task: {D041C68A-BEA2-45FC-9FD0-D331D661FEB6} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.) Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe 5-fh scripts\monthly.xml Task: C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== AANDACHT Task: C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== AANDACHT AlternateDataStreams: C:\ProgramData\Temp:FB1B13D8 [137] FirewallRules: [{D521FAF2-EC81-4FF5-AAD6-EBEACF1A645C}] => (Allow) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe FirewallRules: [{A44CDA78-2B6E-44BE-99BF-7500DCF667F8}] => (Allow) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe FirewallRules: [{DB9F6E7A-31C7-4F0A-8134-4B7218817837}] => (Allow) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe FirewallRules: [{9E2B175B-9D47-4CF5-87B6-14CBC413C03A}] => (Allow) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe FirewallRules: [{B6D1BA9C-CFD0-480F-AACC-18906F5691EE}] => (Allow) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe FirewallRules: [{2BA31A48-4AA8-4241-B7A5-D8ACD41A0A0C}] => (Allow) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe Reboot: end ***************** Herstelpunt is succesvol gemaakt. C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe => Geen lopend proces gevonden HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => waarde is succesvol verwijderd HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => waarde is succesvol verwijderd HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => waarde is succesvol verwijderd HKLM\SOFTWARE\WOW6432Node\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => sleutel is succesvol verwijderd HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => sleutel is succesvol verwijderd HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => sleutel niet gevonden. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => sleutel is succesvol verwijderd HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => sleutel niet gevonden. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => sleutel is succesvol verwijderd HKU\S-1-5-21-748706070-3823825615-209406529-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => sleutel is succesvol verwijderd HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => waarde met succes hersteld HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => waarde met succes hersteld HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => waarde met succes hersteld HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => waarde met succes hersteld HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => waarde met succes hersteld HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => waarde met succes hersteld HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => waarde met succes hersteld HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => waarde met succes hersteld HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => waarde met succes hersteld HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => waarde met succes hersteld HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => waarde met succes hersteld HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => waarde met succes hersteld HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5B291E6C-9A74-4034-971B-A4B007A0B315} => waarde is succesvol verwijderd HKLM\Software\Classes\CLSID\{5B291E6C-9A74-4034-971B-A4B007A0B315} => sleutel niet gevonden. CHR dev: Chrome dev build gedetecteerd! <======= AANDACHT => Fout: Geen automatische fix gevonden voor dit item. C:\Users\Katrien & Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== AANDACHT => niet gevonden HKLM\System\CurrentControlSet\Services\catchme => sleutel is succesvol verwijderd catchme => dienst is succesvol verwijderd HKLM\System\CurrentControlSet\Services\PcdrNdisuio => sleutel is succesvol verwijderd PcdrNdisuio => dienst is succesvol verwijderd C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Startup.job => is succesvol verplaatst C:\Windows\System32\Tasks\WinThruster64-Katrien & Joachim-Startup => is succesvol verplaatst "C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Notification.job" => niet gevonden. "C:\Windows\System32\Tasks\WinThruster64-Katrien & Joachim-Notification" => niet gevonden. C:\Users\Katrien & Joachim\AppData\Roaming\Solvusoft => is succesvol verplaatst "C:\Users\Public\Desktop\WinThruster.lnk" => niet gevonden. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft" => niet gevonden. "C:\Program Files\Solvusoft" => niet gevonden. "C:\Program Files (x86)\Solvusoft" => niet gevonden. "C:\ProgramData\{B96EB44A-7860-4F13-BC9A-0A73CA5F11C2}" => niet gevonden. C:\ProgramData\Solvusoft => is succesvol verplaatst C:\Users\Katrien & Joachim\Downloads\Setup_WinThruster_2016.exe => is succesvol verplaatst C:\Users\Katrien & Joachim\AppData\Local\IIIQF => is succesvol verplaatst C:\Windows\wininit.ini => is succesvol verplaatst C:\found.003 => is succesvol verplaatst C:\9e8d90d4e8d767e63aefb145c9c3cd => is succesvol verplaatst C:\e3e87185d3012d681569c0cc => is succesvol verplaatst C:\07de1941a6655bff87f4ca687bfa6fb1 => is succesvol verplaatst C:\0e401510c2a156fe29087cc622b804 => is succesvol verplaatst C:\9994b9c06ad91d4c4af8 => is succesvol verplaatst C:\b43d768a66c4e057f0d1265c64 => is succesvol verplaatst C:\3ee6476d63d61fe788e5152e473226 => is succesvol verplaatst C:\297f3ce97be1ba4668fb => is succesvol verplaatst C:\38c34574efb1428ff4 => is succesvol verplaatst C:\e64e1d7efbeaed43c4eb00033d5c69 => is succesvol verplaatst HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{657CA394-5E8E-4198-AC4C-06AF2C87D683} => sleutel is succesvol verwijderd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{657CA394-5E8E-4198-AC4C-06AF2C87D683} => sleutel is succesvol verwijderd C:\Windows\System32\Tasks\WinThruster64-Katrien & Joachim-Startup => niet gevonden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinThruster64-Katrien & Joachim-Startup => sleutel is succesvol verwijderd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7556A526-CC12-402D-A7B3-99BFD51F773F} => sleutel niet gevonden. C:\Windows\System32\Tasks\WinThruster64-Katrien & Joachim-Notification => niet gevonden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinThruster64-Katrien & Joachim-Notification => sleutel niet gevonden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D041C68A-BEA2-45FC-9FD0-D331D661FEB6} => sleutel is succesvol verwijderd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D041C68A-BEA2-45FC-9FD0-D331D661FEB6} => sleutel is succesvol verwijderd C:\Windows\System32\Tasks\PCDRScheduledMaintenance => is succesvol verplaatst HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDRScheduledMaintenance => sleutel is succesvol verwijderd C:\Windows\Tasks\PCDRScheduledMaintenance.job => is succesvol verplaatst C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Notification.job => niet gevonden. C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Startup.job => niet gevonden. C:\ProgramData\Temp => ":FB1B13D8" ADS is succesvol verwijderd. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D521FAF2-EC81-4FF5-AAD6-EBEACF1A645C} => waarde is succesvol verwijderd HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A44CDA78-2B6E-44BE-99BF-7500DCF667F8} => waarde is succesvol verwijderd HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB9F6E7A-31C7-4F0A-8134-4B7218817837} => waarde is succesvol verwijderd HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E2B175B-9D47-4CF5-87B6-14CBC413C03A} => waarde is succesvol verwijderd HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6D1BA9C-CFD0-480F-AACC-18906F5691EE} => waarde is succesvol verwijderd HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2BA31A48-4AA8-4241-B7A5-D8ACD41A0A0C} => waarde is succesvol verwijderd Het systeem moest herstart worden. ==== Eind van Fixlog 21:06:39 ====