Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 20-10-2021
Gestart door wilfr (21-10-2021 16:11:44) Run:1
Gestart vanaf C:\Users\wilfr\Downloads
Geladen Profielen: wilfr
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrictie <==== AANDACHT
Startup: C:\Users\wilfr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\µTorrent [2021-01-13] () <==== AANDACHT [nul byte bestand/map]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrictie <==== AANDACHT
Task: {C9A72B06-F138-43BA-B976-CBAAF53B2E81} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-09-14] <==== AANDACHT (Gericht op * .cfg bestand)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-09-14] <==== AANDACHT
S0 AMSElamDriver; C:\WINDOWS\System32\drivers\amselam.sys [21976 2019-07-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [195504 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [195816 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 webshieldfilter; C:\WINDOWS\System32\drivers\webshieldfilter.sys [79048 2019-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) <==== AANDACHT
S3 AscFileControl; \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\win10_amd64\AscFileControl.sys [X]
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
AV: Total AV (Enabled - Up to date) {B185458D-38B3-A010-10F7-3D378DAA6032}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> Geen bestand
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Geen bestand
IE trusted site: HKU\S-1-5-21-1228691392-3513963491-2876946990-1003\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1228691392-3513963491-2876946990-1003\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\...\StartupApproved\Run: => "iSkysoft Helper Compact.exe"
HKU\S-1-5-21-1228691392-3513963491-2876946990-1003\...\StartupApproved\Run: => "Opera Browser Assistant"
FirewallRules: [{ADD1FC44-7EBA-4E97-8D24-8D2F26F42D39}] => (Allow) C:\Users\wilfr\Downloads\UltraAdwareKiller64.exe (Da Silva Alfrédo -> Carifred)
FirewallRules: [{82F7FD2D-F410-4BA5-A4F8-4F0244C26BDA}] => (Allow) C:\Users\wilfr\Downloads\UltraAdwareKiller64.exe (Da Silva Alfrédo -> Carifred)
FirewallRules: [{1D72F827-96DC-4620-A3EB-FE2169FC22AE}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Geen bestand
FirewallRules: [{7BD9D6EC-320C-4F9C-AF57-70FF7DCA3AD1}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Geen bestand
FirewallRules: [{D80CEE0F-E115-4136-8F2C-475C34F452BC}] => (Allow) C:\Users\wilfr\AppData\Local\Programs\Opera\77.0.4054.90\opera.exe => Geen bestand
FirewallRules: [{2C745D11-94FE-4A64-A301-16750D96F433}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe => Geen bestand
FirewallRules: [{4F7085BE-3668-49D5-90BB-8BBAA7BAC14A}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe => Geen bestand
hosts:
EmptyTemp:
Reboot:

*****************

Herstelpunt is succesvol gemaakt.
Proces succesvol afgesloten.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iSkysoft Helper Compact.exe" => is succesvol verwijderd
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => is succesvol verwijderd
C:\Users\wilfr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\µTorrent => is succesvol verplaatst
HKLM\SOFTWARE\Policies\Mozilla => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C9A72B06-F138-43BA-B976-CBAAF53B2E81}" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9A72B06-F138-43BA-B976-CBAAF53B2E81}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\AVG\Overseer => is succesvol verplaatst
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\Overseer" => is succesvol verwijderd
C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js => is succesvol verplaatst
C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg => is succesvol verplaatst
HKLM\System\CurrentControlSet\Services\AMSElamDriver => is succesvol verwijderd
AMSElamDriver => service is succesvol verwijderd
avgntflt => Kon service niet stoppen.
HKLM\System\CurrentControlSet\Services\avgntflt => is succesvol verwijderd
avgntflt => service is succesvol verwijderd
avipbb => Service succesvol gestopt.
HKLM\System\CurrentControlSet\Services\avipbb => is succesvol verwijderd
avipbb => service is succesvol verwijderd
avkmgr => Kon service niet stoppen.
HKLM\System\CurrentControlSet\Services\avkmgr => is succesvol verwijderd
avkmgr => service is succesvol verwijderd
webshieldfilter => Service succesvol gestopt.
HKLM\System\CurrentControlSet\Services\webshieldfilter => is succesvol verwijderd
webshieldfilter => service is succesvol verwijderd
HKLM\System\CurrentControlSet\Services\AscFileControl => is succesvol verwijderd
AscFileControl => service is succesvol verwijderd
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent" => is succesvol verwijderd
"AV: Total AV (Enabled - Up to date) {B185458D-38B3-A010-10F7-3D378DAA6032}" => is succesvol verwijderd
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => is succesvol verwijderd
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => is succesvol verwijderd
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => is succesvol verwijderd
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => is succesvol verwijderd
HKU\S-1-5-21-1228691392-3513963491-2876946990-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => is succesvol verwijderd
HKU\S-1-5-21-1228691392-3513963491-2876946990-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\iSkysoft Helper Compact.exe" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iSkysoft Helper Compact.exe" => niet gevonden
"HKU\S-1-5-21-1228691392-3513963491-2876946990-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Opera Browser Assistant" => is succesvol verwijderd
"HKU\S-1-5-21-1228691392-3513963491-2876946990-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Opera Browser Assistant" => niet gevonden
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADD1FC44-7EBA-4E97-8D24-8D2F26F42D39}" => is succesvol verwijderd
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82F7FD2D-F410-4BA5-A4F8-4F0244C26BDA}" => is succesvol verwijderd
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D72F827-96DC-4620-A3EB-FE2169FC22AE}" => is succesvol verwijderd
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BD9D6EC-320C-4F9C-AF57-70FF7DCA3AD1}" => is succesvol verwijderd
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D80CEE0F-E115-4136-8F2C-475C34F452BC}" => is succesvol verwijderd
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C745D11-94FE-4A64-A301-16750D96F433}" => is succesvol verwijderd
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F7085BE-3668-49D5-90BB-8BBAA7BAC14A}" => is succesvol verwijderd
Kon niet verplaatsen "C:\Windows\System32\Drivers\etc\hosts" => Gepland om te verplaatsen bij herstart.

=========== EmptyTemp: ==========