Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 15-11-2022
Gestart door Michael (18-11-2022 10:12:50) Run:1
Gestart vanaf D:\Desktop
Geladen Profielen: Michael
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restrictie <==== AANDACHT
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restrictie <==== AANDACHT
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restrictie <==== AANDACHT
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe (Geen bestand)
HKU\S-1-5-19\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs (Geen bestand)
HKU\S-1-5-21-3281580978-1972669021-3677266868-1001\...\Run: [MicrosoftEdgeAutoLaunch_F449D40E833C6F137FB991D0BAA64AC0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3892128 2022-11-10] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restrictie - Chrome <==== AANDACHT
Policies: C:\ProgramData\NTUSER.pol: Restrictie <==== AANDACHT
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restrictie <==== AANDACHT
HKU\S-1-5-21-3281580978-1972669021-3677266868-1001\SOFTWARE\Policies\Microsoft\Edge: Restrictie <==== AANDACHT
Task: {097C36B8-81DC-4BEA-919A-FD1C4C233811} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (Geen bestand)
Task: {3B6A2309-D4C0-4A87-B670-CF5B8479F344} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (Geen bestand)
Task: {678AC63C-79A4-48E6-971F-0A5FEC123D85} - System32\Tasks\{683D24B5-3D25-4FA8-8BF2-45D4990F1D1D} => C:\Program Files (x86)\CoolPro\coolpro.exe (Geen bestand)
Task: {6BE32705-50A2-482F-A7C2-CD8A7ABA1042} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe -LogonOrUnlock (Geen bestand)
Task: {87DF1688-11F8-45FE-876A-BE6536B07725} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (Geen bestand)
Task: {977A8D3E-B7EF-4FCB-AC52-D5DD99A3B269} - \AVAST Software\Avast settings backup -> Geen bestand <==== AANDACHT
Task: {BDBDC914-38F2-46FF-BD95-416907B1EE4B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (Geen bestand)
Task: {CC2B812D-0BEE-437F-9F71-C3FBB40EC15B} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe -Daily (Geen bestand)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2022-02-08] (Bitdefender SRL -> Bitdefender)
U3 idsvc; geen ImagePath
C:\Users\Michael\AppData\Local\file__0.localstorage
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  -> Geen bestand
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\zoek-delete.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\aswvmm.sys.147057237738104:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:4FC01C57 [140]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [143]
BHO: Geen Naam -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Geen bestand
HKU\S-1-5-21-3281580978-1972669021-3677266868-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_F449D40E833C6F137FB991D0BAA64AC0"
Hosts:
EmptyTemp:
Reboot:
end::

*****************

Herstelpunt is succesvol gemaakt.
Proces succesvol afgesloten.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => waarde met succes hersteld
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => waarde met succes hersteld
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => is succesvol verwijderd
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin" => is succesvol verwijderd
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Screensaver" => is succesvol verwijderd
"HKU\S-1-5-21-3281580978-1972669021-3677266868-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MicrosoftEdgeAutoLaunch_F449D40E833C6F137FB991D0BAA64AC0" => is succesvol verwijderd
C:\WINDOWS\system32\GroupPolicy\Machine => is succesvol verplaatst
C:\WINDOWS\system32\GroupPolicy\GPT.ini => is succesvol verplaatst
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => is succesvol verplaatst
C:\ProgramData\NTUSER.pol => is succesvol verplaatst
HKLM\SOFTWARE\Policies\Microsoft\Edge => is succesvol verwijderd
HKU\S-1-5-21-3281580978-1972669021-3677266868-1001\SOFTWARE\Policies\Microsoft\Edge => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{097C36B8-81DC-4BEA-919A-FD1C4C233811}" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{097C36B8-81DC-4BEA-919A-FD1C4C233811}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => is succesvol verplaatst
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B6A2309-D4C0-4A87-B670-CF5B8479F344}" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B6A2309-D4C0-4A87-B670-CF5B8479F344}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => is succesvol verplaatst
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{678AC63C-79A4-48E6-971F-0A5FEC123D85}" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678AC63C-79A4-48E6-971F-0A5FEC123D85}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\{683D24B5-3D25-4FA8-8BF2-45D4990F1D1D} => is succesvol verplaatst
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{683D24B5-3D25-4FA8-8BF2-45D4990F1D1D}" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6BE32705-50A2-482F-A7C2-CD8A7ABA1042}" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BE32705-50A2-482F-A7C2-CD8A7ABA1042}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => is succesvol verplaatst
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\End Of Support\Notify1" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87DF1688-11F8-45FE-876A-BE6536B07725}" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87DF1688-11F8-45FE-876A-BE6536B07725}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => is succesvol verplaatst
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{977A8D3E-B7EF-4FCB-AC52-D5DD99A3B269}" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{977A8D3E-B7EF-4FCB-AC52-D5DD99A3B269}" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDBDC914-38F2-46FF-BD95-416907B1EE4B}" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDBDC914-38F2-46FF-BD95-416907B1EE4B}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => is succesvol verplaatst
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC2B812D-0BEE-437F-9F71-C3FBB40EC15B}" => is succesvol verwijderd
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC2B812D-0BEE-437F-9F71-C3FBB40EC15B}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => is succesvol verplaatst
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\End Of Support\Notify2" => is succesvol verwijderd
BdDci => Service succesvol gestopt.
HKLM\System\CurrentControlSet\Services\BdDci => is succesvol verwijderd
BdDci => service is succesvol verwijderd
HKLM\System\CurrentControlSet\Services\idsvc => is succesvol verwijderd
idsvc => service is succesvol verwijderd
C:\Users\Michael\AppData\Local\file__0.localstorage => is succesvol verplaatst
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent" => is succesvol verwijderd
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ IDM Shell Extension => Subsleutel met ongeldige naam -> is succesvol verwijderd
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk => snelkoppeling argument is succesvol verwijderd
C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk => snelkoppeling argument is succesvol verwijderd
C:\WINDOWS\system32\WdfCoInstaller01007.dll => ":$CmdTcID" ADS is succesvol verwijderd
C:\WINDOWS\system32\WinUSBCoInstaller.dll => ":$CmdTcID" ADS is succesvol verwijderd
C:\WINDOWS\avastSS.scr => ":$CmdTcID" ADS is succesvol verwijderd
C:\WINDOWS\zoek-delete.exe => ":$CmdTcID" ADS is succesvol verwijderd
C:\WINDOWS\system32\Drivers\aswvmm.sys.147057237738104 => ":$CmdTcID" ADS is succesvol verwijderd
C:\WINDOWS\system32\Drivers\wdcsam64.sys => ":$CmdTcID" ADS is succesvol verwijderd
C:\ProgramData\Temp => ":4FC01C57" ADS is succesvol verwijderd
C:\ProgramData\Temp => ":5C321E34" ADS is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => is succesvol verwijderd
HKLM\Software\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => is succesvol verwijderd
"HKU\S-1-5-21-3281580978-1972669021-3677266868-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\MicrosoftEdgeAutoLaunch_F449D40E833C6F137FB991D0BAA64AC0" => is succesvol verwijderd
"HKU\S-1-5-21-3281580978-1972669021-3677266868-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MicrosoftEdgeAutoLaunch_F449D40E833C6F137FB991D0BAA64AC0" => niet gevonden
C:\Windows\System32\Drivers\etc\hosts => is succesvol verplaatst
Hosts met succes hersteld.

=========== EmptyTemp: ==========

FlushDNS => voltooid
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10695704 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 10264741 B
Edge => 23565 B
Chrome => 236455 B
Firefox => 89389609 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 28998 B
NetworkService => 78266950 B
Michael => 82922715 B

RecycleBin => 4996316 B
EmptyTemp: => 265.5 MB tijdelijke gegevens verwijderd.

================================


Het systeem moest herstart worden.

==== Einde van Fixlog 10:13:34 ====