Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 22-02-2023 Gestart door RandySp (22-02-2023 12:33:10) Run:3 Gestart vanaf C:\Users\RandySp\Desktop Geladen Profielen: RandySp Boot Modus: Normal ============================================== fixlist inhoud: ***************** Start:: CreateRestorePoint: CloseProcesses: ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Geen bestand SearchScopes: HKU\S-1-5-21-3669440298-1739476700-4279047772-1001 -> {1455B036-6059-4B8E-9009-8E1C9C3806D2} URL = (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe C:\Program Files\AVAST Software HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restrictie <==== AANDACHT HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restrictie <==== AANDACHT HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restrictie <==== AANDACHT HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrictie <==== AANDACHT HKLM\SOFTWARE\Policies\Google: Restrictie <==== AANDACHT Task: {01A8B0A4-CF0E-4E66-B031-460D571C118A} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (Geen bestand) Task: {0CEA5A94-C5BD-4B7C-8799-6F2308112815} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe /launch (Geen bestand) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (Geen bestand) Task: {60181AF3-86EA-4B68-B648-2AAB56C832E5} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe -startupscan (Geen bestand) Task: {C2804825-4AED-44F3-8D84-52F9C7344D94} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4646480 2022-12-01] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 89c84450-64c3-456c-8299-94c6bb041268 C:\ProgramData\Avast Software Task: {EBE0B664-B351-42AD-8D99-5AED50BEC694} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1209424 2022-12-01] (Avast Software s.r.o. -> AVAST Software) Task: {F48E4CC4-402B-44EA-8D37-56E10E9F8A35} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6694224 2022-11-22] (Avast Software s.r.o. -> Avast Software) C:\Program Files\Common Files\Avast Software HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <==== AANDACHT Edge Extension: (Geen Naam) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [niet gevonden] Edge Extension: (Geen Naam) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [niet gevonden] Edge Extension: (Geen Naam) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [niet gevonden] Edge Extension: (Geen Naam) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [niet gevonden] CHR Extension: (McAfee® WebAdvisor) - C:\Users\RandySp\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-08-05] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9461328 2022-12-01] (Avast Software s.r.o. -> AVAST Software) S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [65944 2022-08-23] (Avast Software s.r.o. -> Avast Software) 2015-05-07 10:17 - 2015-05-07 10:17 - 000000093 ____C () C:\Users\RandySp\AppData\Roaming\ARCompanion.log 2020-03-04 20:07 - 2020-03-04 20:07 - 000000024 ____C () C:\Users\RandySp\AppData\Roaming\FotoGeoTag.dat 2018-09-28 19:19 - 2018-09-28 19:19 - 000000000 ____C () C:\Users\RandySp\AppData\Local\oobelibMkey.log 2019-12-18 22:10 - 2019-12-18 22:10 - 000000722 ____C () C:\Users\RandySp\AppData\Local\recently-used.xbel EmptyTemp: Reboot: End:: ***************** Herstelpunt is succesvol gemaakt. Proces succesvol afgesloten. HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => is succesvol verwijderd HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1455B036-6059-4B8E-9009-8E1C9C3806D2} => is succesvol verwijderd [59532] C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe => Proces succesvol afgesloten. "C:\Program Files\AVAST Software" map verplaatsing: Kon niet verplaatsen "C:\Program Files\AVAST Software" => Gepland om te verplaatsen bij herstart. HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => waarde met succes hersteld HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => waarde met succes hersteld HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => is succesvol verwijderd HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe => is succesvol verwijderd HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\explorer.zza => is succesvol verwijderd HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe => is succesvol verwijderd HKLM\SOFTWARE\Policies\Mozilla => is succesvol verwijderd HKLM\SOFTWARE\Policies\Google => is succesvol verwijderd HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01A8B0A4-CF0E-4E66-B031-460D571C118A} => is succesvol verwijderd HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01A8B0A4-CF0E-4E66-B031-460D571C118A} => is succesvol verwijderd C:\WINDOWS\System32\Tasks\DolbySelectorTask => is succesvol verplaatst HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DolbySelectorTask => is succesvol verwijderd HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CEA5A94-C5BD-4B7C-8799-6F2308112815} => is succesvol verwijderd HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CEA5A94-C5BD-4B7C-8799-6F2308112815} => is succesvol verwijderd C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask => is succesvol verplaatst HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask => is succesvol verwijderd HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57} => is succesvol verwijderd HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57} => is succesvol verwijderd C:\WINDOWS\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => is succesvol verplaatst HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => is succesvol verwijderd HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60181AF3-86EA-4B68-B648-2AAB56C832E5} => is succesvol verwijderd HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60181AF3-86EA-4B68-B648-2AAB56C832E5} => is succesvol verwijderd C:\WINDOWS\System32\Tasks\Trojan Killer => is succesvol verplaatst HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trojan Killer => is succesvol verwijderd "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C2804825-4AED-44F3-8D84-52F9C7344D94}" => is succesvol verwijderd "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2804825-4AED-44F3-8D84-52F9C7344D94}" => is succesvol verwijderd C:\WINDOWS\System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => is succesvol verplaatst "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast SecureLine VPN Bug Report" => is succesvol verwijderd "C:\ProgramData\Avast Software" map verplaatsing: Kon niet verplaatsen "C:\ProgramData\Avast Software" => Gepland om te verplaatsen bij herstart. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBE0B664-B351-42AD-8D99-5AED50BEC694}" => niet gevonden C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update => is succesvol verplaatst "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast SecureLine VPN Update" => is succesvol verwijderd "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F48E4CC4-402B-44EA-8D37-56E10E9F8A35}" => is succesvol verwijderd "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F48E4CC4-402B-44EA-8D37-56E10E9F8A35}" => is succesvol verwijderd C:\WINDOWS\System32\Tasks\Avast Software\Avast SecureLine VPN Update => is succesvol verplaatst "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast SecureLine VPN Update" => is succesvol verwijderd C:\Program Files\Common Files\Avast Software => is succesvol verplaatst HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => is succesvol verwijderd HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => is succesvol verwijderd HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => is succesvol verwijderd HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => is succesvol verwijderd HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => is succesvol verwijderd CHR Extension: (McAfee® WebAdvisor) - C:\Users\RandySp\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-08-05] => Fout: Geen automatische fix gevonden voor dit item. HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => is succesvol verwijderd HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion => is succesvol verwijderd HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => is succesvol verwijderd HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => is succesvol verwijderd SecureLine => Service succesvol gestopt. HKLM\System\CurrentControlSet\Services\SecureLine => is succesvol verwijderd SecureLine => service is succesvol verwijderd HKLM\System\CurrentControlSet\Services\aswVpnRdr => is succesvol verwijderd aswVpnRdr => service is succesvol verwijderd C:\Users\RandySp\AppData\Roaming\ARCompanion.log => is succesvol verplaatst C:\Users\RandySp\AppData\Roaming\FotoGeoTag.dat => is succesvol verplaatst C:\Users\RandySp\AppData\Local\oobelibMkey.log => is succesvol verplaatst C:\Users\RandySp\AppData\Local\recently-used.xbel => is succesvol verplaatst =========== EmptyTemp: ========== FlushDNS => voltooid BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 66715649 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 5720 B Windows/system/drivers => 122840695 B Edge => 28173 B Chrome => 644751793 B Firefox => 1061678048 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 7998 B systemprofile32 => 7998 B LocalService => 38336 B NetworkService => 46336 B RandySp => 148604821 B RecycleBin => 17837403 B EmptyTemp: => 1.9 GB tijdelijke gegevens verwijderd. ================================ Resultaat van geplande bestanden te verplaatsen (Boot Modus: Normal) (Datum&Tijd: 22-02-2023 12:37:28) C:\Program Files\AVAST Software => is succesvol verplaatst C:\ProgramData\Avast Software => is succesvol verplaatst ==== Einde van Fixlog 12:37:28 ====