Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 04.03.2018 Gestart door Fontaine (04-03-2018 13:34:28) Run:1 Gestart vanaf C:\Users\Fontaine\Desktop\PC-helpforum BE Geladen Profielen: Fontaine (Beschikbare Profielen: Fontaine) Boot Modus: Normal ============================================== fixlist inhoud: ***************** start CreateRestorePoint: CustomCLSID: HKU\S-1-5-21-730165294-666571360-1919093666-1002_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Fontaine\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => Geen bestand CustomCLSID: HKU\S-1-5-21-730165294-666571360-1919093666-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Fontaine\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Geen bestand CustomCLSID: HKU\S-1-5-21-730165294-666571360-1919093666-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Fontaine\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Geen bestand CustomCLSID: HKU\S-1-5-21-730165294-666571360-1919093666-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Fontaine\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Geen bestand CustomCLSID: HKU\S-1-5-21-730165294-666571360-1919093666-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Fontaine\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Geen bestand ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Geen bestand Task: {51490FFE-7EDD-486F-93D8-42D28C9C9C45} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe C:\Program Files\KMSpico Task: {F76A8000-17E2-4EE0-9E94-2A40C0D16D11} - \Microsoft\Windows\UNP\RunCampaignManager -> Geen bestand <==== AANDACHT Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe C:\Windows\AutoKMS AlternateDataStreams: C:\ProgramData\TEMP:972E3A44 [127] AlternateDataStreams: C:\ProgramData\TEMP:B56E7461 [133] HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" FirewallRules: [{2BE485D2-95E6-453A-A945-E8291E3BB682}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{7972BB85-A9ED-4F6C-88EF-6AD7240F0F6E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{EE5019E0-2CEA-4367-B053-89D3D290FF35}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{C0ED2608-31D4-4E45-960C-09824964BE1C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{B9B9B329-C05F-4651-80F2-0D67472921FD}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{60C1033D-2683-4BE5-B415-6B8DDEDEDBB5}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{516AB081-3FB4-4474-9982-3296692D87B4}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{4C83477E-6A89-4A99-B564-F10D835AB7BD}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{6CCA038C-CBD5-4273-8FD6-79337F92319F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{F02DBBB9-B53E-4C6B-97E6-3A5D46D91AD9}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{28100C55-79AE-42A2-9102-60A48EB529B6}] => (Allow) C:\tmp\AeroAdmin.exe FirewallRules: [{6476041B-CAC2-4B26-B1EB-955B014B26C4}] => (Allow) C:\tmp\AeroAdmin.exe CHR HKLM\SOFTWARE\Policies\Google: Restrictie <==== AANDACHT HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <==== AANDACHT SearchScopes: HKU\S-1-5-21-730165294-666571360-1919093666-1002 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=AA2pLyxixgXlXW0OYXQjUBQwpJY?q={searchTerms} SearchScopes: HKU\S-1-5-21-730165294-666571360-1919093666-1002 -> {E17F705D-26DA-46C2-BEFF-E4DC365F91D3} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit) 2018-03-03 12:08 - 2018-03-03 12:20 - 000002966 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2017-11-14 09:08 - 2017-11-14 09:08 - 007649280 _____ () C:\Program Files (x86)\GUT61E.tmp EmptyTemp: end ***************** Herstelpunt is succesvol gemaakt. "HKU\S-1-5-21-730165294-666571360-1919093666-1002_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}" => is succesvol verwijderd "HKU\S-1-5-21-730165294-666571360-1919093666-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => is succesvol verwijderd "HKU\S-1-5-21-730165294-666571360-1919093666-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => is succesvol verwijderd "HKU\S-1-5-21-730165294-666571360-1919093666-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}" => is succesvol verwijderd "HKU\S-1-5-21-730165294-666571360-1919093666-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}" => is succesvol verwijderd "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => is succesvol verwijderd HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => niet gevonden "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51490FFE-7EDD-486F-93D8-42D28C9C9C45}" => is succesvol verwijderd "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51490FFE-7EDD-486F-93D8-42D28C9C9C45}" => is succesvol verwijderd C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => is succesvol verplaatst "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => is succesvol verwijderd C:\Program Files\KMSpico => is succesvol verplaatst "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F76A8000-17E2-4EE0-9E94-2A40C0D16D11}" => is succesvol verwijderd "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F76A8000-17E2-4EE0-9E94-2A40C0D16D11}" => is succesvol verwijderd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => kon niet worden verwijderd. Toegang geweigerd. C:\WINDOWS\Tasks\AutoKMS.job => is succesvol verplaatst C:\Windows\AutoKMS => is succesvol verplaatst C:\ProgramData\TEMP => ":972E3A44" ADS is succesvol verwijderd C:\ProgramData\TEMP => ":B56E7461" ADS is succesvol verwijderd "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Wondershare Helper Compact.exe" => is succesvol verwijderd "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => niet gevonden "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2BE485D2-95E6-453A-A945-E8291E3BB682}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7972BB85-A9ED-4F6C-88EF-6AD7240F0F6E}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE5019E0-2CEA-4367-B053-89D3D290FF35}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0ED2608-31D4-4E45-960C-09824964BE1C}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9B9B329-C05F-4651-80F2-0D67472921FD}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60C1033D-2683-4BE5-B415-6B8DDEDEDBB5}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{516AB081-3FB4-4474-9982-3296692D87B4}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C83477E-6A89-4A99-B564-F10D835AB7BD}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CCA038C-CBD5-4273-8FD6-79337F92319F}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F02DBBB9-B53E-4C6B-97E6-3A5D46D91AD9}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28100C55-79AE-42A2-9102-60A48EB529B6}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6476041B-CAC2-4B26-B1EB-955B014B26C4}" => is succesvol verwijderd "HKLM\SOFTWARE\Policies\Google" => is succesvol verwijderd "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => is succesvol verwijderd "HKU\S-1-5-21-730165294-666571360-1919093666-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}" => is succesvol verwijderd HKLM\Software\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => niet gevonden "HKU\S-1-5-21-730165294-666571360-1919093666-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E17F705D-26DA-46C2-BEFF-E4DC365F91D3}" => is succesvol verwijderd HKLM\Software\Classes\CLSID\{E17F705D-26DA-46C2-BEFF-E4DC365F91D3} => niet gevonden HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => niet gevonden HKLM\Software\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => niet gevonden C:\WINDOWS\System32\Tasks\AutoKMS => is succesvol verplaatst C:\Program Files (x86)\GUT61E.tmp => is succesvol verplaatst =========== EmptyTemp: ========== BITS transfer queue => 9199616 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 151789339 B Java, Flash, Steam htmlcache => 1139 B Windows/system/drivers => 30401631 B Edge => 359399 B Chrome => 392431757 B Firefox => 17038355 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 2450 B NetworkService => 0 B Fontaine => 264583993 B RecycleBin => 102577151 B EmptyTemp: => 923.5 MB tijdelijke gegevens verwijderd. ================================ Resultaat van geplande bestanden te verplaatsen (Boot Modus: Normal) (Datum&Tijd: 04-03-2018 13:36:36) Resultaat van geplande sleutels te verwijderen na herstart: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => kon niet worden verwijderd. Toegang geweigerd. ==== Eind van Fixlog 13:36:36 ====