Valentin77

Members

View Profile See their activity

Posts
6
Joined
February 12, 2019
Last visited
May 16, 2020

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

KMS-r@1nhook removal

Valentin77 replied to Valentin77's topic in Resolved Malware Removal Logs

Thank you, nasdaq! I am so happy my pc is clean once again! Have a great day!
- February 16, 2019
- 9 replies
KMS-r@1nhook removal

Valentin77 replied to Valentin77's topic in Resolved Malware Removal Logs
- February 15, 2019
- 9 replies
KMS-r@1nhook removal

Valentin77 replied to Valentin77's topic in Resolved Malware Removal Logs

Actually "Microsoft Software Protection Service" is still getting engaged with it but this time it is a lot less frequently and there is this "KMS Connection Broker" I would like to inform you ( if there it is of importance) that before I did what you instructed me to i followed these two video tutorials: Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019 Ran by Valentin (15-02-2019 20:12:24) Run:1 Running from E:\Programs\Farbar Loaded Profiles: Valentin (Available Profiles: Valentin) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: EmptyTemp: CloseProcesses: CHR NewTab: Default -> Active:"chrome-extension://ggonkegnkiclajiocblalpkfajkbkelp/newtab.html", Not-active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html" CHR Extension: (Speed Dial) - C:\Users\valyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggonkegnkiclajiocblalpkfajkbkelp [2017-09-12] CHR Extension: (Speed Dial 2 New tab) - C:\Users\valyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2018-03-27] CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{123C44B9-728B-404C-9275-A9AAFF4A2A70}\localserver32 -> "E:\Programs\Orcad\tools\bin\Capture.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{15B7EDEC-C27A-4830-869D-7AABCC104E51}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{160497BE-0194-4784-84A6-96FBD633F876}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{189387F1-D978-4524-BF3C-694E8E07EFFF}\InprocServer32 -> E:\Programs\Orcad\tools\bin\ortruereuse64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{1DFD9959-3EE6-45E0-9D43-824EBD4CD389}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{21976533-5648-4E42-B84F-C169898F1ECB}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{27508707-B27E-42D2-BE29-1AF8AEA93A0E}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPIC64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{2B1066C6-1A94-4E0B-BABF-D85DD868B7D5}\localserver32 -> E:\Programs\Orcad\tools\bin\stmed.exe => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{31BDEAF6-95DE-4175-9119-92D525A3B600}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiica64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{33365B87-BA80-4476-AC3F-C126F30656C3}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{348E9523-9774-41DF-A24B-EF4C0A8BCB3F}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orApConCtl64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{358849F0-B260-49CC-8BCE-8FD7FE2A23F8}\localserver32 -> "E:\Programs\Orcad\tools\bin\simmgr.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{3899FD4D-D0C0-11D1-BBA2-0000C0708DD0}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{3DAD4F8B-49BA-4D7C-B348-CBA6A03E22D9}\localserver32 -> "E:\Programs\Orcad\tools\bin\simmgr.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{53D45603-B24B-4F0B-8DD7-DA3C1125445F}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{5C192887-CF9F-4E9D-833D-4D5A6366CA4D}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{5EBE72AF-6082-481F-9C6B-9E5F994D8C23}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{60FD2BEA-A369-42DC-985C-BDBE8617C0D8}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{6353D943-5A1D-4495-B23F-49097930CBE8}\localserver32 -> E:\Programs\Orcad\tools\bin\stmed.exe => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{66985293-D546-11D1-B884-0000C080A60E}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{673C46C9-D4C6-414F-94B5-D2439DE33E36}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiica64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{684C263C-4A60-4FE0-9A89-D2FCDFA28D82}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{69F086C1-793F-4B2A-AE35-9668CA58929F}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{6B41BE7A-E146-480C-9D2B-519E1A0A6CE6}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpxllite64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{79AE55D2-F2B3-41A6-94D8-E936999AAEC8}\localserver32 -> "E:\Programs\Orcad\tools\bin\SimSrvr.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{80EC1B8D-6958-41C3-8F57-03962BBF01FC}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{83637867-7260-4F1E-B2F8-FB4D8E6F5546}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpxllite64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{918E2AD0-E4CE-4C8F-A1D3-DE73B3592C48}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{9BCA2D46-3639-466C-828D-662B9C254E93}\localserver32 -> "E:\Programs\Orcad\tools\bin\PspiceExplorerSrvr.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{9D272CB5-46DE-4E10-99A3-C8A6BD3A0748}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orlayoutreuse64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A3822123-1F17-435C-BE1B-13CC7D64A1F4}\localserver32 -> "E:\Programs\Orcad\tools\bin\Capture.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A50B40B5-3AD6-45E9-AE0F-8411180FF935}\localserver32 -> "E:\Programs\Orcad\tools\bin\mrksrvr.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A5BC9D30-4956-44FC-8837-66692742AD07}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPIC64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A8FC1C08-D635-4C63-AEAA-10C9BC2CE570}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orApConCtl64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{AFC0797D-1E57-4EA0-A0DD-A71297A4ACD8}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPIC64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{AFC4FCF3-0EEE-4448-AE23-0680A88A22AA}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{B246A908-770E-4B98-99EA-EC23648F2532}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{BBB19602-BF51-11D1-BB9B-0000C0708DD0}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{BC52C06A-D1F8-4039-8C44-F78A70B5EA3C}\localserver32 -> "E:\Programs\Orcad\tools\bin\Capture.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C04B6E75-FF75-4C5F-9560-89352E9BAA0B}\localserver32 -> "E:\Programs\Orcad\tools\bin\Capture.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C262C294-C3F0-48FD-A178-BA3396528151}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpicis64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C76160CB-15E7-4299-A018-5CE6E15A7D2A}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CADC842C-7C64-40B4-9F9A-7C82A0FC1DB7}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CBEF1209-5E8B-47A4-862A-E716EBCA78DA}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CD2425E4-8141-11D0-8CE4-444553540000}\InprocServer32 -> E:\Programs\Orcad\tools\bin\Capture.exe => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D23CAAEF-6DA2-4797-83D8-021970040DDE}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D70EB2BC-F3DC-4362-89A1-8C1C2BE75459}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D7C7376A-B776-4266-8108-86A983B62A57}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspiceaa.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{DB2D5854-0B7A-468D-8E7F-1F328DD4D4A9}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpicis64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{DF76FC8B-0E2E-4B81-8417-E46B4B084927}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpxllite64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> E:\Programs\Autocad\AutoCAD 2018\en-US\acadficn.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E5D385DC-2563-45E3-BF55-CB94821EAA0B}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiica64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E6C99519-1BEA-4F29-B199-F85A462DFF82}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpicis64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EA0541F9-E147-4F3A-B637-D787673F1699}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpicis64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EB0DEA2E-EF40-44CD-A2B0-2B66C03C3762}\localserver32 -> "E:\Programs\Orcad\tools\bin\Capture.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EB78627A-B70D-41F3-B44E-C1415BF04121}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspiceaa.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EC0D4058-AAED-4535-8BE6-564062563D5F}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpicis64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F152E572-47A0-46F9-BE18-E2E83FAE95A2}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspiceaa.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F2930AA9-1354-4497-A6F5-45C8D3FA73D6}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPIC64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F38847C9-55DC-4B52-AB3B-B919CE49C7DF}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orgenlibcom64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F614E8A5-E663-4F4D-8ACE-A909A5EA6AED}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orlayoutreuse64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F8518828-EC72-4B05-A8C9-040CB8390727}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpxllite64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F9CE1B02-BDC1-11D1-BB99-0000C0708DD0}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F9FACC57-5B03-4063-AC9F-DEC6FAB02DDC}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FD4187F1-FE95-435F-8174-3FC392E5BEC5}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FD829158-7ADE-44B4-91F9-28CF7FD51E4C}\InprocServer32 -> E:\Programs\Orcad\tools\bin\ortruereuse64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FEB15EE1-0DD2-4B20-BB58-698FAB59913C}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPIC64.dll => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File Task: {064743F1-68CD-421E-8738-A84C4D731730} - System32\Tasks\R@1n-KMS\Office16ProjectPro => wmic path SoftwareLicensingProduct where (ID="4f414197-0fc2-4c01-b68a-86cbb9ac254c") call Activate Task: {86C5222D-53A1-4825-9967-C9B2485D2065} - System32\Tasks\R@1n-KMS\Office16VisioPro => wmic path SoftwareLicensingProduct where (ID="6bf301c1-b94a-43e9-ba31-d494598c47fb") call Activate Task: {B0A57812-8967-4E1B-9504-7DD035E631D8} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate Task: {F6FD4CC3-37B8-4776-89CF-DE85C3F00CC9} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate AlternateDataStreams: C:\Users\Public\AppData:CSM [468] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468] MSCONFIG\Services: KMS-R@1n => 2 C:\Windows\KMS-R@1nHook.exe C:\WINDOWS\System32\Tasks\R@1n-KMS Reboot: ***************** Restore point was successfully created. Processes closed successfully. "Chrome NewTab" => removed successfully CHR Extension: (Speed Dial) - C:\Users\valyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggonkegnkiclajiocblalpkfajkbkelp [2017-09-12] => Error: No automatic fix found for this entry. CHR Extension: (Speed Dial 2 New tab) - C:\Users\valyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2018-03-27] => Error: No automatic fix found for this entry. HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{123C44B9-728B-404C-9275-A9AAFF4A2A70} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{15B7EDEC-C27A-4830-869D-7AABCC104E51} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{160497BE-0194-4784-84A6-96FBD633F876} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{189387F1-D978-4524-BF3C-694E8E07EFFF} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{1DFD9959-3EE6-45E0-9D43-824EBD4CD389} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{21976533-5648-4E42-B84F-C169898F1ECB} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{27508707-B27E-42D2-BE29-1AF8AEA93A0E} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{2B1066C6-1A94-4E0B-BABF-D85DD868B7D5} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{31BDEAF6-95DE-4175-9119-92D525A3B600} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{33365B87-BA80-4476-AC3F-C126F30656C3} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{348E9523-9774-41DF-A24B-EF4C0A8BCB3F} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{358849F0-B260-49CC-8BCE-8FD7FE2A23F8} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{3899FD4D-D0C0-11D1-BBA2-0000C0708DD0} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{3DAD4F8B-49BA-4D7C-B348-CBA6A03E22D9} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{53D45603-B24B-4F0B-8DD7-DA3C1125445F} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{5C192887-CF9F-4E9D-833D-4D5A6366CA4D} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{5EBE72AF-6082-481F-9C6B-9E5F994D8C23} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{60FD2BEA-A369-42DC-985C-BDBE8617C0D8} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{6353D943-5A1D-4495-B23F-49097930CBE8} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{66985293-D546-11D1-B884-0000C080A60E} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{673C46C9-D4C6-414F-94B5-D2439DE33E36} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{684C263C-4A60-4FE0-9A89-D2FCDFA28D82} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{69F086C1-793F-4B2A-AE35-9668CA58929F} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{6B41BE7A-E146-480C-9D2B-519E1A0A6CE6} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{79AE55D2-F2B3-41A6-94D8-E936999AAEC8} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{80EC1B8D-6958-41C3-8F57-03962BBF01FC} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{83637867-7260-4F1E-B2F8-FB4D8E6F5546} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{918E2AD0-E4CE-4C8F-A1D3-DE73B3592C48} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{9BCA2D46-3639-466C-828D-662B9C254E93} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{9D272CB5-46DE-4E10-99A3-C8A6BD3A0748} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A3822123-1F17-435C-BE1B-13CC7D64A1F4} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A50B40B5-3AD6-45E9-AE0F-8411180FF935} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A5BC9D30-4956-44FC-8837-66692742AD07} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A8FC1C08-D635-4C63-AEAA-10C9BC2CE570} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{AFC0797D-1E57-4EA0-A0DD-A71297A4ACD8} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{AFC4FCF3-0EEE-4448-AE23-0680A88A22AA} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{B246A908-770E-4B98-99EA-EC23648F2532} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{BBB19602-BF51-11D1-BB9B-0000C0708DD0} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{BC52C06A-D1F8-4039-8C44-F78A70B5EA3C} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C04B6E75-FF75-4C5F-9560-89352E9BAA0B} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C262C294-C3F0-48FD-A178-BA3396528151} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C76160CB-15E7-4299-A018-5CE6E15A7D2A} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CADC842C-7C64-40B4-9F9A-7C82A0FC1DB7} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CBEF1209-5E8B-47A4-862A-E716EBCA78DA} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CD2425E4-8141-11D0-8CE4-444553540000} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D23CAAEF-6DA2-4797-83D8-021970040DDE} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D70EB2BC-F3DC-4362-89A1-8C1C2BE75459} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D7C7376A-B776-4266-8108-86A983B62A57} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{DB2D5854-0B7A-468D-8E7F-1F328DD4D4A9} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{DF76FC8B-0E2E-4B81-8417-E46B4B084927} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E5D385DC-2563-45E3-BF55-CB94821EAA0B} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E6C99519-1BEA-4F29-B199-F85A462DFF82} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EA0541F9-E147-4F3A-B637-D787673F1699} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EB0DEA2E-EF40-44CD-A2B0-2B66C03C3762} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EB78627A-B70D-41F3-B44E-C1415BF04121} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EC0D4058-AAED-4535-8BE6-564062563D5F} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F152E572-47A0-46F9-BE18-E2E83FAE95A2} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F2930AA9-1354-4497-A6F5-45C8D3FA73D6} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F38847C9-55DC-4B52-AB3B-B919CE49C7DF} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F614E8A5-E663-4F4D-8ACE-A909A5EA6AED} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F8518828-EC72-4B05-A8C9-040CB8390727} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F9CE1B02-BDC1-11D1-BB99-0000C0708DD0} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F9FACC57-5B03-4063-AC9F-DEC6FAB02DDC} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FD4187F1-FE95-435F-8174-3FC392E5BEC5} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FD829158-7ADE-44B4-91F9-28CF7FD51E4C} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FEB15EE1-0DD2-4B20-BB58-698FAB59913C} => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully "HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{064743F1-68CD-421E-8738-A84C4D731730}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{064743F1-68CD-421E-8738-A84C4D731730}" => removed successfully C:\WINDOWS\System32\Tasks\R@1n-KMS\Office16ProjectPro => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office16ProjectPro" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86C5222D-53A1-4825-9967-C9B2485D2065}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86C5222D-53A1-4825-9967-C9B2485D2065}" => removed successfully C:\WINDOWS\System32\Tasks\R@1n-KMS\Office16VisioPro => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office16VisioPro" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0A57812-8967-4E1B-9504-7DD035E631D8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0A57812-8967-4E1B-9504-7DD035E631D8}" => removed successfully C:\WINDOWS\System32\Tasks\R@1n-KMS\Office16ProPlus => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office16ProPlus" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6FD4CC3-37B8-4776-89CF-DE85C3F00CC9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6FD4CC3-37B8-4776-89CF-DE85C3F00CC9}" => removed successfully C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional" => removed successfully C:\Users\Public\AppData => ":CSM" ADS removed successfully C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\KMS-R@1n => removed successfully HKLM\System\CurrentControlSet\Services\KMS-R@1n => not found C:\Windows\KMS-R@1nHook.exe => moved successfully C:\WINDOWS\System32\Tasks\R@1n-KMS => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27583716 B Java, Flash, Steam htmlcache => 408548384 B Windows/system/drivers => 10678927 B Edge => 1148069 B Chrome => 422769716 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 4590 B LocalService => 0 B NetworkService => 982 B NetworkService => 0 B valyo => 39009168 B RecycleBin => 0 B EmptyTemp: => 877.9 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 20:14:01 ====
- February 15, 2019
- 9 replies
KMS-r@1nhook removal

Valentin77 replied to Valentin77's topic in Resolved Malware Removal Logs

Thank you so much!!! It seems the problem is gone ! Here is the fixlog.txt: Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019 Ran by Valentin (15-02-2019 20:12:24) Run:1 Running from E:\Programs\Farbar Loaded Profiles: Valentin (Available Profiles: Valentin) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: EmptyTemp: CloseProcesses: CHR NewTab: Default -> Active:"chrome-extension://ggonkegnkiclajiocblalpkfajkbkelp/newtab.html", Not-active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html" CHR Extension: (Speed Dial) - C:\Users\valyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggonkegnkiclajiocblalpkfajkbkelp [2017-09-12] CHR Extension: (Speed Dial 2 New tab) - C:\Users\valyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2018-03-27] CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{123C44B9-728B-404C-9275-A9AAFF4A2A70}\localserver32 -> "E:\Programs\Orcad\tools\bin\Capture.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{15B7EDEC-C27A-4830-869D-7AABCC104E51}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{160497BE-0194-4784-84A6-96FBD633F876}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{189387F1-D978-4524-BF3C-694E8E07EFFF}\InprocServer32 -> E:\Programs\Orcad\tools\bin\ortruereuse64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{1DFD9959-3EE6-45E0-9D43-824EBD4CD389}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{21976533-5648-4E42-B84F-C169898F1ECB}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{27508707-B27E-42D2-BE29-1AF8AEA93A0E}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPIC64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{2B1066C6-1A94-4E0B-BABF-D85DD868B7D5}\localserver32 -> E:\Programs\Orcad\tools\bin\stmed.exe => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{31BDEAF6-95DE-4175-9119-92D525A3B600}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiica64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{33365B87-BA80-4476-AC3F-C126F30656C3}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{348E9523-9774-41DF-A24B-EF4C0A8BCB3F}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orApConCtl64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{358849F0-B260-49CC-8BCE-8FD7FE2A23F8}\localserver32 -> "E:\Programs\Orcad\tools\bin\simmgr.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{3899FD4D-D0C0-11D1-BBA2-0000C0708DD0}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{3DAD4F8B-49BA-4D7C-B348-CBA6A03E22D9}\localserver32 -> "E:\Programs\Orcad\tools\bin\simmgr.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{53D45603-B24B-4F0B-8DD7-DA3C1125445F}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{5C192887-CF9F-4E9D-833D-4D5A6366CA4D}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{5EBE72AF-6082-481F-9C6B-9E5F994D8C23}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{60FD2BEA-A369-42DC-985C-BDBE8617C0D8}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{6353D943-5A1D-4495-B23F-49097930CBE8}\localserver32 -> E:\Programs\Orcad\tools\bin\stmed.exe => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{66985293-D546-11D1-B884-0000C080A60E}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{673C46C9-D4C6-414F-94B5-D2439DE33E36}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiica64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{684C263C-4A60-4FE0-9A89-D2FCDFA28D82}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{69F086C1-793F-4B2A-AE35-9668CA58929F}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{6B41BE7A-E146-480C-9D2B-519E1A0A6CE6}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpxllite64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{79AE55D2-F2B3-41A6-94D8-E936999AAEC8}\localserver32 -> "E:\Programs\Orcad\tools\bin\SimSrvr.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{80EC1B8D-6958-41C3-8F57-03962BBF01FC}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{83637867-7260-4F1E-B2F8-FB4D8E6F5546}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpxllite64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{918E2AD0-E4CE-4C8F-A1D3-DE73B3592C48}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{9BCA2D46-3639-466C-828D-662B9C254E93}\localserver32 -> "E:\Programs\Orcad\tools\bin\PspiceExplorerSrvr.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{9D272CB5-46DE-4E10-99A3-C8A6BD3A0748}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orlayoutreuse64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A3822123-1F17-435C-BE1B-13CC7D64A1F4}\localserver32 -> "E:\Programs\Orcad\tools\bin\Capture.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A50B40B5-3AD6-45E9-AE0F-8411180FF935}\localserver32 -> "E:\Programs\Orcad\tools\bin\mrksrvr.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A5BC9D30-4956-44FC-8837-66692742AD07}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPIC64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A8FC1C08-D635-4C63-AEAA-10C9BC2CE570}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orApConCtl64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{AFC0797D-1E57-4EA0-A0DD-A71297A4ACD8}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPIC64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{AFC4FCF3-0EEE-4448-AE23-0680A88A22AA}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{B246A908-770E-4B98-99EA-EC23648F2532}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{BBB19602-BF51-11D1-BB9B-0000C0708DD0}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{BC52C06A-D1F8-4039-8C44-F78A70B5EA3C}\localserver32 -> "E:\Programs\Orcad\tools\bin\Capture.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C04B6E75-FF75-4C5F-9560-89352E9BAA0B}\localserver32 -> "E:\Programs\Orcad\tools\bin\Capture.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C262C294-C3F0-48FD-A178-BA3396528151}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpicis64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C76160CB-15E7-4299-A018-5CE6E15A7D2A}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CADC842C-7C64-40B4-9F9A-7C82A0FC1DB7}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CBEF1209-5E8B-47A4-862A-E716EBCA78DA}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CD2425E4-8141-11D0-8CE4-444553540000}\InprocServer32 -> E:\Programs\Orcad\tools\bin\Capture.exe => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D23CAAEF-6DA2-4797-83D8-021970040DDE}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPspice64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D70EB2BC-F3DC-4362-89A1-8C1C2BE75459}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D7C7376A-B776-4266-8108-86A983B62A57}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspiceaa.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{DB2D5854-0B7A-468D-8E7F-1F328DD4D4A9}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpicis64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{DF76FC8B-0E2E-4B81-8417-E46B4B084927}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpxllite64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> E:\Programs\Autocad\AutoCAD 2018\en-US\acadficn.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E5D385DC-2563-45E3-BF55-CB94821EAA0B}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiica64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E6C99519-1BEA-4F29-B199-F85A462DFF82}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpicis64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EA0541F9-E147-4F3A-B637-D787673F1699}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpicis64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EB0DEA2E-EF40-44CD-A2B0-2B66C03C3762}\localserver32 -> "E:\Programs\Orcad\tools\bin\Capture.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EB78627A-B70D-41F3-B44E-C1415BF04121}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspiceaa.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EC0D4058-AAED-4535-8BE6-564062563D5F}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpicis64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F152E572-47A0-46F9-BE18-E2E83FAE95A2}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspiceaa.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F2930AA9-1354-4497-A6F5-45C8D3FA73D6}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPIC64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F38847C9-55DC-4B52-AB3B-B919CE49C7DF}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orgenlibcom64.dll => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F614E8A5-E663-4F4D-8ACE-A909A5EA6AED}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orlayoutreuse64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F8518828-EC72-4B05-A8C9-040CB8390727}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpxllite64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F9CE1B02-BDC1-11D1-BB99-0000C0708DD0}\localserver32 -> "E:\Programs\Orcad\tools\bin\modeled.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F9FACC57-5B03-4063-AC9F-DEC6FAB02DDC}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FD4187F1-FE95-435F-8174-3FC392E5BEC5}\localserver32 -> "E:\Programs\Orcad\tools\bin\pspice.exe" => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FD829158-7ADE-44B4-91F9-28CF7FD51E4C}\InprocServer32 -> E:\Programs\Orcad\tools\bin\ortruereuse64.ocx => No File CustomCLSID: HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FEB15EE1-0DD2-4B20-BB58-698FAB59913C}\InprocServer32 -> E:\Programs\Orcad\tools\bin\orpiPIC64.dll => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File Task: {064743F1-68CD-421E-8738-A84C4D731730} - System32\Tasks\R@1n-KMS\Office16ProjectPro => wmic path SoftwareLicensingProduct where (ID="4f414197-0fc2-4c01-b68a-86cbb9ac254c") call Activate Task: {86C5222D-53A1-4825-9967-C9B2485D2065} - System32\Tasks\R@1n-KMS\Office16VisioPro => wmic path SoftwareLicensingProduct where (ID="6bf301c1-b94a-43e9-ba31-d494598c47fb") call Activate Task: {B0A57812-8967-4E1B-9504-7DD035E631D8} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate Task: {F6FD4CC3-37B8-4776-89CF-DE85C3F00CC9} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate AlternateDataStreams: C:\Users\Public\AppData:CSM [468] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468] MSCONFIG\Services: KMS-R@1n => 2 C:\Windows\KMS-R@1nHook.exe C:\WINDOWS\System32\Tasks\R@1n-KMS Reboot: ***************** Restore point was successfully created. Processes closed successfully. "Chrome NewTab" => removed successfully CHR Extension: (Speed Dial) - C:\Users\valyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggonkegnkiclajiocblalpkfajkbkelp [2017-09-12] => Error: No automatic fix found for this entry. CHR Extension: (Speed Dial 2 New tab) - C:\Users\valyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2018-03-27] => Error: No automatic fix found for this entry. HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{123C44B9-728B-404C-9275-A9AAFF4A2A70} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{15B7EDEC-C27A-4830-869D-7AABCC104E51} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{160497BE-0194-4784-84A6-96FBD633F876} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{189387F1-D978-4524-BF3C-694E8E07EFFF} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{1DFD9959-3EE6-45E0-9D43-824EBD4CD389} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{21976533-5648-4E42-B84F-C169898F1ECB} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{27508707-B27E-42D2-BE29-1AF8AEA93A0E} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{2B1066C6-1A94-4E0B-BABF-D85DD868B7D5} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{31BDEAF6-95DE-4175-9119-92D525A3B600} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{33365B87-BA80-4476-AC3F-C126F30656C3} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{348E9523-9774-41DF-A24B-EF4C0A8BCB3F} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{358849F0-B260-49CC-8BCE-8FD7FE2A23F8} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{3899FD4D-D0C0-11D1-BBA2-0000C0708DD0} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{3DAD4F8B-49BA-4D7C-B348-CBA6A03E22D9} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{53D45603-B24B-4F0B-8DD7-DA3C1125445F} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{5C192887-CF9F-4E9D-833D-4D5A6366CA4D} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{5EBE72AF-6082-481F-9C6B-9E5F994D8C23} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{60FD2BEA-A369-42DC-985C-BDBE8617C0D8} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{6353D943-5A1D-4495-B23F-49097930CBE8} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{66985293-D546-11D1-B884-0000C080A60E} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{673C46C9-D4C6-414F-94B5-D2439DE33E36} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{684C263C-4A60-4FE0-9A89-D2FCDFA28D82} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{69F086C1-793F-4B2A-AE35-9668CA58929F} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{6B41BE7A-E146-480C-9D2B-519E1A0A6CE6} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{79AE55D2-F2B3-41A6-94D8-E936999AAEC8} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{80EC1B8D-6958-41C3-8F57-03962BBF01FC} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{83637867-7260-4F1E-B2F8-FB4D8E6F5546} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{918E2AD0-E4CE-4C8F-A1D3-DE73B3592C48} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{9BCA2D46-3639-466C-828D-662B9C254E93} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{9D272CB5-46DE-4E10-99A3-C8A6BD3A0748} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A3822123-1F17-435C-BE1B-13CC7D64A1F4} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A50B40B5-3AD6-45E9-AE0F-8411180FF935} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A5BC9D30-4956-44FC-8837-66692742AD07} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{A8FC1C08-D635-4C63-AEAA-10C9BC2CE570} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{AFC0797D-1E57-4EA0-A0DD-A71297A4ACD8} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{AFC4FCF3-0EEE-4448-AE23-0680A88A22AA} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{B246A908-770E-4B98-99EA-EC23648F2532} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{BBB19602-BF51-11D1-BB9B-0000C0708DD0} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{BC52C06A-D1F8-4039-8C44-F78A70B5EA3C} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C04B6E75-FF75-4C5F-9560-89352E9BAA0B} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C262C294-C3F0-48FD-A178-BA3396528151} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{C76160CB-15E7-4299-A018-5CE6E15A7D2A} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CADC842C-7C64-40B4-9F9A-7C82A0FC1DB7} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CBEF1209-5E8B-47A4-862A-E716EBCA78DA} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{CD2425E4-8141-11D0-8CE4-444553540000} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D23CAAEF-6DA2-4797-83D8-021970040DDE} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D70EB2BC-F3DC-4362-89A1-8C1C2BE75459} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{D7C7376A-B776-4266-8108-86A983B62A57} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{DB2D5854-0B7A-468D-8E7F-1F328DD4D4A9} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{DF76FC8B-0E2E-4B81-8417-E46B4B084927} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E5D385DC-2563-45E3-BF55-CB94821EAA0B} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{E6C99519-1BEA-4F29-B199-F85A462DFF82} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EA0541F9-E147-4F3A-B637-D787673F1699} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EB0DEA2E-EF40-44CD-A2B0-2B66C03C3762} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EB78627A-B70D-41F3-B44E-C1415BF04121} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{EC0D4058-AAED-4535-8BE6-564062563D5F} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F152E572-47A0-46F9-BE18-E2E83FAE95A2} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F2930AA9-1354-4497-A6F5-45C8D3FA73D6} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F38847C9-55DC-4B52-AB3B-B919CE49C7DF} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F614E8A5-E663-4F4D-8ACE-A909A5EA6AED} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F8518828-EC72-4B05-A8C9-040CB8390727} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F9CE1B02-BDC1-11D1-BB99-0000C0708DD0} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{F9FACC57-5B03-4063-AC9F-DEC6FAB02DDC} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FD4187F1-FE95-435F-8174-3FC392E5BEC5} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FD829158-7ADE-44B4-91F9-28CF7FD51E4C} => removed successfully HKU\S-1-5-21-2645659846-2928543511-1746150927-1001_Classes\CLSID\{FEB15EE1-0DD2-4B20-BB58-698FAB59913C} => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully "HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{064743F1-68CD-421E-8738-A84C4D731730}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{064743F1-68CD-421E-8738-A84C4D731730}" => removed successfully C:\WINDOWS\System32\Tasks\R@1n-KMS\Office16ProjectPro => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office16ProjectPro" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86C5222D-53A1-4825-9967-C9B2485D2065}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86C5222D-53A1-4825-9967-C9B2485D2065}" => removed successfully C:\WINDOWS\System32\Tasks\R@1n-KMS\Office16VisioPro => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office16VisioPro" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0A57812-8967-4E1B-9504-7DD035E631D8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0A57812-8967-4E1B-9504-7DD035E631D8}" => removed successfully C:\WINDOWS\System32\Tasks\R@1n-KMS\Office16ProPlus => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office16ProPlus" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6FD4CC3-37B8-4776-89CF-DE85C3F00CC9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6FD4CC3-37B8-4776-89CF-DE85C3F00CC9}" => removed successfully C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional" => removed successfully C:\Users\Public\AppData => ":CSM" ADS removed successfully C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\KMS-R@1n => removed successfully HKLM\System\CurrentControlSet\Services\KMS-R@1n => not found C:\Windows\KMS-R@1nHook.exe => moved successfully C:\WINDOWS\System32\Tasks\R@1n-KMS => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27583716 B Java, Flash, Steam htmlcache => 408548384 B Windows/system/drivers => 10678927 B Edge => 1148069 B Chrome => 422769716 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 4590 B LocalService => 0 B NetworkService => 982 B NetworkService => 0 B valyo => 39009168 B RecycleBin => 0 B EmptyTemp: => 877.9 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 20:14:01 ==== Fixlog.txt
- February 15, 2019
- 9 replies
KMS-r@1nhook removal

Valentin77 replied to Valentin77's topic in Resolved Malware Removal Logs

FRST.txt Addition.txt
- February 14, 2019
- 9 replies
KMS-r@1nhook removal

Valentin77 posted a topic in Resolved Malware Removal Logs

Hello, I had given my PC to a service because of HDD failure and now they gave it back with new HDD and new windows which has this suspicious KMS-r@1nhook.exe and it takes nearly 30% of my CPU because of the SPPSVC.exe.... I need your help TIA
- February 14, 2019
- 9 replies

Sign In

Valentin77

Posts

Joined

Last visited

Reputation

Recent Profile Visitors

KMS-r@1nhook removal

KMS-r@1nhook removal

KMS-r@1nhook removal

KMS-r@1nhook removal

KMS-r@1nhook removal

KMS-r@1nhook removal

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information