Fix resultaat van Farbar Recovery Scan Tool (x86) Versie: 14.03.2018
Gestart door Bert (02-04-2018 13:10:16) Run:1
Gestart vanaf C:\Users\Bert\Desktop\FRST
Geladen Profielen: Bert (Beschikbare Profielen: Bert)
Boot Modus: Normal

==============================================

fixlist Inhoud:
*****************
start
CreateRestorePoint:
ContextMenuHandlers1: [CuteFTP 9] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
ContextMenuHandlers1: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
ContextMenuHandlers2: [CuteFTP 9] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
ContextMenuHandlers2: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
ContextMenuHandlers4: [CuteFTP 9] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
ContextMenuHandlers4: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files\Globalscape\CuteFTP\CuteShell.dll -> Geen bestand
Task: {23F0C2EF-6B47-4979-926E-6E1F83AAF090} - System32\Tasks\{F50CEDF6-7AE2-46DA-803A-7D6CC7B89C39} => C:\Users\Bert\AppData\Roaming\eiaoOe.exe [1617-11-26] (Microsoft Corporation) <==== AANDACHT
Task: {388B647F-DCE1-4F18-B242-31A553D7EAD0} - System32\Tasks\{0C2C98D0-B75C-4D70-B677-ADEAE6E3A934} => C:\Users\Bert\vEVgXIoUKWO.exe [1617-11-26] (Microsoft Corporation)
C:\Users\Bert\AppData\Roaming\eiaoOe.exe
C:\Users\Bert\vEVgXIoUKWO.exe
Task: {88C01A23-D407-4F50-ADCF-5C76D2096952} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => %windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries <==== AANDACHT
Task: {B74356F8-466F-4422-96D0-13D6F0CFE47E} - System32\Tasks\849df5cb61850c07d009495969b24e01 => sc start 849df5cb61850c07d009495969b24e01 <==== AANDACHT
Task: {CEB84593-5D20-40AE-8C68-9BD473173B5A} - \NCH Software\switchShakeIcon -> Geen bestand <==== AANDACHT
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
AlternateDataStreams: C:\ProgramData\Spotnet:spn.k [428]
AlternateDataStreams: C:\ProgramData\TEMP:5D10C173 [123]
AlternateDataStreams: C:\Users\Bert\AppData\Local\Temporary Internet Files:A1HvpYaYiPTGVOnPxcPx1 [2552]
AlternateDataStreams: C:\Users\Bert\AppData\Local\V5vTWf0ryF:gv7wURmO6pxlkhWKI9TPmleV [2082]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-1928288486-2430286864-780397381-1000\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM -> DefaultScope waarde ontbreekt
SearchScopes: HKLM -> {082A952F-67F3-4A29-B165-243002A26831} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
SearchScopes: HKLM -> {119846F4-1520-4B81-9C39-4515FF79ECF0} URL = 
SearchScopes: HKU\S-1-5-21-1928288486-2430286864-780397381-1000 -> DefaultScope {082A952F-67F3-4A29-B165-243002A26831} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
SearchScopes: HKU\S-1-5-21-1928288486-2430286864-780397381-1000 -> {082A952F-67F3-4A29-B165-243002A26831} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl
SearchScopes: HKU\S-1-5-21-1928288486-2430286864-780397381-1000 -> {119846F4-1520-4B81-9C39-4515FF79ECF0} URL = 
SearchScopes: HKU\S-1-5-21-1928288486-2430286864-780397381-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8FF26136-E20E-412A-BDCB-701B3AD93AF2}&mid=05c8150385fa47cc95c2d157cabf5950-d5569ddb55e380a869eaeabac38ffc1f339da88b&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0117avt&pr=fr&d=2017-01-21 16:38:02&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Geen Naam -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Geen bestand
Toolbar: HKLM - Geen Naam - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Geen bestand
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  Geen bestand
Handler: WSWSVCUchrome - Geen CLSID Waarde - 
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [Geen bestand]
C:\Program Files\Common Files\AVG Secure Search
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
2018-04-01 11:23 - 2016-01-15 02:18 - 000000268 _____ C:\Windows\Tasks\AutoKMS.job
EmptyTemp:
end
*****************

Herstelpunt is succesvol gemaakt.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\CuteFTP 9" => is succesvol verwijderd
"HKLM\Software\Classes\CLSID\{8f7261d0-d2b9-11d2-9909-00605205b24c}" => is succesvol verwijderd
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\CuteShellExt" => is succesvol verwijderd
"HKLM\Software\Classes\CLSID\{A09315EC-39D3-4ED3-B6A1-262DDC54A3C5}" => is succesvol verwijderd
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\CuteFTP 9" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{8f7261d0-d2b9-11d2-9909-00605205b24c} => niet gevonden
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\CuteShellExt" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => niet gevonden
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\CuteFTP 9" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{8f7261d0-d2b9-11d2-9909-00605205b24c} => niet gevonden
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\CuteShellExt" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => niet gevonden
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23F0C2EF-6B47-4979-926E-6E1F83AAF090}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23F0C2EF-6B47-4979-926E-6E1F83AAF090}" => is succesvol verwijderd
C:\Windows\System32\Tasks\{F50CEDF6-7AE2-46DA-803A-7D6CC7B89C39} => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F50CEDF6-7AE2-46DA-803A-7D6CC7B89C39}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{388B647F-DCE1-4F18-B242-31A553D7EAD0}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{388B647F-DCE1-4F18-B242-31A553D7EAD0}" => is succesvol verwijderd
C:\Windows\System32\Tasks\{0C2C98D0-B75C-4D70-B677-ADEAE6E3A934} => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C2C98D0-B75C-4D70-B677-ADEAE6E3A934}" => is succesvol verwijderd
C:\Users\Bert\AppData\Roaming\eiaoOe.exe => is succesvol verplaatst
C:\Users\Bert\vEVgXIoUKWO.exe => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{88C01A23-D407-4F50-ADCF-5C76D2096952}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88C01A23-D407-4F50-ADCF-5C76D2096952}" => is succesvol verwijderd
C:\Windows\System32\Tasks\AutoKMS => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => is succesvol verwijderd
C:\Windows\AutoKMS => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A728AE6B-5AB8-4223-AD3E-E6341441A01C}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A728AE6B-5AB8-4223-AD3E-E6341441A01C}" => is succesvol verwijderd
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA\System\ConvertLogEntries" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B74356F8-466F-4422-96D0-13D6F0CFE47E}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B74356F8-466F-4422-96D0-13D6F0CFE47E}" => is succesvol verwijderd
C:\Windows\System32\Tasks\849df5cb61850c07d009495969b24e01 => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\849df5cb61850c07d009495969b24e01" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEB84593-5D20-40AE-8C68-9BD473173B5A}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEB84593-5D20-40AE-8C68-9BD473173B5A}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software\switchShakeIcon" => is succesvol verwijderd
C:\Windows\Tasks\AutoKMS.job => is succesvol verplaatst
C:\ProgramData\Spotnet => ":spn.k" ADS is succesvol verwijderd
C:\ProgramData\TEMP => ":5D10C173" ADS is succesvol verwijderd
C:\Users\Bert\AppData\Local\Temporary Internet Files => ":A1HvpYaYiPTGVOnPxcPx1" ADS is succesvol verwijderd
C:\Users\Bert\AppData\Local\V5vTWf0ryF => ":gv7wURmO6pxlkhWKI9TPmleV" ADS is succesvol verwijderd
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup" => is succesvol verwijderd
"HKU\S-1-5-21-1928288486-2430286864-780397381-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => waarde met succes hersteld
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{082A952F-67F3-4A29-B165-243002A26831}" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{082A952F-67F3-4A29-B165-243002A26831} => niet gevonden
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{119846F4-1520-4B81-9C39-4515FF79ECF0}" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{119846F4-1520-4B81-9C39-4515FF79ECF0} => niet gevonden
"HKU\S-1-5-21-1928288486-2430286864-780397381-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => is succesvol verwijderd
"HKU\S-1-5-21-1928288486-2430286864-780397381-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{082A952F-67F3-4A29-B165-243002A26831}" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{082A952F-67F3-4A29-B165-243002A26831} => niet gevonden
"HKU\S-1-5-21-1928288486-2430286864-780397381-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{119846F4-1520-4B81-9C39-4515FF79ECF0}" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{119846F4-1520-4B81-9C39-4515FF79ECF0} => niet gevonden
"HKU\S-1-5-21-1928288486-2430286864-780397381-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => niet gevonden
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => niet gevonden
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => niet gevonden
"HKLM\Software\Classes\PROTOCOLS\Handler\WSIEChrome" => is succesvol verwijderd
"HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome" => is succesvol verwijderd
"HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => is succesvol verwijderd
C:\Program Files\Common Files\AVG Secure Search => is succesvol verplaatst
"HKLM\System\CurrentControlSet\Services\blbdrive" => is succesvol verwijderd
blbdrive => dienst is succesvol verwijderd
"HKLM\System\CurrentControlSet\Services\IpInIp" => is succesvol verwijderd
IpInIp => dienst is succesvol verwijderd
"HKLM\System\CurrentControlSet\Services\NwlnkFlt" => is succesvol verwijderd
NwlnkFlt => dienst is succesvol verwijderd
"HKLM\System\CurrentControlSet\Services\NwlnkFwd" => is succesvol verwijderd
NwlnkFwd => dienst is succesvol verwijderd
"HKLM\System\CurrentControlSet\Services\SymIM" => is succesvol verwijderd
SymIM => dienst is succesvol verwijderd
"HKLM\System\CurrentControlSet\Services\SymIMMP" => is succesvol verwijderd
SymIMMP => dienst is succesvol verwijderd
"HKLM\System\CurrentControlSet\Services\ZAM" => is succesvol verwijderd
ZAM => dienst is succesvol verwijderd
"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => is succesvol verwijderd
ZAM_Guard => dienst is succesvol verwijderd
"C:\Windows\Tasks\AutoKMS.job" => niet gevonden

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18202989 B
Java, Flash, Steam htmlcache => 1428 B
Windows/system/drivers => 101392368 B
Edge => 0 B
Chrome => 5408768 B
Firefox => 412258576 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33460 B
Public => 0 B
ProgramData => 0 B
systemprofile => 692 B
LocalService => 14775656 B
NetworkService => 8202 B
Bert => 201781222 B

RecycleBin => 10163148401 B
EmptyTemp: => 10.2 GB tijdelijke gegevens verwijderd.

================================


Het systeem moest herstart worden.

==== Eind van Fixlog 13:18:41 ====