start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restrictie <==== AANDACHT
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restrictie <==== AANDACHT
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restrictie <==== AANDACHT
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe (Geen bestand)
HKU\S-1-5-19\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs (Geen bestand)
HKU\S-1-5-21-3281580978-1972669021-3677266868-1001\...\Run: [MicrosoftEdgeAutoLaunch_F449D40E833C6F137FB991D0BAA64AC0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3892128 2022-11-10] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restrictie - Chrome <==== AANDACHT
Policies: C:\ProgramData\NTUSER.pol: Restrictie <==== AANDACHT
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restrictie <==== AANDACHT
HKU\S-1-5-21-3281580978-1972669021-3677266868-1001\SOFTWARE\Policies\Microsoft\Edge: Restrictie <==== AANDACHT
Task: {097C36B8-81DC-4BEA-919A-FD1C4C233811} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (Geen bestand)
Task: {3B6A2309-D4C0-4A87-B670-CF5B8479F344} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (Geen bestand)
Task: {678AC63C-79A4-48E6-971F-0A5FEC123D85} - System32\Tasks\{683D24B5-3D25-4FA8-8BF2-45D4990F1D1D} => C:\Program Files (x86)\CoolPro\coolpro.exe (Geen bestand)
Task: {6BE32705-50A2-482F-A7C2-CD8A7ABA1042} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe -LogonOrUnlock (Geen bestand)
Task: {87DF1688-11F8-45FE-876A-BE6536B07725} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (Geen bestand)
Task: {977A8D3E-B7EF-4FCB-AC52-D5DD99A3B269} - \AVAST Software\Avast settings backup -> Geen bestand <==== AANDACHT
Task: {BDBDC914-38F2-46FF-BD95-416907B1EE4B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (Geen bestand)
Task: {CC2B812D-0BEE-437F-9F71-C3FBB40EC15B} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe -Daily (Geen bestand)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2022-02-08] (Bitdefender SRL -> Bitdefender)
U3 idsvc; geen ImagePath
C:\Users\Michael\AppData\Local\file__0.localstorage
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  -> Geen bestand
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\zoek-delete.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\aswvmm.sys.147057237738104:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:4FC01C57 [140]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [143]
BHO: Geen Naam -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Geen bestand
HKU\S-1-5-21-3281580978-1972669021-3677266868-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_F449D40E833C6F137FB991D0BAA64AC0"
Hosts:
EmptyTemp:
Reboot:
end::