Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 02-07-2017
Gestart door gregs (03-07-2017 18:38:17) Run:1
Gestart vanaf C:\Users\gregs\Desktop\frst
Geladen Profielen: gregs (Beschikbare Profielen: gregs & Administrator)
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
CloseProcesses:
CMD: Type C:\autoexec.bat
C:\Windows\Temp\g7E69.tmp.exe
ShellExecuteHooks: Geen Naam - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\Windows\C_02iu47.dat [2001920 2017-07-02] (Micrasaft Carparation)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=H72zltpbl1BU,cf9d06eb-20aa-442d-9eda-925e057a7f54,&vp=ch&prd=set_ie
SearchScopes: HKU\S-1-5-21-2296426734-4234570832-937735285-1004 -> {F60FC7B7-D36E-49B1-8ADC-9DCDDE4903DD} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H72zltpbl1BU,cf9d06eb-20aa-442d-9eda-925e057a7f54,
FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} [2017-07-02] [ niet getekend]
FF Extension: (TSearch) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{D29DBC80-E8B5-4116-AB62-ECD8ED032A33} [2017-07-02] [ niet getekend]
FF Plugin-x32: @qq.com/QQlive -> C:\Program Files (x86)\Tencent\QQLive\10.0.126.0\npQQLive.dll [Geen bestand]
CHR HKU\S-1-5-21-2296426734-4234570832-937735285-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
S2 mediatek_86; "C:\WINDOWS\TEMP\WS\mediatek_86.exe" [X]
S2 QQLiveService; C:\Program Files (x86)\Tencent\QQLive\10.0.126.0\LiveService.dll [X]
S4 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe /service [X] <==== AANDACHT
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2017-07-02] () <==== AANDACHT
2017-07-02 10:46 - 2017-07-02 10:46 - 00000000 _____ C:\autoexec.bat
2017-07-02 10:21 - 2017-07-02 10:21 - 00000000 ____D C:\Users\gregs\AppData\Local\AdvinstAnalytics
2017-07-02 10:19 - 2017-07-02 10:25 - 00000000 ___HD C:\448604c9611dfd3021725bdc366ab85e
2017-07-02 10:18 - 2017-07-02 10:19 - 00000000 ____D C:\Users\gregs\AppData\Roaming\xonnwbvroqx
2017-07-02 10:18 - 2017-07-02 10:19 - 00000000 ____D C:\Users\gregs\AppData\Roaming\mqgpc3bpb0y
2017-07-02 10:18 - 2017-07-02 10:18 - 00000262 __RSH C:\Users\gregs\ntuser.pol
2017-07-02 10:17 - 2017-07-02 10:19 - 00000000 ____D C:\Users\gregs\AppData\Local\TubeTime
2017-07-02 10:17 - 2017-07-02 10:17 - 00930816 _____ C:\Users\gregs\AppData\Local\test_db_cara.db
2017-07-02 10:17 - 2017-07-02 10:17 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-07-02 10:17 - 2017-07-02 10:17 - 00004422 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_343039393733373830342d3737555a416c503257344a41
2017-07-02 10:17 - 2017-07-02 10:17 - 00002505 _____ C:\Users\gregs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯视频.lnk
2017-07-02 10:17 - 2017-07-02 10:17 - 00000000 ____H C:\WINDOWS\system32\BIT642A.tmp
2017-07-02 10:17 - 2017-07-02 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2017-07-02 10:17 - 2017-07-02 10:17 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2017-07-02 10:16 - 2017-07-02 14:13 - 00000000 ____D C:\ProgramData\WindowsVideoErrorReporting
2017-07-02 10:16 - 2017-07-02 10:18 - 01705984 _____ C:\Users\gregs\AppData\Local\po.db
2017-07-02 10:16 - 2017-07-02 10:18 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-07-02 10:16 - 2017-07-02 10:18 - 00000000 ____D C:\Users\gregs\AppData\Roaming\uq5nareb00d
2017-07-02 10:16 - 2017-07-02 10:18 - 00000000 ____D C:\Users\gregs\AppData\Roaming\uhdvzeo4ic1
2017-07-02 10:16 - 2017-07-02 10:18 - 00000000 ____D C:\Users\gregs\AppData\Roaming\gzbmihdhkoo
2017-07-02 10:16 - 2017-07-02 10:16 - 00140800 _____ C:\Users\gregs\AppData\Local\installer.dat
2017-07-02 10:16 - 2017-07-02 10:16 - 00011568 _____ C:\Users\gregs\AppData\Local\InstallationConfiguration.xml
2017-07-02 10:16 - 2017-07-02 10:16 - 00000000 ____D C:\Users\gregs\AppData\Roaming\UCChannel
2017-07-02 10:16 - 2017-07-02 10:16 - 00000000 ____D C:\Users\gregs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeTime
2017-07-02 10:16 - 2017-07-02 01:40 - 02001920 ___SH (Micrasaft Carparation) C:\WINDOWS\C_02iu47.dat
2017-07-02 10:16 - 2017-06-08 03:59 - 00158920 _____ (Tencent) C:\WINDOWS\SysWOW64\MMInstaller.dll
2017-07-02 10:16 - 2017-01-12 21:49 - 02235392 _____ C:\WINDOWS\SysWOW64\cuda_tromp_75.dll
2017-07-02 10:16 - 2017-01-12 21:49 - 00045056 _____ C:\WINDOWS\SysWOW64\cpu_tromp_SSE2.dll
2017-07-02 10:16 - 2017-01-12 21:48 - 02235392 _____ C:\WINDOWS\SysWOW64\cuda_tromp.dll
2017-07-02 10:16 - 2017-01-12 21:48 - 00044032 _____ C:\WINDOWS\SysWOW64\cpu_tromp_AVX.dll
2017-07-02 10:16 - 2017-01-12 19:18 - 00986112 _____ C:\WINDOWS\SysWOW64\cuda_djezo.dll
2017-07-02 10:15 - 2017-07-02 10:18 - 00000000 ____D C:\Users\gregs\AppData\Roaming\eif1unkdth3
2017-07-02 10:15 - 2017-07-02 10:15 - 01761781 _____ C:\HEADERS
2017-07-02 10:15 - 2017-07-02 10:15 - 00000019 _____ C:\END
Task: {085C1A37-8806-4046-8A3C-DB7D31F45019} - \2C6A44CB-AD42-4731-A544-3FBD3D83AB5B -> Geen bestand <==== AANDACHT
Task: {0D5559E0-BDED-4FAE-BC7D-A9B303DF86F3} - \B3A986DC-C2DD-40A0-8C0C-FEF66B7835112 -> Geen bestand <==== AANDACHT
Task: {1E13CFE7-FA54-4B83-BE38-88D522DF2316} - \ShareakGuePass -> Geen bestand <==== AANDACHT
Task: {3D3CD6AA-AA3F-4BFF-AF1A-9EA99DB9C615} - \B3A986DC-C2DD-40A0-8C0C-FEF66B783511 -> Geen bestand <==== AANDACHT
Task: {71A091FB-5A4C-43AA-B757-7D5E5F8FBEE4} - \ExamWeb -> Geen bestand <==== AANDACHT
Task: {8EFFE1AD-486B-45BF-A71D-B6ED3B79F0E7} - \Microsoft\Windows\Windows Error Reporting\ErrorReporting -> Geen bestand <==== AANDACHT
Task: {C42D0395-5335-4CE6-A986-492CA95A0838} - \SMW_P -> Geen bestand <==== AANDACHT
Task: {EB16214C-E27C-4EFF-8E6E-55DD9017CC2C} - System32\Tasks\autoshutdown => C:\Windows\System32\shutdown.exe [2016-07-16] (Microsoft Corporation)
ShortcutWithArgument: C:\Users\gregs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h72zltpbl1bu,cf9d06eb-20aa-442d-9eda-925e057a7f54,
ShortcutWithArgument: C:\Users\gregs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epf&s=h72zltpbl1bu,cf9d06eb-20aa-442d-9eda-925e057a7f54,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epf&s=h72zltpbl1bu,cf9d06eb-20aa-442d-9eda-925e057a7f54,
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epf&s=h72zltpbl1bu,cf9d06eb-20aa-442d-9eda-925e057a7f54,
AlternateDataStreams: C:\ProgramData:1E8F1D8A0657EF90 [217]
AlternateDataStreams: C:\Users\All Users:1E8F1D8A0657EF90 [217]
AlternateDataStreams: C:\ProgramData\Application Data:1E8F1D8A0657EF90 [217]
AlternateDataStreams: C:\Users\Public\Desktop\Metal Gear Solid V: The Phantom Pain.lnk [3712]
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\...\StartupApproved\Run: => "VRPJFHJTXE.exe"
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\...\StartupApproved\Run: => "B8XIT565LQ489MP"
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\...\StartupApproved\Run: => "2OD9VU4EJ9L73HA"
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\...\StartupApproved\Run: => "qqlive"
FirewallRules: [{871083AC-4741-4A81-897E-F206BF62DFEA}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{293AC0CB-BE6C-4C3B-896E-EF577A41F7F8}] => (Allow) C:\Program Files (x86)\Tencent\QQLive\10.0.126.0\QQLive.exe
FirewallRules: [{4D76137C-DE73-4A87-B421-825C76AD0A55}] => (Allow) C:\Program Files (x86)\Tencent\QQLive\10.0.126.0\QQLive.exe
FirewallRules: [{7206BA72-9ABD-4077-AF31-D4F75A3408CB}] => (Allow) C:\Program Files (x86)\Tencent\QQLive\10.0.126.0\QQLiveUp.exe
FirewallRules: [{DB965EB2-1CAA-4856-AE7E-1F795B36ABED}] => (Allow) C:\Program Files (x86)\Tencent\QQLive\10.0.126.0\QQLiveUp.exe
FirewallRules: [{79CA21CA-95F6-4195-BABA-379933F80301}] => (Allow) C:\Program Files (x86)\Tencent\QQLive\10.0.126.0\Statistics.exe
FirewallRules: [{D3AC0BF9-1BEA-4E40-8300-AF008EC556D9}] => (Allow) C:\Program Files (x86)\Tencent\QQLive\10.0.126.0\Statistics.exe
FirewallRules: [{605175A3-B002-4F51-B2CE-B80567DB0320}] => (Allow) C:\Program Files (x86)\Tencent\QQLive\10.0.126.0\QQLiveService.exe
FirewallRules: [{CB0E7360-E9C5-47F4-85A9-6C4C69056B99}] => (Allow) C:\Program Files (x86)\Tencent\QQLive\10.0.126.0\QQLiveService.exe
FirewallRules: [{93B81FC2-E642-4316-B8CF-75A944E5AF03}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{DC947E1B-C858-4057-AB13-918FB709F6DD}] => (Allow) C:\Windows\System32\rundll32.exe
Unlock: C:\Windows\C_02iu47.dat
C:\Windows\C_02iu47.dat
Unlock: C:\Program Files\Common Files\Noobzo
C:\Program Files\Common Files\Noobzo
Unlock: C:\Windows\C_02iu47.dat
C:\Windows\C_02iu47.dat
C:\Program Files (x86)\Tencent
C:\Windows\System32\GroupPolicy
C:\Windows\System32\GroupPolicyUsers
C:\Windows\SysWOW64\GroupPolicy
C:\Windows\SysWOW64\GroupPolicyUsers
CMD: gpupdate /force
EmptyTemp:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"




*****************

Proces succesvol afgesloten.

========= Type C:\autoexec.bat =========


========= Eind van CMD: =========

C:\Windows\Temp\g7E69.tmp.exe => is succesvol verplaatst
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => waarde is succesvol verwijderd
HKLM\Software\Classes\CLSID\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => sleutel is succesvol verwijderd
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => waarde met succes hersteld
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => waarde met succes hersteld
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => waarde met succes hersteld
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => waarde met succes hersteld
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => waarde met succes hersteld
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F60FC7B7-D36E-49B1-8ADC-9DCDDE4903DD} => sleutel is succesvol verwijderd
HKLM\Software\Classes\CLSID\{F60FC7B7-D36E-49B1-8ADC-9DCDDE4903DD} => sleutel niet gevonden. 
C:\Program Files (x86)\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} => is succesvol verplaatst
C:\Program Files (x86)\Mozilla Firefox\browser\features\{D29DBC80-E8B5-4116-AB62-ECD8ED032A33} => is succesvol verplaatst
HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQlive => sleutel is succesvol verwijderd
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\SOFTWARE\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gannpgaobkkhmpomoijebaigcapoeebl => sleutel is succesvol verwijderd
HKLM\System\CurrentControlSet\Services\mediatek_86 => sleutel is succesvol verwijderd
mediatek_86 => dienst is succesvol verwijderd
HKLM\System\CurrentControlSet\Services\QQLiveService => sleutel is succesvol verwijderd
QQLiveService => dienst is succesvol verwijderd
HKLM\System\CurrentControlSet\Services\SMUpd => sleutel is succesvol verwijderd
SMUpd => dienst is succesvol verwijderd
HKLM\System\CurrentControlSet\Services\SMUpdd => sleutel is succesvol verwijderd
SMUpdd => dienst is succesvol verwijderd
C:\autoexec.bat => is succesvol verplaatst
C:\Users\gregs\AppData\Local\AdvinstAnalytics => is succesvol verplaatst
C:\448604c9611dfd3021725bdc366ab85e => is succesvol verplaatst
C:\Users\gregs\AppData\Roaming\xonnwbvroqx => is succesvol verplaatst
C:\Users\gregs\AppData\Roaming\mqgpc3bpb0y => is succesvol verplaatst
C:\Users\gregs\ntuser.pol => is succesvol verplaatst
C:\Users\gregs\AppData\Local\TubeTime => is succesvol verplaatst
C:\Users\gregs\AppData\Local\test_db_cara.db => is succesvol verplaatst
C:\WINDOWS\rsrcs.dll => is succesvol verplaatst
C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_343039393733373830342d3737555a416c503257344a41 => is succesvol verplaatst
C:\Users\gregs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯视频.lnk => is succesvol verplaatst
"C:\WINDOWS\system32\BIT642A.tmp" => niet gevonden.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件" => niet gevonden.
"C:\Program Files\Common Files\Noobzo" => niet gevonden.
C:\ProgramData\WindowsVideoErrorReporting => is succesvol verplaatst
C:\Users\gregs\AppData\Local\po.db => is succesvol verplaatst
C:\ProgramData\_lg.3sap => is succesvol verplaatst
C:\Users\gregs\AppData\Roaming\uq5nareb00d => is succesvol verplaatst
C:\Users\gregs\AppData\Roaming\uhdvzeo4ic1 => is succesvol verplaatst
C:\Users\gregs\AppData\Roaming\gzbmihdhkoo => is succesvol verplaatst
C:\Users\gregs\AppData\Local\installer.dat => is succesvol verplaatst
C:\Users\gregs\AppData\Local\InstallationConfiguration.xml => is succesvol verplaatst
C:\Users\gregs\AppData\Roaming\UCChannel => is succesvol verplaatst
C:\Users\gregs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeTime => is succesvol verplaatst
C:\WINDOWS\C_02iu47.dat => is succesvol verplaatst
C:\WINDOWS\SysWOW64\MMInstaller.dll => is succesvol verplaatst
C:\WINDOWS\SysWOW64\cuda_tromp_75.dll => is succesvol verplaatst
C:\WINDOWS\SysWOW64\cpu_tromp_SSE2.dll => is succesvol verplaatst
C:\WINDOWS\SysWOW64\cuda_tromp.dll => is succesvol verplaatst
C:\WINDOWS\SysWOW64\cpu_tromp_AVX.dll => is succesvol verplaatst
C:\WINDOWS\SysWOW64\cuda_djezo.dll => is succesvol verplaatst
C:\Users\gregs\AppData\Roaming\eif1unkdth3 => is succesvol verplaatst
"C:\HEADERS" => niet gevonden.
C:\END => is succesvol verplaatst
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{085C1A37-8806-4046-8A3C-DB7D31F45019} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{085C1A37-8806-4046-8A3C-DB7D31F45019} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D5559E0-BDED-4FAE-BC7D-A9B303DF86F3} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D5559E0-BDED-4FAE-BC7D-A9B303DF86F3} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\B3A986DC-C2DD-40A0-8C0C-FEF66B7835112 => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1E13CFE7-FA54-4B83-BE38-88D522DF2316} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E13CFE7-FA54-4B83-BE38-88D522DF2316} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShareakGuePass => sleutel niet gevonden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D3CD6AA-AA3F-4BFF-AF1A-9EA99DB9C615} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D3CD6AA-AA3F-4BFF-AF1A-9EA99DB9C615} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{71A091FB-5A4C-43AA-B757-7D5E5F8FBEE4} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71A091FB-5A4C-43AA-B757-7D5E5F8FBEE4} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ExamWeb => sleutel niet gevonden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8EFFE1AD-486B-45BF-A71D-B6ED3B79F0E7} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EFFE1AD-486B-45BF-A71D-B6ED3B79F0E7} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\ErrorReporting => sleutel niet gevonden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C42D0395-5335-4CE6-A986-492CA95A0838} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C42D0395-5335-4CE6-A986-492CA95A0838} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB16214C-E27C-4EFF-8E6E-55DD9017CC2C} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB16214C-E27C-4EFF-8E6E-55DD9017CC2C} => sleutel is succesvol verwijderd
C:\WINDOWS\System32\Tasks\autoshutdown => is succesvol verplaatst
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\autoshutdown => sleutel is succesvol verwijderd
C:\Users\gregs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => snelkoppeling argument is succesvol verwijderd.
C:\Users\gregs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => snelkoppeling argument is succesvol verwijderd.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => snelkoppeling argument is succesvol verwijderd.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => snelkoppeling argument is succesvol verwijderd.
C:\ProgramData => ":1E8F1D8A0657EF90" ADS is succesvol verwijderd.
"C:\Users\All Users" => ":1E8F1D8A0657EF90" ADS niet gevonden.
"C:\ProgramData\Application Data" => ":1E8F1D8A0657EF90" ADS niet gevonden.
"C:\Users\Public\Desktop\Metal Gear Solid V" => ": The Phantom Pain.lnk" ADS niet gevonden.
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\VRPJFHJTXE.exe => waarde is succesvol verwijderd
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VRPJFHJTXE.exe => waarde niet gevonden.
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\B8XIT565LQ489MP => waarde is succesvol verwijderd
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\B8XIT565LQ489MP => waarde niet gevonden.
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\2OD9VU4EJ9L73HA => waarde is succesvol verwijderd
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\2OD9VU4EJ9L73HA => waarde niet gevonden.
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\qqlive => waarde is succesvol verwijderd
HKU\S-1-5-21-2296426734-4234570832-937735285-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\qqlive => waarde niet gevonden.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{871083AC-4741-4A81-897E-F206BF62DFEA} => waarde is succesvol verwijderd
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{293AC0CB-BE6C-4C3B-896E-EF577A41F7F8} => waarde is succesvol verwijderd
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D76137C-DE73-4A87-B421-825C76AD0A55} => waarde is succesvol verwijderd
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7206BA72-9ABD-4077-AF31-D4F75A3408CB} => waarde is succesvol verwijderd
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB965EB2-1CAA-4856-AE7E-1F795B36ABED} => waarde is succesvol verwijderd
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79CA21CA-95F6-4195-BABA-379933F80301} => waarde is succesvol verwijderd
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3AC0BF9-1BEA-4E40-8300-AF008EC556D9} => waarde is succesvol verwijderd
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{605175A3-B002-4F51-B2CE-B80567DB0320} => waarde is succesvol verwijderd
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB0E7360-E9C5-47F4-85A9-6C4C69056B99} => waarde is succesvol verwijderd
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93B81FC2-E642-4316-B8CF-75A944E5AF03} => waarde is succesvol verwijderd
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC947E1B-C858-4057-AB13-918FB709F6DD} => waarde is succesvol verwijderd
"C:\Windows\C_02iu47.dat" => niet gevonden.
"C:\Windows\C_02iu47.dat" => niet gevonden.
"C:\Program Files\Common Files\Noobzo" => niet gevonden.
"C:\Program Files\Common Files\Noobzo" => niet gevonden.
"C:\Windows\C_02iu47.dat" => niet gevonden.
"C:\Windows\C_02iu47.dat" => niet gevonden.
"C:\Program Files (x86)\Tencent" => niet gevonden.
C:\Windows\System32\GroupPolicy => is succesvol verplaatst
C:\Windows\System32\GroupPolicyUsers => is succesvol verplaatst
"C:\Windows\SysWOW64\GroupPolicy" => niet gevonden.
C:\Windows\SysWOW64\GroupPolicyUsers => is succesvol verplaatst

========= gpupdate /force =========

Updating policy...

Computer Policy update has completed successfully.
User Policy update has completed successfully.


========= Eind van CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic. Toegang geweigerd.
Failed to clear log Microsoft-Windows-LiveId/Operational. Toegang geweigerd.

========= Eind van CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62913610 B
Java, Flash, Steam htmlcache => 359481160 B
Windows/system/drivers => 10793989 B
Edge => 1716399 B
Chrome => 0 B
Firefox => 161771677 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 75017 B
systemprofile32 => 128 B
LocalService => 8218 B
NetworkService => 562546 B
Nano S Greg => 0 B
gregs => 1110788264 B
Administrator => 26717943 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB tijdelijke gegevens verwijderd.

================================


Het systeem moest herstart worden.

==== Eind van Fixlog 18:41:21 ====