Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 18-01-2020 Gestart door katin (19-01-2020 18:47:30) Run:1 Gestart vanaf C:\Users\katin\Desktop Geladen Profielen: katin (Beschikbare Profielen: defaultuser0 & katin & joach) Boot Modus: Normal ============================================== fixlist inhoud: ***************** CreateRestorePoint: CloseProcesses: Task: {0FDD6F59-E629-4DC0-8D9E-ADA3C95C880D} - System32\Tasks\App Explorer => C:\Users\katin\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-07] (SweetLabs Inc. -> SweetLabs, Inc) <==== AANDACHT Task: {3AAF05D6-C9C1-4AEA-82F3-E49ECF3F5377} - \Microsoft\Windows\UNP\RunCampaignManager -> Geen bestand <==== AANDACHT SearchScopes: HKU\S-1-5-21-4209545030-941644967-1577953332-1001 -> DefaultScope {4898D9F6-A06A-4CC9-B828-55D5DD36331F} URL = SearchScopes: HKU\S-1-5-21-4209545030-941644967-1577953332-1001 -> {4898D9F6-A06A-4CC9-B828-55D5DD36331F} URL = CHR NewTab: Default -> Not-active:"chrome-extension://gnighmloblbkmoleodphoegaiinnikpk/newtabpage.html", Not-active:"chrome-extension://oiifocgmpeklnafamamaemkeeondihcd/newtabpage.html", Not-active:"chrome-extension://iikigimpplcfggfcaaigbkeaobjkjipi/product.html" CHR Notifications: Default -> hxxps://cloud1.pw; hxxps://nl.pinterest.com; hxxps://online.freemusicdownloads.world; hxxps://www.flair.be; hxxps://www.instagram.com; hxxps://www.wish.com; hxxps://www.youtube.com ShortcutWithArgument: C:\Users\katin\Desktop\YouTube.lnk -> C:\Users\katin\AppData\Local\Host App Service\Engine\WebAppHelper.exe (SweetLabs, Inc) -> /NAME"YouTube" /APPID"322460fb8f47d8cb14cd883b17b5e0dd233a7768" /URL"hxxps://www.youtube.com/?gl=US" ShortcutWithArgument: C:\Users\katin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouTube.lnk -> C:\Users\katin\AppData\Local\Host App Service\Engine\WebAppHelper.exe (SweetLabs, Inc) -> /NAME"YouTube" /APPID"322460fb8f47d8cb14cd883b17b5e0dd233a7768" /URL"hxxps://www.youtube.com/?gl=US" FirewallRules: [{FBC5B37E-CA3F-4558-926D-A1FFCFA7A78E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe Geen bestand FirewallRules: [{D5D5C393-3D5A-45AE-BC9B-92CB13B722A8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe Geen bestand FirewallRules: [{24B8DC67-2485-49B4-9460-2E3703297593}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe Geen bestand FirewallRules: [{C63E1612-093D-4554-A7EB-7B5516292E99}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe Geen bestand FirewallRules: [{3B2C5E9B-6EA2-4B89-9971-DA61E066F18F}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe Geen bestand FirewallRules: [{A4EC70FF-C58F-4C46-9E6A-6A7EC71A8776}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe Geen bestand FirewallRules: [UDP Query User{76FD7B06-F7D7-4FDD-AF80-941837E631B6}C:\users\katin\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\katin\appdata\local\popcorn-time\popcorn-time.exe Geen bestand FirewallRules: [TCP Query User{68E1C52A-8BB3-4F14-8FCA-BA86EAE61A82}C:\users\katin\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\katin\appdata\local\popcorn-time\popcorn-time.exe Geen bestand FirewallRules: [{A9F3D098-57E2-41AF-9681-90B36D15663A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe Geen bestand FirewallRules: [{AB3EEBC7-2AA5-432C-81F1-55276806AB3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe Geen bestand FirewallRules: [{9B484690-4EC2-46DA-8EB6-E33DCE5E77E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe Geen bestand FirewallRules: [{D7832A58-B702-4446-BF9B-587F894E249E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe Geen bestand FirewallRules: [{F6118240-AD19-471A-9560-2AF8F373485E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Geen bestand FirewallRules: [{08EB0762-2B5D-4A87-925C-EBB1269333E2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Geen bestand FirewallRules: [{E7B7C798-9176-4A07-B5AA-D66130F32930}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe Geen bestand FirewallRules: [{252D61D2-BA23-4EEA-BE2D-0639673F9CDA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe Geen bestand FirewallRules: [{CD9B0528-C3FD-4CB9-ABB3-04B755EC7050}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe Geen bestand FirewallRules: [{D5719F4F-C37D-4A6C-8FFA-EB4421A3A3EC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe Geen bestand FirewallRules: [{BCEE3716-0623-4863-BDA1-DB3058E4DECB}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe Geen bestand FirewallRules: [{EAADA67D-06EB-4E97-9AC7-96FDDBDEF92E}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe Geen bestand FirewallRules: [{C9105AD5-B54F-4E8B-91F5-93D626411751}] => (Allow) %systemroot%\system32\alg.exe Geen bestand FirewallRules: [{0F98B4DB-D83B-4CC2-98C0-E8E46C293DE7}] => (Allow) %systemroot%\system32\alg.exe Geen bestand FirewallRules: [{FECAC5C5-2FA8-49E4-8BA5-3BCFF3BE2165}] => (Allow) %systemroot%\system32\alg.exe Geen bestand VirusTotal: C:\Users\katin\AppData\Roaming\.cache3678791056.dat EmptyTemp: Reboot: ***************** Herstelpunt is succesvol gemaakt. Proces succesvol afgesloten. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FDD6F59-E629-4DC0-8D9E-ADA3C95C880D}" => is succesvol verwijderd "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FDD6F59-E629-4DC0-8D9E-ADA3C95C880D}" => is succesvol verwijderd C:\WINDOWS\System32\Tasks\App Explorer => is succesvol verplaatst "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer" => is succesvol verwijderd "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AAF05D6-C9C1-4AEA-82F3-E49ECF3F5377}" => is succesvol verwijderd "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AAF05D6-C9C1-4AEA-82F3-E49ECF3F5377}" => is succesvol verwijderd "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => niet gevonden "HKU\S-1-5-21-4209545030-941644967-1577953332-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => is succesvol verwijderd HKU\S-1-5-21-4209545030-941644967-1577953332-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4898D9F6-A06A-4CC9-B828-55D5DD36331F} => is succesvol verwijderd "Chrome NewTab" => is succesvol verwijderd "Chrome Notifications" => is succesvol verwijderd C:\Users\katin\Desktop\YouTube.lnk => snelkoppeling argument is succesvol verwijderd C:\Users\katin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouTube.lnk => snelkoppeling argument is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBC5B37E-CA3F-4558-926D-A1FFCFA7A78E}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5D5C393-3D5A-45AE-BC9B-92CB13B722A8}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24B8DC67-2485-49B4-9460-2E3703297593}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C63E1612-093D-4554-A7EB-7B5516292E99}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B2C5E9B-6EA2-4B89-9971-DA61E066F18F}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4EC70FF-C58F-4C46-9E6A-6A7EC71A8776}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{76FD7B06-F7D7-4FDD-AF80-941837E631B6}C:\users\katin\appdata\local\popcorn-time\popcorn-time.exe" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{68E1C52A-8BB3-4F14-8FCA-BA86EAE61A82}C:\users\katin\appdata\local\popcorn-time\popcorn-time.exe" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9F3D098-57E2-41AF-9681-90B36D15663A}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB3EEBC7-2AA5-432C-81F1-55276806AB3D}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B484690-4EC2-46DA-8EB6-E33DCE5E77E6}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7832A58-B702-4446-BF9B-587F894E249E}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6118240-AD19-471A-9560-2AF8F373485E}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08EB0762-2B5D-4A87-925C-EBB1269333E2}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7B7C798-9176-4A07-B5AA-D66130F32930}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{252D61D2-BA23-4EEA-BE2D-0639673F9CDA}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD9B0528-C3FD-4CB9-ABB3-04B755EC7050}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5719F4F-C37D-4A6C-8FFA-EB4421A3A3EC}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BCEE3716-0623-4863-BDA1-DB3058E4DECB}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EAADA67D-06EB-4E97-9AC7-96FDDBDEF92E}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9105AD5-B54F-4E8B-91F5-93D626411751}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F98B4DB-D83B-4CC2-98C0-E8E46C293DE7}" => is succesvol verwijderd "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FECAC5C5-2FA8-49E4-8BA5-3BCFF3BE2165}" => is succesvol verwijderd VirusTotal: C:\Users\katin\AppData\Roaming\.cache3678791056.dat => https://www.virustotal.com/file/09fedf0fab38523ded73541a1b61c68ad93f91c8838c4ee0f8cd793ceaab18c4/analysis/1579456152/ =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 451480147 B Java, Flash, Steam htmlcache => 51672516 B Windows/system/drivers => 7586782 B Edge => 12709461 B Chrome => 625782885 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 6656 B ProgramData => 6656 B Public => 6656 B systemprofile => 6656 B systemprofile32 => 6656 B LocalService => 83508 B NetworkService => 44489440 B defaultuser0 => 44496096 B katin => 220760362 B joach => 372744475 B RecycleBin => 237150586 B EmptyTemp: => 1.9 GB tijdelijke gegevens verwijderd. ================================ Het systeem moest herstart worden. ==== Einde van Fixlog 18:56:02 ====