In Behandeling Desktop error

perloc

Enthousiast
Ik heb sinds kort het volgende op mijn screen, en ik weet niet hoe ik eraf moet komen.
Het komt door alles heen, door programma's die open staan en zo.
1543146656884.png
CDBurner en D-com zijn desptop items. Dat verbodslogo (wit vlak verboden in te rijden) en dat logo met CvP (cvp-pc) moeten weg.
Alles geprobeerd maar nopppes.
Hoe krijg ik dat weg?
perloc
 

Abraham54

Administrator
Team lid
Heb jij al een scan gedaan met MBAM?
 

perloc

Enthousiast
Nee, nog niet! Deze laptop is zó nieuw, dat er nauwelijks rommel op kan staan...
Maar zal het doen. Ik kom terig!
perloc
 

Abraham54

Administrator
Team lid
Discussie verplaatst.

Download
Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Opmerkingen
: Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

Antivirusprogramma en actieve malwarescanners dienen al voor je FRST.exe start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

FRST opstarten:
  • Windows 2000 en Windows XP: dubbelklik op FRST.exe.
  • Windows Vista, Windows 7, Windows 8/8.1 en Windows 10: via rechtsklik op FRST.exe of FRST64.exe en kies voor "Als Administrator uitvoeren".
FRST start op:
  • Wanneer het programma is geopend klik dan op de knop Yes bij de disclaimer.
  • Druk vervolgens op de Scan knop.
  • Aansluitend zal een logbestand - FRST.txt en Addition-txt aangemaakt worden en op het bureaublad opgeslagen worden.
.

Kijk hier: Hoe een bijlage toevoegen?
 

perloc

Enthousiast
Hier is het resultaat.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by CvP (25-11-2018 14:30:58)
Running from C:\Users\CvP\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2018-02-06 17:51:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3539046531-3616625713-1300800389-500 - Administrator - Disabled)
CvP (S-1-5-21-3539046531-3616625713-1300800389-1001 - Administrator - Enabled) => C:\Users\CvP
DefaultAccount (S-1-5-21-3539046531-3616625713-1300800389-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3539046531-3616625713-1300800389-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3539046531-3616625713-1300800389-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3539046531-3616625713-1300800389-1014 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3539046531-3616625713-1300800389-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.9.2783 - CDBurnerXP)
D-com 3.5G (HKLM-x32\...\{C06C7DD7-9611-42E8-9254-7FC6A9E26160}) (Version: 1.0.0.1 - )
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1094 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11001.20108 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.29.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 63.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 63.0.1 (x86 en-US)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.6 - Safer-Networking Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
ZDServer (HKLM-x32\...\{C8197F5F-E0DC-44f1-8AF2-1AA5A84F695D}) (Version: 1.0.1.2 - ZTE Corporation)
ZTE Mobile Broadband Device Drivers 1.0.0.17 (HKLM-x32\...\{9194B665-5134-4B6B-AD73-A5292CB072D3}_is1) (Version: - ZTE)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-16] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07F6C1B9-9764-43DA-BCBE-C115FC57441C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [2018-04-06] (Microsoft Corporation)
Task: {1B9D3231-D95A-4E9E-9B6B-191EBE67FBC6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {3127EF01-0A72-4CC3-9A34-502096A286EF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-25] (Microsoft Corporation)
Task: {4A01393F-5FF9-45CD-B901-18637CA413E3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\48168941-90bd-4066-8e40-5b9063956b8b => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {5D745CFF-47FE-4B49-95AB-18EC7FE9C81A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-25] (Microsoft Corporation)
Task: {6982839F-40FE-4E57-B6F2-8AEB1ED5471D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-21] (Microsoft Corporation)
Task: {6F91F504-2976-42F4-9146-07A3E38570ED} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {77C1F502-04C9-4055-AB32-0647FA077AD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-21] (Microsoft Corporation)
Task: {7D382812-1F9C-4F5C-BD9B-31F128483E7D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\91bbe610-f26e-46ab-97ff-dceb5d37ca83 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {85FAAF9F-194C-4569-BBA0-6D802D40BCF0} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2016-11-11] (Safer-Networking Ltd.)
Task: {8AB80859-CDBD-4558-9E7A-CCD25CDB6E27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-21] (Microsoft Corporation)
Task: {8F475B09-61D6-426E-A4A7-C840BBCEE263} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-25] (Microsoft Corporation)
Task: {A36CC784-0F78-4A1D-87C9-8DB98DAC36E7} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A76145E7-96AD-4549-9B6C-D75044CCED1D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b982aabb-24ad-43a0-9c15-eebf29ffe2fb => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {A9B17E0E-0866-4604-88CE-518A81271870} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-21] (Microsoft Corporation)
Task: {ABDCD7A9-60F5-4B6B-9ADF-3D50A06F7BC4} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {ADE84065-8D6F-480B-BD66-84C1033235B5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\904b9ee4-2e0b-49ef-9e13-03f72823cfeb => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {D7C886AB-28B4-4F1A-AFC9-443442A528FA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {FA7B381F-D5C0-4594-A111-353D5470D2F1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-25] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-12 10:00 - 2014-05-15 05:55 - 000432384 _____ () C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
2018-11-03 09:18 - 2016-03-24 08:22 - 000242264 _____ () C:\Program Files (x86)\MobileBrServ\mbbservice.exe
2017-09-29 13:41 - 2017-09-29 13:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-16 04:07 - 2017-05-16 04:07 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-06-28 09:35 - 2018-11-25 05:39 - 008932944 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-07 12:16 - 2018-02-22 00:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-04-07 12:15 - 2018-02-22 00:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-28 09:42 - 2017-06-28 09:42 - 000791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2017-06-28 09:42 - 2017-06-28 09:42 - 000097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2017-09-29 13:41 - 2017-09-29 13:41 - 001909248 ____N () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-04-07 12:14 - 2018-02-22 00:29 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2017-12-14 01:33 - 2017-12-14 01:33 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2017-09-29 13:41 - 2017-09-29 13:41 - 002459648 ____N () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
2018-11-25 12:40 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 11:47 - 2018-04-15 11:57 - 000004929 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com

There are 83 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9231C475-574B-42E3-9F46-DC4997898EE9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F0E95AF-997F-4081-A5E6-9518681588AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CDA118E6-E312-47A9-923A-B1C4D6158CA7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{71D3EFA6-7BC3-48FF-8E37-6E472AC0A3FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

25-11-2018 13:50:12 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2018 02:30:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.16299.309 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 718

Start Time: 01d484c9d71f9646

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

Report Id: 0dca1fd7-9b65-4f89-bff2-2ae4a3516d21

Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (11/25/2018 02:28:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.16299.309 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 42b4

Start Time: 01d484ca8798e8fe

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 1468e219-127f-4960-9661-a68433fd66f2

Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (11/25/2018 02:25:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
Faulting module name: win32u.dll, version: 10.0.16299.15, time stamp: 0x1900dcc9
Exception code: 0xcfffffff
Fault offset: 0x0000000000001144
Faulting process id: 0x1184
Faulting application start time: 0x01d484c9d926fca6
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\System32\win32u.dll
Report Id: e3f6da16-31ad-496b-ab2c-1bd41b18b4a7
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (11/25/2018 02:25:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CVP-LAPTOP)
Description: Package Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe+ContentProcess#{00181404-0079-0000-54d0-558204000000} was terminated because it took too long to suspend.

Error: (11/25/2018 02:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.16299.309, time stamp: 0x5a97930e
Faulting module name: EMODEL.dll, version: 11.0.16299.309, time stamp: 0x5a9793e8
Exception code: 0xc0000005
Fault offset: 0x000000000003fe15
Faulting process id: 0x246c
Faulting application start time: 0x01d484c92670bbcb
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
Report Id: 9cd0708b-2d58-4ac9-a845-1dc2ab8efa8f
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (11/25/2018 01:50:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/25/2018 01:50:12 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: The COM+ Event System could not marshal the subscriber for subscription {1B376C2C-9AE2-4496-893A-9FB8BBD0D4C1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 800401fb.

Error: (11/25/2018 01:43:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.16299.309 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 740

Start Time: 01d484bd85b158c7

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

Report Id: 12f4f0fc-0feb-4015-96b4-60ab7b3fe9b1

Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge


System errors:
=============
Error: (11/25/2018 02:20:43 PM) (Source: DCOM) (EventID: 10010) (User: CVP-LAPTOP)
Description: The server Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.

Error: (11/25/2018 01:42:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2018 01:38:39 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/25/2018 12:52:13 PM) (Source: DCOM) (EventID: 10010) (User: CVP-LAPTOP)
Description: The server Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.

Error: (11/25/2018 12:39:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2018 12:38:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2018 11:06:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2018 11:03:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-02-17 15:45:16.399
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {987893C1-11C7-47AC-8135-2E2F146A1056}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-09 18:16:34.686
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8B9C28CD-E047-42DC-82B3-620DF6656EE6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-25 05:33:19.092
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-25 05:33:19.091
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-25 05:33:19.090
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-25 05:33:19.043
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-25 05:33:19.038
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz
Percentage of memory in use: 69%
Total physical RAM: 1901.04 MB
Available physical RAM: 581.5 MB
Total Virtual: 4489.4 MB
Available Virtual: 1005.66 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:57 GB) (Free:19.84 GB) NTFS

\\?\Volume{8f69c2aa-8985-4dda-a642-45d640879b8b}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{1821d4e2-fde7-4d02-9ce1-783eb1fee343}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58.3 GB) (Disk ID: 472EDD28)

Partition: GPT.

==================== End of Addition.txt ============================

MVG perloc
 

Abraham54

Administrator
Team lid
Graag ook het hoofdlog.
Al bijlage toevoegen mag ook.
 

perloc

Enthousiast
Die is er later bijgekomen!, Sorry,

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by CvP (25-11-2018 14:30:58)
Running from C:\Users\CvP\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2018-02-06 17:51:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3539046531-3616625713-1300800389-500 - Administrator - Disabled)
CvP (S-1-5-21-3539046531-3616625713-1300800389-1001 - Administrator - Enabled) => C:\Users\CvP
DefaultAccount (S-1-5-21-3539046531-3616625713-1300800389-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3539046531-3616625713-1300800389-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3539046531-3616625713-1300800389-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3539046531-3616625713-1300800389-1014 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3539046531-3616625713-1300800389-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.9.2783 - CDBurnerXP)
D-com 3.5G (HKLM-x32\...\{C06C7DD7-9611-42E8-9254-7FC6A9E26160}) (Version: 1.0.0.1 - )
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1094 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11001.20108 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.29.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 63.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 63.0.1 (x86 en-US)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.6 - Safer-Networking Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
ZDServer (HKLM-x32\...\{C8197F5F-E0DC-44f1-8AF2-1AA5A84F695D}) (Version: 1.0.1.2 - ZTE Corporation)
ZTE Mobile Broadband Device Drivers 1.0.0.17 (HKLM-x32\...\{9194B665-5134-4B6B-AD73-A5292CB072D3}_is1) (Version: - ZTE)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-16] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07F6C1B9-9764-43DA-BCBE-C115FC57441C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [2018-04-06] (Microsoft Corporation)
Task: {1B9D3231-D95A-4E9E-9B6B-191EBE67FBC6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {3127EF01-0A72-4CC3-9A34-502096A286EF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-25] (Microsoft Corporation)
Task: {4A01393F-5FF9-45CD-B901-18637CA413E3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\48168941-90bd-4066-8e40-5b9063956b8b => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {5D745CFF-47FE-4B49-95AB-18EC7FE9C81A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-25] (Microsoft Corporation)
Task: {6982839F-40FE-4E57-B6F2-8AEB1ED5471D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-21] (Microsoft Corporation)
Task: {6F91F504-2976-42F4-9146-07A3E38570ED} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {77C1F502-04C9-4055-AB32-0647FA077AD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-21] (Microsoft Corporation)
Task: {7D382812-1F9C-4F5C-BD9B-31F128483E7D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\91bbe610-f26e-46ab-97ff-dceb5d37ca83 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {85FAAF9F-194C-4569-BBA0-6D802D40BCF0} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2016-11-11] (Safer-Networking Ltd.)
Task: {8AB80859-CDBD-4558-9E7A-CCD25CDB6E27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-21] (Microsoft Corporation)
Task: {8F475B09-61D6-426E-A4A7-C840BBCEE263} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-25] (Microsoft Corporation)
Task: {A36CC784-0F78-4A1D-87C9-8DB98DAC36E7} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A76145E7-96AD-4549-9B6C-D75044CCED1D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b982aabb-24ad-43a0-9c15-eebf29ffe2fb => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {A9B17E0E-0866-4604-88CE-518A81271870} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-21] (Microsoft Corporation)
Task: {ABDCD7A9-60F5-4B6B-9ADF-3D50A06F7BC4} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {ADE84065-8D6F-480B-BD66-84C1033235B5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\904b9ee4-2e0b-49ef-9e13-03f72823cfeb => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {D7C886AB-28B4-4F1A-AFC9-443442A528FA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {FA7B381F-D5C0-4594-A111-353D5470D2F1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-25] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-12 10:00 - 2014-05-15 05:55 - 000432384 _____ () C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
2018-11-03 09:18 - 2016-03-24 08:22 - 000242264 _____ () C:\Program Files (x86)\MobileBrServ\mbbservice.exe
2017-09-29 13:41 - 2017-09-29 13:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-16 04:07 - 2017-05-16 04:07 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-06-28 09:35 - 2018-11-25 05:39 - 008932944 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-07 12:16 - 2018-02-22 00:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-04-07 12:15 - 2018-02-22 00:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-28 09:42 - 2017-06-28 09:42 - 000791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2017-06-28 09:42 - 2017-06-28 09:42 - 000097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2017-09-29 13:41 - 2017-09-29 13:41 - 001909248 ____N () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-04-07 12:14 - 2018-02-22 00:29 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2017-12-14 01:33 - 2017-12-14 01:33 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2017-09-29 13:41 - 2017-09-29 13:41 - 002459648 ____N () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
2018-11-25 12:40 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 11:47 - 2018-04-15 11:57 - 000004929 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com

There are 83 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9231C475-574B-42E3-9F46-DC4997898EE9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F0E95AF-997F-4081-A5E6-9518681588AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CDA118E6-E312-47A9-923A-B1C4D6158CA7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{71D3EFA6-7BC3-48FF-8E37-6E472AC0A3FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

25-11-2018 13:50:12 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2018 02:30:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.16299.309 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 718

Start Time: 01d484c9d71f9646

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

Report Id: 0dca1fd7-9b65-4f89-bff2-2ae4a3516d21

Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (11/25/2018 02:28:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.16299.309 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 42b4

Start Time: 01d484ca8798e8fe

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 1468e219-127f-4960-9661-a68433fd66f2

Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (11/25/2018 02:25:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.309, time stamp: 0x5a9791fa
Faulting module name: win32u.dll, version: 10.0.16299.15, time stamp: 0x1900dcc9
Exception code: 0xcfffffff
Fault offset: 0x0000000000001144
Faulting process id: 0x1184
Faulting application start time: 0x01d484c9d926fca6
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\System32\win32u.dll
Report Id: e3f6da16-31ad-496b-ab2c-1bd41b18b4a7
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (11/25/2018 02:25:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CVP-LAPTOP)
Description: Package Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe+ContentProcess#{00181404-0079-0000-54d0-558204000000} was terminated because it took too long to suspend.

Error: (11/25/2018 02:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.16299.309, time stamp: 0x5a97930e
Faulting module name: EMODEL.dll, version: 11.0.16299.309, time stamp: 0x5a9793e8
Exception code: 0xc0000005
Fault offset: 0x000000000003fe15
Faulting process id: 0x246c
Faulting application start time: 0x01d484c92670bbcb
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
Report Id: 9cd0708b-2d58-4ac9-a845-1dc2ab8efa8f
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (11/25/2018 01:50:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/25/2018 01:50:12 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: The COM+ Event System could not marshal the subscriber for subscription {1B376C2C-9AE2-4496-893A-9FB8BBD0D4C1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 800401fb.

Error: (11/25/2018 01:43:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.16299.309 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 740

Start Time: 01d484bd85b158c7

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

Report Id: 12f4f0fc-0feb-4015-96b4-60ab7b3fe9b1

Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge


System errors:
=============
Error: (11/25/2018 02:20:43 PM) (Source: DCOM) (EventID: 10010) (User: CVP-LAPTOP)
Description: The server Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.

Error: (11/25/2018 01:42:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2018 01:38:39 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/25/2018 12:52:13 PM) (Source: DCOM) (EventID: 10010) (User: CVP-LAPTOP)
Description: The server Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.

Error: (11/25/2018 12:39:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2018 12:38:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2018 11:06:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/25/2018 11:03:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-02-17 15:45:16.399
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {987893C1-11C7-47AC-8135-2E2F146A1056}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-09 18:16:34.686
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8B9C28CD-E047-42DC-82B3-620DF6656EE6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-25 05:33:19.092
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-25 05:33:19.091
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-25 05:33:19.090
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-25 05:33:19.043
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-25 05:33:19.038
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz
Percentage of memory in use: 69%
Total physical RAM: 1901.04 MB
Available physical RAM: 581.5 MB
Total Virtual: 4489.4 MB
Available Virtual: 1005.66 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:57 GB) (Free:19.84 GB) NTFS

\\?\Volume{8f69c2aa-8985-4dda-a642-45d640879b8b}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{1821d4e2-fde7-4d02-9ce1-783eb1fee343}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58.3 GB) (Disk ID: 472EDD28)

Partition: GPT.

==================== End of Addition.txt ============================

perloc
 

Abraham54

Administrator
Team lid
Nu heb je al twee keer de Additionele scan geplaatst.
Probeer het nogmaals en goed: ik wil het hoofdlog - het frst-log hebben.
Anders heeft deze oefening weinig zin.
 

perloc

Enthousiast
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.11.2018
Ran by CvP (administrator) on CVP-LAPTOP (25-11-2018 14:18:39)
Running from C:\Users\CvP\Desktop
Loaded Profiles: CvP (Available Profiles: defaultuser0 & CvP)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
() C:\Program Files (x86)\MobileBrServ\mbbService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\SDXHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383328 2017-10-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493984 2017-10-05] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2017-06-28] ()
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493984 2017-10-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [{C06C7DD7-9611-42E8-9254-7FC6A9E26160}] => C:\Program Files (x86)\D-com 3.5G\UUShell.exe [122112 2014-05-15] ()
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\RunOnce: [Uninstall 18.065.0329.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\CvP\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\RunOnce: [Uninstall 18.065.0329.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\CvP\AppData\Local\Microsoft\OneDrive\18.065.0329.0002"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\RunOnce: [Uninstall 18.172.0826.0010\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\CvP\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\amd64"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\RunOnce: [Uninstall 18.172.0826.0010] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\CvP\AppData\Local\Microsoft\OneDrive\18.172.0826.0010"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\MountPoints2: {7b2927fb-40a3-11e8-83e0-a0afbd54e407} - "D:\AutoRun.exe"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\MountPoints2: {843df894-0e28-11e8-83db-a0afbd54e407} - "D:\Windows\AutoRun.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{2ec7cd78-26c6-4b4f-a4f7-5acb607b645f}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{351a44b8-59e5-4cd1-ba76-aa59d8c031ef}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6b505802-728f-416c-aeca-43e9035680d8}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6dfe5cc8-d63b-47ef-90a9-006599aad4dd}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{ff65ecd1-2b32-4166-9b2e-77aeb5161aff}: [DhcpNameServer] 169.254.110.57

Internet Explorer:
==================
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-23] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-23] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-23] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-23] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: qhz8sq3j.default-1540378548864
FF ProfilePath: C:\Users\CvP\AppData\Roaming\Mozilla\Firefox\Profiles\qhz8sq3j.default-1540378548864 [2018-11-25]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-23] (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-06] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9669920 2018-11-02] (Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-07] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-05-16] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71040 2018-11-16] (Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [242264 2016-03-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-10-05] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267328 2017-05-16] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-21] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-21] (Microsoft Corporation)
R2 ZDServ; C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe [432384 2014-05-15] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-12] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-12] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-12] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7407096 2017-05-16] (Intel Corporation)
S3 massfilter; C:\WINDOWS\System32\drivers\ztembbmassfilter.sys [15360 2012-11-22] (MBB Incorporated)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-25] (Malwarebytes)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3526400 2017-03-09] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [337920 2017-05-07] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3057920 2015-10-08] (Realtek Semiconductor Corp.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (QUALCOMM Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-11-21] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-11-21] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-21] (Microsoft Corporation)
S3 ZTEusbmdm6k; C:\WINDOWS\system32\DRIVERS\ztembbusbmdm.sys [123264 2012-11-23] (ZTE Incorporated)
R3 ZTEusbnmea; C:\WINDOWS\system32\DRIVERS\ztembbusbnmea.sys [123264 2012-11-23] (ZTE Incorporated)
S3 ZTEusbser6K; C:\WINDOWS\system32\DRIVERS\ztembbusbser6k.sys [123264 2012-11-23] (ZTE Incorporated)
R3 ZTEusbvoice; C:\WINDOWS\system32\DRIVERS\ztembbusbvoice.sys [123264 2012-11-23] (ZTE Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-25 14:18 - 2018-11-25 14:24 - 000016663 _____ C:\Users\CvP\Desktop\FRST.txt
2018-11-25 14:18 - 2018-11-25 14:18 - 000000000 ____D C:\FRST
2018-11-25 14:17 - 2018-11-25 14:16 - 002416640 _____ (Farbar) C:\Users\CvP\Desktop\FRST64.exe
2018-11-25 14:16 - 2018-11-25 14:16 - 002416640 _____ (Farbar) C:\Users\CvP\Downloads\FRST64.exe
2018-11-25 12:41 - 2018-11-25 12:41 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-25 12:41 - 2018-11-25 12:41 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-25 12:41 - 2018-11-25 12:41 - 000000000 ____D C:\Users\CvP\AppData\Local\mbamtray
2018-11-25 12:41 - 2018-11-25 12:41 - 000000000 ____D C:\Users\CvP\AppData\Local\mbam
2018-11-25 12:40 - 2018-11-25 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-25 12:40 - 2018-11-25 12:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-25 12:40 - 2018-11-25 12:40 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-25 12:40 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-25 12:34 - 2018-11-25 12:39 - 080548384 _____ (Malwarebytes ) C:\Users\CvP\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7999.exe
2018-11-25 11:46 - 2018-11-25 11:46 - 000008704 ___SH C:\Users\CvP\Desktop\Thumbs.db
2018-11-25 05:33 - 2018-11-16 02:44 - 000206208 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll
2018-11-25 05:33 - 2018-11-16 02:44 - 000130432 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll
2018-11-25 05:33 - 2018-11-16 02:44 - 000097664 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll
2018-11-25 05:33 - 2018-11-16 02:44 - 000043904 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll
2018-11-23 15:02 - 2018-11-23 15:02 - 014474808 _____ C:\Users\CvP\Downloads\RogueKillerCMD_portable64.exe
2018-11-21 15:21 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-11-06 14:04 - 2018-11-21 15:25 - 000000000 ____D C:\Program Files\rempl
2018-11-06 14:04 - 2018-09-13 15:36 - 000025248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Luadgmgt.dll
2018-11-03 09:18 - 2018-11-03 09:18 - 000000000 ____D C:\Program Files (x86)\MobileBrServ

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-25 14:12 - 2018-02-07 00:56 - 000000000 ____D C:\WINDOWS\rescache
2018-11-25 14:11 - 2018-02-06 17:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-25 14:08 - 2018-02-07 00:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-25 13:51 - 2018-02-07 00:56 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-11-25 12:40 - 2018-02-07 00:56 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-25 12:40 - 2018-02-07 00:56 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-25 12:40 - 2018-02-07 00:56 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-25 12:36 - 2017-06-28 09:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-25 12:13 - 2017-12-28 09:18 - 000000000 ___RD C:\Users\CvP\3D Objects
2018-11-25 11:22 - 2018-02-06 17:51 - 000000000 ____D C:\Users\CvP\AppData\Local\Packages
2018-11-25 11:02 - 2018-02-07 00:53 - 000000000 ____D C:\WINDOWS\INF
2018-11-25 11:02 - 2017-12-28 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-11-23 14:55 - 2018-04-12 11:45 - 000000000 ____D C:\Users\CvP\AppData\LocalLow\Mozilla
2018-11-21 17:26 - 2018-02-27 06:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-11-21 17:25 - 2018-02-26 07:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-21 17:15 - 2018-02-26 07:33 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-21 15:11 - 2018-02-12 10:08 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3539046531-3616625713-1300800389-1001
2018-11-21 15:11 - 2018-02-06 17:55 - 000002409 _____ C:\Users\CvP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-21 15:11 - 2017-12-28 19:57 - 000000000 ___RD C:\Users\CvP\OneDrive
2018-11-16 02:44 - 2018-04-06 16:43 - 000425344 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2018-11-16 02:44 - 2018-04-06 16:43 - 000104832 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-11-16 02:44 - 2017-12-28 09:30 - 000104832 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2018-11-16 02:44 - 2017-12-28 09:30 - 000053632 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-11-13 10:02 - 2018-02-12 09:59 - 000000000 ____D C:\Program Files (x86)\D-com 3.5G
2018-11-13 09:50 - 2018-02-22 13:31 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-06 15:32 - 2018-02-06 17:49 - 001061002 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-04 09:41 - 2018-04-12 11:45 - 000000000 ____D C:\Users\CvP\AppData\Roaming\Mozilla
2018-11-04 09:40 - 2018-04-12 11:45 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-04 09:40 - 2018-04-12 11:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-04 09:40 - 2018-04-12 11:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-04 09:38 - 2018-02-12 10:01 - 000012273 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-11-03 11:11 - 2018-02-06 17:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-11-03 11:11 - 2017-12-28 19:54 - 000000000 __SHD C:\Users\CvP\IntelGraphicsProfiles

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-25 14:09

==================== End of FRST.txt ============================

perloc
 

Abraham54

Administrator
Team lid
Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld, het toepassen hiervan in een andere computer kan tot schade in Windows leiden.


We gaan


Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de tekst in het code-venster onder het woord Code in het lege kladblokvenster.

Code:
start
CreateRestorePoint:

HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\MountPoints2: {7b2927fb-40a3-11e8-83e0-a0afbd54e407} - "D:\AutoRun.exe"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\MountPoints2: {843df894-0e28-11e8-83db-a0afbd54e407} - "D:\Windows\AutoRun.exe" 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {85FAAF9F-194C-4569-BBA0-6D802D40BCF0} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2016-11-11] (Safer-Networking Ltd.)

EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
end
Sla nu dit kladblokbestand in de dezelfde locatie waar ook FRST.exe aanwezig is op als Fixlist.txt

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op FRST.exe en kies voor "Als Administrator uitvoeren".
  • Als het programma wordt gestart, klik dan op Ja in de popup.
  • Druk op de Fix knop.
  • Na de fix wordt een logbestand - Fixlog.txt - in dezelfde locatie aangemaakt van waaruit FRST.exe is gestart.
  • Post de inhoud van dit logbestand in jouw volgende bericht.
 

perloc

Enthousiast
De ongrwenste items zijn van het scherm verdwenen!
Hier de fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by CvP (26-11-2018 05:28:51) Run:1
Running from C:\Users\CvP\Desktop
Loaded Profiles: CvP (Available Profiles: defaultuser0 & CvP)
Boot Mode: Normal
==============================================

fixlist content:
*****************

Code:

start
CreateRestorePoint:

HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\MountPoints2: {7b2927fb-40a3-11e8-83e0-a0afbd54e407} - "D:\AutoRun.exe"
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\...\MountPoints2: {843df894-0e28-11e8-83db-a0afbd54e407} - "D:\Windows\AutoRun.exe"
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {85FAAF9F-194C-4569-BBA0-6D802D40BCF0} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2016-11-11] (Safer-Networking Ltd.)

EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
end


*****************

Code: => Error: No automatic fix found for this entry.
Restore point was successfully created.
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b2927fb-40a3-11e8-83e0-a0afbd54e407} => removed successfully
HKLM\Software\Classes\CLSID\{7b2927fb-40a3-11e8-83e0-a0afbd54e407} => not found
HKU\S-1-5-21-3539046531-3616625713-1300800389-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{843df894-0e28-11e8-83db-a0afbd54e407} => removed successfully
HKLM\Software\Classes\CLSID\{843df894-0e28-11e8-83db-a0afbd54e407} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{85FAAF9F-194C-4569-BBA0-6D802D40BCF0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85FAAF9F-194C-4569-BBA0-6D802D40BCF0}" => removed successfully
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization" => removed successfully
Processes closed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22352509 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 8680715 B
Edge => 95734761 B
Chrome => 0 B
Firefox => 201295242 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 154584 B
defaultuser0 => 0 B
CvP => 160963575 B

RecycleBin => 385672406 B
EmptyTemp: => 843.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 05:31:14 ====

Welbedankt! perloc
 

Abraham54

Administrator
Team lid
Goedemorgen Perloc, ik had al het vermoeden dat jij dat zou melden.
Er zaten twee mountpoints met een setup.exe in jouw nieuwe Windows en dat waren de boosdoeners!
Dus fijn dat we zo snel klaar zijn.

Daarom nu een opruimactie:

Tip: hou MBAM als ondemand scanner in jouw Windows erbij voor een wekelijkse scan ermee.
Mocht je onverhoopt in de toekomst via een van de scans weer een virus vinden, meld je dan terug in een nieuw topic.


Download
Delfix by Xplode naar het bureaublad.



Delfix by Xplode opstarten:
  • Windows 2000 en Windows XP: dubbelklik op delfix.exe.
  • Windows Vista, Windows 7, Windows 8 en Windows 10 rechtsklik op delfix.exe en kies "Als Administrator uitvoeren".
Zet nu vinkjes voor de volgende items:
  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer het tool gereed is wordt er een logbestand aangemaakt. Dit hoeft jij echter niet te plaatsen.
Start jouw computer hierna opnieuw op, indien er daarna nog programma's of log bestanden aanwezig zijn, mag je die handmatig verwijderen.

Maak daarna desgewenst een nieuw herstelpunt aan.
Overigens zal Windows normaal gesproken dit na de herstart ook gedaan hebben.


Ik heb gezien dat dat jij Windows Defender al aangepast hebt naar de Enterprise versie; draait jouw Windows Defender ook in de sandbox?

Zie: Advies - Windows Defender Antivirus is de eerste antivirusoplossing die in een sandbox draait
 

perloc

Enthousiast
Oei!... ik herinner me de sandbox (zandbak in goed Nederlands) toen ik nog erg klein was. Maar in deze laptop heb ik (nog) geen sandbox aangetroffen hoewel ik op 100 meter van het strand woon. Waar kan ik die vinden?
Verdere vraag.
Ik had voordat ik de image terugzette op deze win10 en de win7 Roguelikker. ehhhh..... Roguekiller staan. Die draaide ik af en toe.
Maar ik kan de goede downloader niet meer vinden. Heb er een gedownload maar die doet ut niet. Als je het een goed idee vindt dat ik die af en toe te draai, zou me dan de goede link willen sturren?
Welbedankt!!!
perloc
 

Abraham54

Administrator
Team lid
Waarom wil jij RogueKiller draaien, dat is geen lekentool naamelijk en als je niet oppast kan je jouw Windows ermee manco maken.
 

perloc

Enthousiast
Deze thread komt niet voor in de Windows 10 threads.
"Is in behandeling". Opgezocht met "Find threads".

Als ik Roguekiller draaide dan kwam op de Win7 laptop 3 gevonden items voor.
Die verwijderde ik dan. Maar natuurlijk zal ik Roguekiller niet downloaden of starten Gzonder advise. (Advies in het Nederlands wordt advice!!). Gezocht om de spell checker uit te schakelen, maar niet gevonden (in Settings)
perloc
 

Abraham54

Administrator
Team lid
In jouw browser of in Windows?
In de logs komt die niet voor.
 
Bovenaan Onderaan