|
Plagegeister aller Art und deren Bekämpfung: Disk beinahe immer bei 100% , auch wenn nur ein Program läuft.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.12.2017, 13:25 | #1 |
| Disk beinahe immer bei 100% , auch wenn nur ein Program läuft. Hallo Ich war bei Euch vor zwei Jahren auf Besuch. Damals dachte ich, ich hätte eine Malware. Problem löste sich mit der Deinstallation von meinem Virusprogramm. Ich brauche nun Malwarebytes und Windows Defender. Nun habe ich immer noch folgendes Problem: Damals hatte ich von meinem alten Laptop alle meine Dateien von Documents zum Laptop meiner Tochter kopiert, was zur Folge hatte, dass sich ihr Laptop extrem verlangsamte. In ihren Task Manager war die Disk immer bei beinahe 100%. Wir haben dann die Disk gecleant, defragmentiert, etc.. was eine Verbesserung für eine Weile brachte. Das Problem kam aber immer wieder zurück. Viren Programme haben nie etwas angezeigt, wir scannen regelmässig. Ich habe inzwischen ein neues Laptop und dachte mir, wenn ich das Laptop meiner Tochter abschlanke, dass heiss alle meine Dokumente auf meines neues Laptop tranferiere und dies auf dem Laptop meiner Tochter lösche, dann sollte das Problem gelöst sein. Das Problem hat sich nicht gelöst, sie hat immer noch ihre Disk bei 100%, sobald wir nur ein Programm starten. In der Taskbar finden wir auch nicht den Bösewicht. Weiter suspekt ist, mein neues Laptop lief gut, ich hatte keine Perfomance Probleme, bis zu dem Zeitpunkt, wo ich die Dokumente von meiner Tochter auf mein Laptop geladen habe, dass war vor 2 Wochen, seit einer Woche habe ich nun auch das Problem, dass meine Disk immer bei 100% ist. Ich dachte mir, da ich den Bösewicht, der den Datenträger besetzt nicht im Task Manager finden kann, suche ich halt bei den Services. Heute Morgen habe ich dann die Services durchsucht. Ein paar unnötige ausgeschaltet. Nun bin ich auf einen Service gestossen, der auf meinem und auf dem meiner Tochter ist. Ich kann ihn stoppen (hat zwar keinen Einfluss auf die Perfomance) kann ihn aber nicht ausschalten. Wir haben dann noch den Computer meines Sohnes gecheckt, der hat keine Dokumente von mir und auch keine Perfomance Probleme. Ich und meine Tochter haben für den Service OneSyncSvc_88fbf + OneSyncSvc_1d5fda17 den Pfad C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup (Service von der UnistacksSvcGroup) Mein Sohn hat den gleichen Service von Microsoft, nicht UnistackSvcGroup. Vielleicht ist dieser Service nicht verantwortlich für unsere Perfomance Probleme? Vielleicht schon? Ich habe auch einen Malwarebytes Anti-Rootkit Scan laufen lassen und dieser hat nichts gefunden. Sicher ist das irgend etwas unsere Disk belegt, wir darum immer um die 100% haben. Ich habe ein Bild von meinem Taskmanager angehängt. Nun weiss ich auch nicht mehr weiter und wäre um Eure Hilfe sehr dankbar. Sandra |
07.12.2017, 13:31 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Disk beinahe immer bei 100% , auch wenn nur ein Program läuft. Scan mit Farbar's Recovery Scan Tool (FRST)
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
07.12.2017, 14:53 | #3 |
| Disk beinahe immer bei 100% , auch wenn nur ein Program läuft.FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2017 Ran by sandr (administrator) on THING (07-12-2017 13:36:11) Running from C:\Users\sandr\Downloads Loaded Profiles: sandr (Available Profiles: anita & sandr & r0711 & SQLTELEMETRY & MSSQLSERVER) Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation) HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-16] (Alcor Micro Corp.) HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA) HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2017-05-29] () HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2770088 2017-02-08] (FileZilla Project) HKU\S-1-5-21-4243993546-206752626-989636995-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" Startup: C:\Users\r0711\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-09-29] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5c1fcfe4-6d89-4d5b-a311-5cfd886ad3c6}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{bc5c21d2-a59a-481d-8436-34614f90b56e}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-4243993546-206752626-989636995-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/ HKU\S-1-5-21-4243993546-206752626-989636995-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com SearchScopes: HKU\S-1-5-21-4243993546-206752626-989636995-1006 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-4243993546-206752626-989636995-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-4243993546-206752626-989636995-1006 -> {7D494A7D-CF3B-447D-BA10-E6AEF8351B6F} URL = BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-16] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-22] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation) Edge: ====== Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.45.0_neutral__qq0fmhteeht3j [2017-08-29] FireFox: ======== FF DefaultProfile: ojhxb9p9.default FF ProfilePath: C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default [2017-12-07] FF Homepage: Mozilla\Firefox\Profiles\ojhxb9p9.default -> www.google.be FF Extension: (eidReader Plugin Extension) - C:\Users\sandr\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\kcnofmiceklfkodhdhhjcfjhdepfobaf@unifiedpost.com.xpi [2017-09-19] FF Extension: (eID Belgium) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\Extensions\belgiumeid@eid.belgium.be.xpi [2017-11-22] FF Extension: (Click&Clean) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\Extensions\clickclean@hotcleaner.com [2017-07-30] [Lagacy] FF Extension: (No Name) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\Extensions\d.lehr@chello.at.xpi [2017-12-06] FF Extension: (Ghostery) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\Extensions\firefox@ghostery.com.xpi [2017-12-07] FF Extension: (Self-Destructing Cookies) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-07-30] [Lagacy] FF Extension: (Print Friendly & PDF) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\Extensions\jid0-YQz0l1jthOIz179ehuitYAOdBEs@jetpack.xpi [2017-07-30] FF Extension: (DuckDuckGo Plus) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-12-06] FF Extension: (LastPass: Free Password Manager) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\Extensions\support@lastpass.com.xpi [2017-12-06] FF Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2017-11-22] FF Extension: (Capture & Print) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2017-07-30] [Lagacy] FF Extension: (Adblock Plus) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-12] FF Extension: (Disable Media WMF NV12 format) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ojhxb9p9.default\features\{8c1ac8d0-7725-40e5-94ca-8523ebf0c11d}\disable-media-wmf-nv12@mozilla.org.xpi [2017-12-06] [Lagacy] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4243993546-206752626-989636995-1006: unifiedpost.com/eidReader_ -> C:\Program Files\eid-reader\plugin_win\eidReader.plugin\npeidReader.dll [2017-09-19] (UnifiedPost) Chrome: ======= CHR Profile: C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default [2017-12-07] CHR Extension: (Slides) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Docs) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google Drive) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-26] CHR Extension: (YouTube) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-26] CHR Extension: (Sheets) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Google Docs Offline) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-08] CHR Extension: (eidReader Plugin Chrome Extension) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnofmiceklfkodhdhhjcfjhdepfobaf [2017-10-14] CHR Extension: (Skype) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-26] CHR Extension: (Gmail) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-26] CHR Extension: (Chrome Media Router) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-30] CHR HKU\S-1-5-21-4243993546-206752626-989636995-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kcnofmiceklfkodhdhhjcfjhdepfobaf] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation) S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-04-10] () S4 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [859304 2017-02-08] (FileZilla Project) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2017-06-22] (Macrovision Europe Ltd.) [File not signed] S2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] () R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] () R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S3 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [392384 2017-07-06] (Microsoft Corporation) S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [565952 2017-07-06] (Microsoft Corporation) S3 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [198848 2016-04-30] (Microsoft Corporation) S3 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-03-13] (IDT, Inc.) [File not signed] S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated) S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [File not signed] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH) S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.) S4 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.) S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed] S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-23] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-23] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-20] (Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-09-20] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] () R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-12-03] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-07] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-07] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-07] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-07] (Malwarebytes) R1 MpKsl21d9d2b8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E92FF9D2-919C-4151-BE78-68AB3FCD7E0C}\MpKsl21d9d2b8.sys [58120 2017-12-07] (Microsoft Corporation) R1 MpKsl6d7c21ee; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9E66B71-4F94-46AF-9D13-C415AFBF1681}\MpKsl6d7c21ee.sys [58120 2017-12-03] (Microsoft Corporation) R1 MpKslb9793864; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8FA4739-8EBC-48E0-B335-A285CF0074AF}\MpKslb9793864.sys [58120 2017-12-06] (Microsoft Corporation) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) S4 RsFx0401; C:\WINDOWS\System32\DRIVERS\RsFx0401.sys [260816 2016-03-29] (Microsoft Corporation) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated) S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45928 2017-06-29] (SteelSeries ApS) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation) S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X] S3 MREMP50a64; \??\C:\Program Files\Common Files\Motive\MREMP50a64.sys [X] S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X] S3 MRESP50a64; \??\C:\Program Files\Common Files\Motive\MRESP50a64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-07 13:36 - 2017-12-07 13:39 - 000023821 _____ C:\Users\sandr\Downloads\FRST.txt 2017-12-07 13:35 - 2017-12-07 13:36 - 000000000 ____D C:\FRST 2017-12-07 13:34 - 2017-12-07 13:34 - 002390528 _____ (Farbar) C:\Users\sandr\Downloads\FRST64.exe 2017-12-07 11:46 - 2017-12-07 11:46 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1165F390.sys 2017-12-07 11:45 - 2017-12-07 13:23 - 000000000 ____D C:\Users\sandr\Desktop\mbar 2017-12-07 11:45 - 2017-12-07 13:23 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-12-07 11:45 - 2017-12-07 11:45 - 014178840 _____ (Malwarebytes Corp.) C:\Users\sandr\Downloads\mbar-1.10.3.1001.exe 2017-12-06 12:07 - 2017-12-06 12:08 - 000000000 ___HD C:\$WINDOWS.~BT 2017-12-06 12:07 - 2017-12-06 12:07 - 000000000 ____D C:\Windows.old 2017-12-05 15:40 - 2017-12-05 15:40 - 000056580 _____ C:\Users\r0711\Downloads\WPF_Noten.zip 2017-12-05 10:03 - 2017-12-05 10:03 - 000233981 _____ C:\Users\r0711\Downloads\Foutjes.zip 2017-12-04 10:12 - 2017-12-04 10:12 - 000000000 ____D C:\Users\r0711\Downloads\FireShot 2017-12-04 10:02 - 2017-12-04 10:03 - 000172306 _____ C:\Users\r0711\Downloads\eXComfort-Canvanizer-wk3AN15AxOIt2.zip 2017-12-03 22:20 - 2017-12-03 22:20 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2017-12-02 23:41 - 2017-12-02 23:41 - 000000000 ____D C:\ProgramData\Git 2017-12-02 22:07 - 2017-12-02 22:07 - 000274316 _____ C:\Users\r0711\Downloads\hfdst 2 (1).zip 2017-12-02 20:31 - 2017-12-06 10:30 - 000000000 ____D C:\Users\r0711\AppData\Local\Spotify 2017-12-02 20:31 - 2017-12-02 20:31 - 000001897 _____ C:\Users\r0711\Desktop\Spotify.lnk 2017-12-02 20:31 - 2017-12-02 20:31 - 000001883 _____ C:\Users\r0711\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2017-12-02 20:30 - 2017-12-06 10:28 - 000000000 ____D C:\Users\r0711\AppData\Roaming\Spotify 2017-12-02 20:30 - 2017-12-02 20:30 - 000723152 _____ (Spotify Ltd) C:\Users\r0711\Downloads\SpotifySetup.exe 2017-11-30 13:02 - 2017-11-30 14:19 - 000000000 ____D C:\Users\sandr\Documents\2017_11_30 2017-11-28 10:10 - 2017-11-28 10:10 - 003460764 _____ C:\Users\r0711\Downloads\Business Model Canvas (2).pptx 2017-11-27 19:56 - 2017-11-27 19:56 - 000014626 _____ C:\Users\r0711\Downloads\p2p_27112017.xlsx 2017-11-27 14:38 - 2017-11-27 14:39 - 003460764 _____ C:\Users\r0711\Downloads\Business Model Canvas (1).pptx 2017-11-26 14:22 - 2017-11-26 14:22 - 003460764 _____ C:\Users\r0711\Downloads\Business Model Canvas.pptx 2017-11-24 22:56 - 2017-11-24 22:56 - 000022007 _____ C:\Users\r0711\Downloads\Punten Databases (1).xlsx 2017-11-24 22:55 - 2017-11-24 22:55 - 000022007 _____ C:\Users\r0711\Downloads\Punten Databases.xlsx 2017-11-23 21:15 - 2017-11-23 21:16 - 010315153 _____ C:\Users\r0711\Downloads\Code (2).zip 2017-11-23 21:14 - 2017-11-23 21:15 - 010315153 _____ C:\Users\r0711\Downloads\Code.zip 2017-11-22 18:48 - 2017-11-22 18:48 - 000000000 ____D C:\Users\sandr\AppData\Local\Transcend Elite 2017-11-22 16:34 - 2017-11-22 16:34 - 000000000 ____D C:\Program Files (x86)\Transcend 2017-11-22 16:33 - 2017-11-22 16:33 - 004510688 _____ (Transcend Information, Inc. ) C:\Users\sandr\Downloads\TranscendElite_Win_v3.2.0_setup.exe 2017-11-21 17:57 - 2017-11-21 17:57 - 000118879 _____ C:\Users\r0711\Downloads\Oefening 1.pdf 2017-11-16 16:50 - 2017-11-16 16:50 - 010315153 _____ C:\Users\r0711\Downloads\Code (1).zip 2017-11-16 11:54 - 2017-11-02 06:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-11-16 11:54 - 2017-11-02 06:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-11-16 11:54 - 2017-11-02 06:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-11-16 11:54 - 2017-11-02 06:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2017-11-16 11:54 - 2017-11-02 06:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-11-16 11:54 - 2017-11-02 06:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-11-16 11:54 - 2017-11-02 05:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-11-16 11:54 - 2017-11-02 05:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-11-16 11:54 - 2017-11-02 05:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-11-16 11:54 - 2017-11-02 05:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2017-11-16 11:54 - 2017-11-02 05:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-11-16 11:54 - 2017-11-02 05:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-11-16 11:54 - 2017-11-02 05:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-11-16 11:54 - 2017-11-02 05:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-11-16 11:54 - 2017-11-02 05:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-11-16 11:54 - 2017-11-02 05:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-11-16 11:54 - 2017-11-02 05:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-11-16 11:54 - 2017-11-02 05:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll 2017-11-16 11:54 - 2017-11-02 05:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2017-11-16 11:54 - 2017-11-02 05:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-11-16 11:54 - 2017-11-02 05:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-11-16 11:54 - 2017-11-02 05:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-11-16 11:54 - 2017-11-02 05:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-11-16 11:54 - 2017-11-02 05:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2017-11-16 11:54 - 2017-11-02 05:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-11-16 11:54 - 2017-11-02 05:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-11-16 11:54 - 2017-11-02 05:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2017-11-16 11:54 - 2017-11-02 05:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-11-16 11:54 - 2017-11-02 05:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-11-16 11:54 - 2017-11-02 05:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-11-16 11:54 - 2017-11-02 05:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-11-16 11:54 - 2017-11-02 05:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-11-16 11:54 - 2017-11-02 05:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-11-16 11:54 - 2017-11-02 05:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-11-16 11:54 - 2017-11-02 05:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-11-16 11:54 - 2017-11-02 05:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2017-11-16 11:54 - 2017-11-02 05:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-11-16 11:54 - 2017-11-02 05:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-11-16 11:54 - 2017-11-02 05:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll 2017-11-16 11:54 - 2017-11-02 05:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-11-16 11:54 - 2017-11-02 05:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-11-16 11:54 - 2017-11-02 05:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-11-16 11:54 - 2017-11-02 05:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll 2017-11-16 11:54 - 2017-11-02 05:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-11-16 11:54 - 2017-11-02 05:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll 2017-11-16 11:54 - 2017-11-02 05:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-11-16 11:54 - 2017-11-02 05:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2017-11-16 11:54 - 2017-11-02 05:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-11-16 11:54 - 2017-11-02 05:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-11-16 11:54 - 2017-11-02 05:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-11-16 11:54 - 2017-10-15 16:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-11-16 11:54 - 2017-10-15 16:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-11-16 11:54 - 2017-10-15 15:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-11-16 11:54 - 2017-10-15 15:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-11-16 11:54 - 2017-10-15 15:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2017-11-16 11:54 - 2017-10-15 15:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-11-16 11:54 - 2017-10-15 15:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-11-16 11:54 - 2017-10-15 15:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-11-16 11:54 - 2017-10-15 15:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-11-16 11:54 - 2017-10-15 15:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-11-16 11:54 - 2017-10-15 15:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2017-11-16 11:53 - 2017-11-02 06:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-11-16 11:53 - 2017-11-02 06:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-11-16 11:53 - 2017-11-02 06:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-11-16 11:53 - 2017-11-02 06:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-11-16 11:53 - 2017-11-02 06:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-11-16 11:53 - 2017-11-02 06:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-11-16 11:53 - 2017-11-02 06:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2017-11-16 11:53 - 2017-11-02 06:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-11-16 11:53 - 2017-11-02 06:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-11-16 11:53 - 2017-11-02 06:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-11-16 11:53 - 2017-11-02 06:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-11-16 11:53 - 2017-11-02 06:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-11-16 11:53 - 2017-11-02 06:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-11-16 11:53 - 2017-11-02 06:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-11-16 11:53 - 2017-11-02 06:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2017-11-16 11:53 - 2017-11-02 06:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-11-16 11:53 - 2017-11-02 06:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-11-16 11:53 - 2017-11-02 06:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-11-16 11:53 - 2017-11-02 06:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-11-16 11:53 - 2017-11-02 06:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2017-11-16 11:53 - 2017-11-02 06:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-11-16 11:53 - 2017-11-02 06:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2017-11-16 11:53 - 2017-11-02 06:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-11-16 11:53 - 2017-11-02 06:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-11-16 11:53 - 2017-11-02 06:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-11-16 11:53 - 2017-11-02 06:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-11-16 11:53 - 2017-11-02 06:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-11-16 11:53 - 2017-11-02 06:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-11-16 11:53 - 2017-11-02 06:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-11-16 11:53 - 2017-11-02 06:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-11-16 11:53 - 2017-11-02 06:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2017-11-16 11:53 - 2017-11-02 06:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-11-16 11:53 - 2017-11-02 06:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-11-16 11:53 - 2017-11-02 06:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-11-16 11:53 - 2017-11-02 06:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys 2017-11-16 11:53 - 2017-11-02 06:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2017-11-16 11:53 - 2017-11-02 06:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-11-16 11:53 - 2017-11-02 06:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2017-11-16 11:53 - 2017-11-02 06:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-11-16 11:53 - 2017-11-02 05:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-11-16 11:53 - 2017-11-02 05:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-11-16 11:53 - 2017-11-02 05:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-11-16 11:53 - 2017-11-02 05:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-11-16 11:53 - 2017-11-02 05:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-11-16 11:53 - 2017-11-02 05:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-11-16 11:53 - 2017-11-02 05:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2017-11-16 11:53 - 2017-11-02 05:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys 2017-11-16 11:53 - 2017-11-02 05:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-11-16 11:53 - 2017-11-02 05:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-11-16 11:53 - 2017-11-02 05:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll 2017-11-16 11:53 - 2017-11-02 05:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe 2017-11-16 11:53 - 2017-11-02 05:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-11-16 11:53 - 2017-11-02 05:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2017-11-16 11:53 - 2017-11-02 05:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-11-16 11:53 - 2017-11-02 05:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll 2017-11-16 11:53 - 2017-11-02 05:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll 2017-11-16 11:53 - 2017-11-02 05:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-11-16 11:53 - 2017-11-02 05:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll 2017-11-16 11:53 - 2017-11-02 05:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2017-11-16 11:53 - 2017-11-02 05:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll 2017-11-16 11:53 - 2017-11-02 05:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-11-16 11:53 - 2017-11-02 05:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2017-11-16 11:53 - 2017-11-02 05:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll 2017-11-16 11:53 - 2017-11-02 05:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-11-16 11:53 - 2017-11-02 05:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-11-16 11:53 - 2017-11-02 05:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2017-11-16 11:53 - 2017-11-02 05:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2017-11-16 11:53 - 2017-11-02 05:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll 2017-11-16 11:53 - 2017-11-02 05:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-11-16 11:53 - 2017-11-02 05:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2017-11-16 11:53 - 2017-11-02 05:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-11-16 11:53 - 2017-11-02 05:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2017-11-16 11:53 - 2017-11-02 05:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-11-16 11:53 - 2017-11-02 05:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-11-16 11:53 - 2017-11-02 05:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-11-16 11:53 - 2017-11-02 05:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll 2017-11-16 11:53 - 2017-11-02 05:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2017-11-16 11:53 - 2017-11-02 05:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-11-16 11:53 - 2017-11-02 05:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-11-16 11:53 - 2017-11-02 05:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2017-11-16 11:53 - 2017-11-02 05:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2017-11-16 11:53 - 2017-11-02 05:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-11-16 11:53 - 2017-11-02 05:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-11-16 11:53 - 2017-11-02 05:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-11-16 11:53 - 2017-11-02 05:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-11-16 11:53 - 2017-11-02 05:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-11-16 11:53 - 2017-11-02 05:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-11-16 11:53 - 2017-11-02 05:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-11-16 11:53 - 2017-11-02 05:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-11-16 11:53 - 2017-11-02 05:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-11-16 11:53 - 2017-11-02 05:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-11-16 11:53 - 2017-11-02 05:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2017-11-16 11:53 - 2017-11-02 05:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2017-11-16 11:53 - 2017-11-02 05:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2017-11-16 11:53 - 2017-11-02 05:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-11-16 11:53 - 2017-11-02 05:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-11-16 11:53 - 2017-11-02 05:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-11-16 11:53 - 2017-11-02 05:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-11-16 11:53 - 2017-11-02 05:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-11-16 11:53 - 2017-11-02 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2017-11-16 11:53 - 2017-10-15 15:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-11-16 11:53 - 2017-10-15 15:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-11-16 11:53 - 2017-10-15 15:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-11-16 11:53 - 2017-10-15 15:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-11-16 11:53 - 2017-10-15 15:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-11-16 11:53 - 2017-10-15 15:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-11-16 11:53 - 2017-10-15 15:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-11-16 11:53 - 2017-10-15 15:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-11-16 11:53 - 2017-10-15 15:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll 2017-11-16 11:53 - 2017-10-15 15:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-11-16 11:53 - 2017-10-15 15:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-11-16 11:53 - 2017-10-15 15:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-11-16 11:53 - 2017-10-15 15:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-11-16 11:53 - 2017-10-15 15:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2017-11-16 11:53 - 2017-10-15 15:07 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe 2017-11-16 11:53 - 2017-10-15 15:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-11-16 11:53 - 2017-10-15 15:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-11-16 11:53 - 2017-10-15 15:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-11-16 11:53 - 2017-10-15 15:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-11-16 11:53 - 2017-10-15 15:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll 2017-11-16 11:53 - 2017-10-15 15:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll 2017-11-16 11:53 - 2017-07-07 07:15 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll 2017-11-16 11:53 - 2017-04-19 07:07 - 002617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll 2017-11-16 11:52 - 2017-11-02 05:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll 2017-11-16 11:52 - 2017-11-02 05:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-11-16 11:52 - 2017-11-02 05:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-11-16 11:52 - 2017-11-02 05:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2017-11-16 11:52 - 2017-10-25 08:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-11-16 11:52 - 2017-10-15 15:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-11-16 11:51 - 2017-11-02 06:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-11-16 11:51 - 2017-11-02 05:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2017-11-16 11:51 - 2017-11-02 05:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-11-16 11:51 - 2017-11-02 05:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-11-16 11:51 - 2017-11-02 05:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-11-16 11:51 - 2017-11-02 05:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2017-11-16 11:51 - 2017-11-02 05:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-11-16 11:51 - 2017-11-02 05:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2017-11-16 11:51 - 2017-11-02 05:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-11-16 11:51 - 2017-11-02 05:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-11-16 11:51 - 2017-11-02 05:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll 2017-11-16 11:51 - 2017-11-02 05:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-11-16 11:51 - 2017-11-02 05:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll 2017-11-16 11:51 - 2017-11-02 05:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-11-16 11:51 - 2017-11-02 05:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-11-16 11:51 - 2017-11-02 05:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-11-16 11:51 - 2017-10-15 16:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-11-16 11:51 - 2017-10-15 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-11-16 11:51 - 2017-10-15 15:46 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe 2017-11-16 11:51 - 2017-10-15 15:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2017-11-16 11:51 - 2017-10-15 15:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-11-16 11:51 - 2017-07-07 07:03 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll 2017-11-16 11:51 - 2017-06-20 05:35 - 005141504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll 2017-11-16 11:51 - 2017-04-19 06:30 - 002102272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll 2017-11-16 10:15 - 2017-11-16 10:15 - 000966739 _____ C:\Users\r0711\Downloads\C.zip 2017-11-16 09:54 - 2017-11-16 09:54 - 000000000 ____D C:\Users\r0711\AppData\Roaming\NuGet 2017-11-16 09:45 - 2017-12-05 22:41 - 000000000 ____D C:\Users\r0711\Documents\Programmeren 2017-11-15 13:11 - 2017-11-15 13:11 - 000037549 _____ C:\Users\r0711\Desktop\tarife_schneepaesse_winter_17_18.pdf 2017-11-15 13:11 - 2017-11-15 13:11 - 000027679 _____ C:\Users\r0711\Desktop\tarife_wandern_schlitteln_wahlschneepaesse_17_01.pdf 2017-11-15 10:36 - 2017-11-15 10:36 - 000000000 ____D C:\Users\r0711\source 2017-11-14 18:17 - 2017-11-14 19:41 - 000000000 ____D C:\Users\r0711\AppData\Local\.IdentityService 2017-11-14 17:08 - 2017-11-14 17:08 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools 2017-11-14 17:00 - 2017-11-14 17:00 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits 2017-11-14 16:56 - 2017-03-17 22:48 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll 2017-11-14 16:56 - 2017-03-17 22:08 - 017777152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll 2017-11-14 16:56 - 2017-03-17 22:05 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll 2017-11-14 16:56 - 2017-03-17 22:02 - 000393216 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe 2017-11-14 16:56 - 2017-03-17 21:59 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll 2017-11-14 16:56 - 2017-03-17 21:59 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll 2017-11-14 16:56 - 2017-03-17 21:57 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll 2017-11-14 16:56 - 2017-03-17 21:53 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll 2017-11-14 16:56 - 2017-03-17 21:52 - 004897280 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe 2017-11-14 16:56 - 2017-03-17 21:49 - 001309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll 2017-11-14 16:56 - 2017-03-17 21:48 - 013785600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll 2017-11-14 16:56 - 2017-03-17 21:47 - 006806016 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll 2017-11-14 16:56 - 2017-03-17 21:46 - 000370176 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe 2017-11-14 16:56 - 2017-03-17 21:44 - 001977344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll 2017-11-14 16:56 - 2017-03-17 21:44 - 001174528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe 2017-11-14 16:56 - 2017-03-17 21:44 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll 2017-11-14 16:56 - 2017-03-17 21:44 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll 2017-11-14 16:56 - 2017-03-17 21:43 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll 2017-11-14 16:56 - 2017-03-17 21:43 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll 2017-11-14 16:56 - 2017-03-17 21:43 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll 2017-11-14 16:56 - 2017-03-17 21:43 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll 2017-11-14 16:56 - 2017-03-17 21:41 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll 2017-11-14 16:56 - 2017-03-17 21:39 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll 2017-11-14 16:56 - 2017-03-17 21:38 - 000348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll 2017-11-14 16:56 - 2017-03-17 21:35 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll 2017-11-14 16:56 - 2017-03-17 21:33 - 003648000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe 2017-11-14 16:56 - 2017-03-17 21:30 - 001480704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll 2017-11-14 16:56 - 2017-03-17 21:30 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe 2017-11-14 16:56 - 2017-03-17 21:30 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll 2017-11-14 16:56 - 2017-03-17 21:30 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll 2017-11-14 16:56 - 2017-03-17 21:29 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll 2017-11-14 16:56 - 2017-03-17 21:29 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll 2017-11-14 16:56 - 2017-03-17 21:25 - 000269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll 2017-11-14 16:53 - 2017-11-14 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2017-11-14 16:53 - 2017-11-14 16:53 - 000000000 ____D C:\ProgramData\Windows App Certification Kit 2017-11-14 16:53 - 2017-11-14 16:53 - 000000000 ____D C:\Program Files\Application Verifier 2017-11-14 16:53 - 2017-11-14 16:53 - 000000000 ____D C:\Program Files (x86)\Application Verifier 2017-11-14 16:50 - 2017-11-14 16:50 - 000000000 ____D C:\Program Files (x86)\NuGet 2017-11-14 16:33 - 2017-11-14 16:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\3082 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\2052 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\1055 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\1049 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\1046 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\1045 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\1042 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\1041 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\1040 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\1036 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\1031 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\1029 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\SysWOW64\1028 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\3082 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\2052 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\1055 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\1049 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\1046 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\1045 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\1042 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\1041 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\1040 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\1036 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\1031 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\1029 2017-11-14 13:34 - 2017-11-14 13:34 - 000000000 ____D C:\WINDOWS\system32\1028 2017-11-14 12:54 - 2017-11-14 12:54 - 000001807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk 2017-11-14 12:54 - 2017-11-14 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 2017-11-14 12:39 - 2017-12-07 10:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-11-14 12:39 - 2017-12-07 09:33 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-11-14 12:30 - 2017-12-01 13:58 - 000000000 ____D C:\Users\r0711\Documents\Visual Studio 2017 2017-11-14 12:26 - 2017-11-14 12:26 - 000001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk 2017-11-14 10:15 - 2017-12-03 13:32 - 000000000 ____D C:\Users\r0711\AppData\Roaming\Visual Studio Setup 2017-11-14 10:15 - 2017-11-14 10:15 - 000001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2017-11-14 10:15 - 2017-11-14 10:15 - 000000000 ____D C:\Users\r0711\AppData\Roaming\vstelemetry 2017-11-14 10:15 - 2017-11-14 10:15 - 000000000 ____D C:\Users\r0711\AppData\Local\ServiceHub 2017-11-14 10:14 - 2017-11-14 13:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2017-11-13 13:55 - 2017-11-13 13:55 - 000000000 ____D C:\Users\r0711\AppData\LocalLow\Temp 2017-11-13 13:48 - 2017-11-14 10:15 - 003524254 _____ C:\Users\r0711\Downloads\H1 MF- Marketing (1).pptx 2017-11-13 11:41 - 2017-11-13 11:41 - 001077176 _____ (Microsoft Corporation) C:\Users\r0711\Downloads\vs_community__267358142.1510567460 (1).exe 2017-11-13 11:06 - 2017-11-13 11:06 - 001077176 _____ (Microsoft Corporation) C:\Users\r0711\Downloads\vs_community__267358142.1510567460.exe 2017-11-13 09:43 - 2017-11-13 09:43 - 001868010 _____ C:\Users\r0711\Downloads\H1 (1).zip 2017-11-12 11:46 - 2017-11-12 11:46 - 001002232 _____ C:\Users\sandr\Desktop\lemo report.pdf 2017-11-10 17:29 - 2017-11-10 17:29 - 000011339 _____ C:\Users\r0711\Downloads\SandraRichener ScottProfile.pdf 2017-11-10 13:39 - 2017-12-07 09:33 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2017-11-10 13:39 - 2017-12-07 09:33 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-11-10 13:39 - 2017-11-10 13:39 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-11-10 13:39 - 2017-11-10 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-11-10 13:38 - 2017-11-10 13:38 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-11-10 11:46 - 2017-11-10 11:46 - 003666284 _____ C:\Users\r0711\Downloads\Elien_Osselaer_Sandra_Richener Scott.zip 2017-11-08 17:32 - 2017-11-08 17:32 - 000630272 _____ C:\Users\r0711\Downloads\Module 1(1).ppt 2017-11-07 10:44 - 2017-11-07 10:44 - 001033286 _____ C:\Users\r0711\Downloads\B 01_Richener_Scott_Sandra.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-07 13:24 - 2017-07-23 12:39 - 000000000 ___DC C:\WINDOWS\Panther 2017-12-07 11:51 - 2017-07-23 16:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-12-07 11:46 - 2017-07-30 16:44 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-07 11:35 - 2017-07-29 23:44 - 000000000 ____D C:\Users\sandr\AppData\LocalLow\Mozilla 2017-12-07 10:43 - 2017-09-20 09:34 - 000000000 ____D C:\Users\SQLTELEMETRY 2017-12-07 10:43 - 2017-09-20 09:33 - 000000000 ____D C:\Users\MSSQLSERVER 2017-12-07 09:51 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-12-07 09:51 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-07 09:43 - 2017-09-01 12:16 - 000004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F5F79084-2EAF-451F-B660-2C3158FDDC27} 2017-12-07 09:39 - 2017-08-22 21:22 - 001253768 _____ C:\WINDOWS\system32\perfh00C.dat 2017-12-07 09:39 - 2017-08-22 21:22 - 000353138 _____ C:\WINDOWS\system32\perfc00C.dat 2017-12-07 09:39 - 2017-08-22 20:37 - 001205050 _____ C:\WINDOWS\system32\perfh007.dat 2017-12-07 09:39 - 2017-08-22 20:37 - 000353148 _____ C:\WINDOWS\system32\perfc007.dat 2017-12-07 09:39 - 2017-07-23 16:57 - 003817108 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-12-07 09:34 - 2017-07-29 23:39 - 000000000 __SHD C:\Users\sandr\IntelGraphicsProfiles 2017-12-07 09:32 - 2017-07-29 23:39 - 000000000 ____D C:\Users\sandr 2017-12-07 09:31 - 2017-07-23 16:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-12-07 09:17 - 2017-08-22 22:07 - 000000000 ____D C:\Users\sandr\Documents\Outlook-Dateien 2017-12-06 21:00 - 2017-09-04 13:51 - 000000000 ____D C:\Users\sandr\Documents\Outlook Files 2017-12-06 11:49 - 2017-08-20 19:27 - 000000000 ____D C:\Users\sandr\Documents\Rechnungen_Belgie 2017-12-06 10:39 - 2017-09-17 15:11 - 000000000 ____D C:\Users\r0711\AppData\LocalLow\Mozilla 2017-12-06 10:30 - 2017-09-17 15:26 - 000004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4918E4BC-9ABC-4011-A041-E3DE80445A79} 2017-12-06 10:25 - 2017-09-17 15:00 - 000000000 __SHD C:\Users\r0711\IntelGraphicsProfiles 2017-12-05 13:19 - 2017-10-16 19:42 - 000000000 ____D C:\Users\r0711\Documents\System Security Fundamentals 2017-12-05 13:18 - 2017-09-22 08:29 - 000000000 ____D C:\Users\r0711\Documents\System Netwerk Architecture 2017-12-05 13:14 - 2017-09-17 15:00 - 000000000 ____D C:\Users\r0711\AppData\Local\Packages 2017-12-04 20:28 - 2017-09-19 18:36 - 000000000 ____D C:\Users\r0711\Documents\Entrepreneurship 2017-12-04 09:23 - 2017-03-18 12:40 - 001835008 _____ C:\WINDOWS\system32\config\BBI 2017-12-04 09:21 - 2017-09-17 15:00 - 000000000 ____D C:\Users\r0711 2017-12-04 09:21 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-12-03 22:40 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-12-03 22:35 - 2013-05-09 18:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-12-03 22:17 - 2017-05-21 18:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-12-03 22:17 - 2017-04-19 12:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-12-02 23:41 - 2017-09-20 10:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Help Viewer 2017-11-30 12:58 - 2017-10-22 19:54 - 000000000 ____D C:\ProgramData\CanonIJPLM 2017-11-30 10:25 - 2017-04-19 12:43 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-11-30 09:16 - 2017-07-29 23:39 - 000000000 ____D C:\Users\sandr\AppData\Local\Packages 2017-11-29 22:34 - 2017-09-01 11:42 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-11-26 17:24 - 2017-09-22 12:49 - 000000000 ____D C:\Users\r0711\Documents\Database 2017-11-26 16:40 - 2017-09-30 15:51 - 000000000 ____D C:\Users\r0711\Documents\Philip School 2017-11-23 15:41 - 2017-09-17 15:10 - 000000000 ____D C:\Users\r0711\AppData\Roaming\Mozilla 2017-11-22 21:01 - 2017-07-29 23:44 - 000000000 ____D C:\Users\sandr\AppData\Roaming\Mozilla 2017-11-22 18:14 - 2017-08-20 19:32 - 000000000 ____D C:\Users\sandr\Documents\Sandra 2017-11-22 16:24 - 2017-09-11 14:39 - 000000000 ____D C:\Users\sandr\Documents\Money 2017-11-22 16:24 - 2017-09-11 14:37 - 000000000 ____D C:\Users\sandr\Documents\Holidays Uitstaps 2017-11-22 16:23 - 2017-08-20 16:30 - 000000000 ____D C:\Users\sandr\Documents\CV 2017-11-22 16:01 - 2017-08-20 19:22 - 000000000 ____D C:\Users\sandr\Documents\Mattenstrasse 2017-11-22 14:09 - 2016-11-23 00:36 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-21 14:19 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache 2017-11-21 09:45 - 2017-09-20 10:44 - 000000000 ____D C:\Users\r0711\Documents\Visual Studio 2015 2017-11-21 09:15 - 2013-10-31 11:48 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-11-20 14:42 - 2017-03-18 12:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2017-11-20 14:18 - 2017-07-23 17:04 - 000028578 _____ C:\WINDOWS\diagwrn.xml 2017-11-20 14:18 - 2017-07-23 17:04 - 000028578 _____ C:\WINDOWS\diagerr.xml 2017-11-20 11:58 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Registration 2017-11-20 11:56 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF 2017-11-20 08:36 - 2017-09-19 18:36 - 000000000 ____D C:\Users\r0711\Documents\Marketing 2017-11-18 19:38 - 2013-10-31 11:49 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-11-18 19:29 - 2017-10-13 16:43 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-11-18 19:29 - 2013-10-31 11:49 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-11-16 20:22 - 2017-07-23 16:31 - 000405136 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-16 20:19 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB 2017-11-16 20:19 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\en-GB 2017-11-16 20:19 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-11-16 20:19 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-11-16 20:19 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning 2017-11-16 20:19 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-11-16 20:19 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-11-16 12:09 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-11-16 11:48 - 2017-09-01 11:44 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-11-16 09:21 - 2017-09-20 17:41 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-16 09:21 - 2017-09-20 17:41 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-14 17:07 - 2016-01-23 15:22 - 000000000 ____D C:\ProgramData\Package Cache 2017-11-14 17:03 - 2017-09-20 10:19 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2017-11-14 16:53 - 2017-09-20 10:22 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2017-11-14 16:51 - 2017-07-23 16:56 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-14 16:51 - 2017-07-23 16:56 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-14 13:34 - 2017-09-20 09:25 - 000000000 ____D C:\WINDOWS\SysWOW64\1033 2017-11-14 13:34 - 2017-09-20 09:25 - 000000000 ____D C:\WINDOWS\system32\1033 2017-11-14 12:54 - 2017-07-23 17:51 - 000000000 ____D C:\Program Files (x86)\MSBuild 2017-11-14 12:53 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-11-14 12:42 - 2017-10-09 08:59 - 000000000 ____D C:\Users\r0711\AppData\Local\CrashDumps 2017-11-14 10:56 - 2017-07-23 16:56 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-11-14 10:56 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-11-14 10:56 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-11-13 22:52 - 2017-07-29 23:44 - 000000000 ___RD C:\Users\sandr\OneDrive 2017-11-13 09:26 - 2017-09-20 10:44 - 000000000 ____D C:\Users\r0711\Documents\SQL Server Management Studio 2017-11-12 11:27 - 2017-07-29 23:46 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4243993546-206752626-989636995-1006 2017-11-12 11:27 - 2017-07-29 23:44 - 000002410 _____ C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-11-10 09:45 - 2017-09-17 15:26 - 000000000 ____D C:\Users\r0711\AppData\Local\MicrosoftEdge 2017-11-07 08:52 - 2017-09-19 09:00 - 000000000 ____D C:\Users\r0711\Documents\Business Intelligence ==================== Files in the root of some directories ======= 2017-09-03 12:29 - 2017-09-04 13:56 - 000037669 _____ () C:\Users\sandr\AppData\Roaming\Comma Separated Values.ADR 2017-09-01 14:18 - 2017-09-03 11:54 - 000036881 _____ () C:\Users\sandr\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR Some files in TEMP: ==================== 2017-10-22 18:09 - 2014-05-15 17:40 - 001122384 ____N (CANON INC.) C:\Users\r0711\AppData\Local\Temp\MSETUP4.EXE 2017-10-14 09:48 - 2017-10-14 09:48 - 000035680 _____ () C:\Users\sandr\AppData\Local\Temp\i4jdel0.exe 2017-08-29 15:26 - 2013-05-30 08:18 - 000750880 _____ (Alcatel-Lucent) C:\Users\sandr\AppData\Local\Temp\IHU15F0.tmp.exe 2017-08-29 15:26 - 2013-02-14 15:56 - 000751440 _____ (Alcatel-Lucent) C:\Users\sandr\AppData\Local\Temp\IHU8A07.tmp.exe 2017-08-29 15:26 - 2013-02-14 15:56 - 000751440 _____ (Alcatel-Lucent) C:\Users\sandr\AppData\Local\Temp\IHU8B6F.tmp.exe 2017-08-29 15:26 - 2013-02-14 15:56 - 000751440 _____ (Alcatel-Lucent) C:\Users\sandr\AppData\Local\Temp\IHUDD1D.tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-11-30 17:42 ==================== End of FRST.txt ============================ [/CODE] |
07.12.2017, 14:54 | #4 |
| Disk beinahe immer bei 100% , auch wenn nur ein Program läuft. FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2017 Ran by sandr (07-12-2017 13:43:00) Running from C:\Users\sandr\Downloads Windows 10 Home Version 1703 15063.726 (X64) (2017-07-23 16:09:06) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4243993546-206752626-989636995-500 - Administrator - Disabled) anita (S-1-5-21-4243993546-206752626-989636995-1001 - Administrator - Enabled) => C:\Users\anita annas (S-1-5-21-4243993546-206752626-989636995-1008 - Limited - Disabled) DefaultAccount (S-1-5-21-4243993546-206752626-989636995-503 - Limited - Disabled) Guest (S-1-5-21-4243993546-206752626-989636995-501 - Limited - Disabled) neils (S-1-5-21-4243993546-206752626-989636995-1007 - Limited - Disabled) r0711 (S-1-5-21-4243993546-206752626-989636995-1011 - Administrator - Enabled) => C:\Users\r0711 sandr (S-1-5-21-4243993546-206752626-989636995-1006 - Administrator - Enabled) => C:\Users\sandr ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Active Directory Authentication Library for SQL Server (HKLM\...\{985F0D27-46AC-4473-8F67-720A39D7A1E4}) (Version: 14.0.800.90 - Microsoft Corporation) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\{F08E6C0F-EF66-4E9B-B220-747F99FE0C15}) (Version: 4.4.1245.72462 - Alcor Micro Corp.) Hidden Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.1245.72462 - Alcor Micro Corp.) Application Verifier x64 External Package (HKLM\...\{2D7C1671-6F3D-2AA7-DAA3-91C96B60B919}) (Version: 10.1.15063.468 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.9 - Qualcomm Atheros) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros) Belgium e-ID middleware 4.2.8 (build 3252) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A73252}) (Version: 4.2.3252 - Belgian Government) Blender (HKLM\...\{DEA73CCA-7EC9-41EA-8509-1041C1CABFD0}) (Version: 2.78.3 - Blender Foundation) Browser for SQL Server 2016 (HKLM-x32\...\{5B860485-0F07-41DC-BA8C-3A839A141FBA}) (Version: 13.0.1601.5 - Microsoft Corporation) Canon CanoScan LiDE 220 On-screen Manual (HKLM-x32\...\Canon CanoScan LiDE 220 On-screen Manual) (Version: 7.7.1 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.11.1 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.) CanoScan LiDE 220 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4811) (Version: 1.02 - Canon Inc.) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden Critical Update for SQL Server 2016 MSVCRT Prerequisites (KB4019088) (64-bit) (HKLM\...\KB4019088) (Version: 13.0.1742.0 - Microsoft Corporation) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DiagnosticsHub_CollectionService (HKLM\...\{311C382C-6FDC-45ED-A04C-629A852D6148}) (Version: 15.0.26823 - Microsoft Corporation) Hidden DTS Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0062 - DTS, Inc.) Eid Reader plugin 1.1.2 (HKLM\...\2008-1418-6737-7883) (Version: 1.1.2 - ) Entity Framework 6.1.3 Tools for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.60 - FileZilla Project) Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) HEMA fotoservice (HKLM-x32\...\{FB0103B5-6AE2-4FE3-AFEF-FAC58B6565CC}_is1) (Version: - HEMA BE) icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden IDT Audio Driver (HKLM\...\{09F3839A-9FBA-409D-A0AF-5E7D63F646B1}) (Version: 6.10.6466.0 - IDT) Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{955DB066-D013-43F3-908C-CBC851E3D4FF}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kits Configuration Installer (HKLM-x32\...\{1704C439-1501-3446-7932-33DA822E8597}) (Version: 10.1.15063.468 - Microsoft) Hidden Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft Help Viewer 2.3 (HKLM-x32\...\Microsoft Help Viewer 2.3) (Version: 2.3.26906 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{7DBBD69D-5D15-40C6-AB2B-35ACE08AAF41}) (Version: 14.0.800.90 - Microsoft Corporation) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.8625.2139 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation) Microsoft Office 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.8625.2139 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4243993546-206752626-989636995-1006\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2016) (Version: - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{DC5A8BC0-2C40-4F0D-B90F-C34CD31035C6}) (Version: 13.0.1742.0 - Microsoft Corporation) Microsoft SQL Server 2016 Setup (English) (HKLM\...\{9916613E-6D6C-43B9-834F-91F438D4F403}) (Version: 13.0.1742.0 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL Language Service (HKLM\...\{FE3BF1DD-677E-4793-9770-C07AECC88882}) (Version: 13.0.14500.10 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft SQL Server 2017 Policies RC1 (HKLM-x32\...\{2D37C37A-4A27-4C35-BC0A-F73173BC106B}) (Version: 14.0.800.90 - Microsoft Corporation) Microsoft SQL Server 2017 RC1 (HKLM-x32\...\Microsoft SQL Server SQL2017RC1) (Version: - Microsoft Corporation) Microsoft SQL Server 2017 T-SQL Language Service RC1 (HKLM\...\{55394560-332F-42A8-AB56-BE288663131E}) (Version: 14.0.17177.0 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{E9AB3735-231C-4FA1-BE93-D09EA368386B}) (Version: 14.0.3757.2 - Microsoft Corporation) Microsoft SQL Server Management Studio - 17.2 (HKLM-x32\...\{6ce0f2ad-2643-496c-9b48-d0587d3e10a9}) (Version: 14.0.17177.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2017 RC1 (HKLM\...\{A825DFF0-A610-49A3-BF7C-C5772A0F488B}) (Version: 14.0.800.90 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.12.111.1002 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2016 (HKLM\...\{3E013EB4-FF9E-4CCA-BAB6-318932614FAE}) (Version: 13.0.1601.5 - Microsoft Corporation) Mozilla Firefox 57.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 57.0.1 (x64 en-GB)) (Version: 57.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.1.6541 - Mozilla) Mozilla Thunderbird 52.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Qlik Sense DemoApps (HKLM\...\{42A89815-620C-4005-9F58-4D00EBB808CE}) (Version: 11.11.1 - QlikTech International AB) Hidden Qlik Sense Desktop (HKLM\...\{4D83D644-217D-4D4B-A900-106160D341FC}) (Version: 11.11.1 - QlikTech International AB) Hidden Qlik Sense Desktop Connectors (HKLM\...\{DD19D4F2-157D-475A-89DF-FC2E28AA89CD}) (Version: 11.11.1 - QlikTech International AB) Hidden Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.) Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) SQL Server 2016 Batch Parser (HKLM\...\{D7A905DB-9A1E-4670-9488-F979F8A77A58}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Client Tools (HKLM\...\{9478E350-F157-4724-AE17-6ADA0E9E2351}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden SQL Server 2016 Client Tools (HKLM\...\{A070F2AC-A75B-448C-BECB-B794EB7E0E0D}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden SQL Server 2016 Client Tools Extensions (HKLM\...\{7E94713F-EF30-46EB-B809-BBA8603FBF9E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Client Tools Extensions (HKLM\...\{AB765DC7-7642-4D1C-BEDC-035516CCD224}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Common Files (HKLM\...\{16F3645F-1343-4462-92DC-9AE66A2E68A3}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Common Files (HKLM\...\{57846DA8-8B5D-4466-B850-E8CDFC94046C}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Connection Info (HKLM\...\{74940EE5-66DB-42E3-AC30-295D13B461A7}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden SQL Server 2016 Connection Info (HKLM\...\{8A3AE1F0-0752-435D-A01C-033BDD629C8B}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden SQL Server 2016 Database Engine Services (HKLM\...\{0C457EC3-E998-4041-B856-908D5A2C1708}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Database Engine Services (HKLM\...\{51574D2C-DE28-4441-BDC2-967F0FFC0918}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Database Engine Shared (HKLM\...\{686A81C0-C8E4-46F6-952F-B19A28E8C430}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Database Engine Shared (HKLM\...\{81CABA93-27C0-4BD9-9B5E-227C76B59F46}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 DMF (HKLM\...\{2FFF0757-4360-42F5-8814-16BB5CF0145F}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 DMF (HKLM\...\{34A20DEE-6AD4-44A6-95FF-DFF95CD22B8C}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Shared Management Objects (HKLM\...\{D3FC7A31-F127-4E2A-96F6-B24FA7D3FFAF}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden SQL Server 2016 Shared Management Objects (HKLM\...\{F8001E21-CFCC-47AD-A3B1-6B3EB6D35E48}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden SQL Server 2016 Shared Management Objects Extensions (HKLM\...\{B6E1A5EB-1C58-4A04-B76B-E5FE1BE22CA1}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Shared Management Objects Extensions (HKLM\...\{FA548BCB-5732-40F8-85B0-61515D18D9C1}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 SQL Diagnostics (HKLM\...\{766BE25E-D2B5-4E76-BCB0-29B801BADB3F}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 XEvent (HKLM\...\{8CF2CA8E-3984-46B9-B493-F844F3774FA1}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 XEvent (HKLM\...\{E6FFAAAF-D8B5-4D46-8514-26E96D9F3D8D}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Batch Parser (HKLM\...\{0FF55602-38F3-4D41-B4A3-01254248C668}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Client Tools Extensions (HKLM\...\{683FA9A8-D65D-4235-83D8-9F4E6737F4CA}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Client Tools Extensions (HKLM\...\{F2FD3B29-E8D8-4967-BED3-DDBC61D1975C}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Common Files (HKLM-x32\...\{3EFBCF30-7835-40C0-A482-61FCD200D6B0}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Common Files (HKLM-x32\...\{5666DCCC-0A10-4DEA-9D72-0CBE4597B272}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Connection Info (HKLM\...\{1B420087-3F15-4584-84E7-17004B8F73DD}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Connection Info (HKLM\...\{6E7DE51A-63FC-4636-8110-D81FEABE11D8}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 DMF (HKLM\...\{33CA5408-FAF8-45EA-BC34-339D708D5CD2}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 DMF (HKLM\...\{75D22F08-F052-4D85-BB0D-98572ECAB0DC}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Integration Services Scale Out Management Portal (HKLM\...\{4886060D-2480-465D-8A1E-71297E66AC72}) (Version: 14.0.800.77 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Integration Services Scale Out Management Portal (HKLM\...\{90D6ACA0-1265-41EA-8EC6-FA686EDABEC2}) (Version: 14.0.800.77 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Management Studio Extensions (HKLM-x32\...\{1A240E41-E06A-4601-A64F-75E371DBA6A3}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Management Studio Extensions (HKLM-x32\...\{FD3B8367-14B9-4778-856D-8CFAA216FC20}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Shared Management Objects (HKLM\...\{53A9C556-6706-4B55-95F0-743E1A6F2C82}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Shared Management Objects (HKLM\...\{DE6154BD-9C09-4561-9B85-99536C37A9E2}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Shared Management Objects Extensions (HKLM\...\{0655C937-E277-49BA-A001-A5EB2D0B4E06}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 Shared Management Objects Extensions (HKLM\...\{CA0AD573-54A1-47BC-A050-4BACA38E4CC7}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 SQL Diagnostics (HKLM\...\{28D17C9F-CB6C-4E9B-932A-7E709CAD4366}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 XEvent (HKLM\...\{D1C9CE67-E0C6-4B18-B185-8CBA583FF9C8}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden SQL Server 2017 RC1 XEvent (HKLM\...\{E13EF9DC-DD28-43D0-B861-40E04C93D490}) (Version: 14.0.800.90 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (HKLM\...\{0D9BD39A-A870-4FDF-B590-1E9787CF16D9}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server Management Studio (HKLM\...\{510DB6E6-7CF0-4B25-A51E-3AED7E25D507}) (Version: 14.0.17177.0 - Microsoft Corporation) Hidden SQL Server Management Studio (HKLM\...\{CD1FA99A-EEF9-44BE-8A89-8FB17F1C5437}) (Version: 14.0.17177.0 - Microsoft Corporation) Hidden SQL Server Management Studio for Analysis Services (HKLM\...\{19EE06F5-A411-4AE3-8024-437639E0A063}) (Version: 14.0.17177.0 - Microsoft Corporation) Hidden SQL Server Management Studio for Reporting Services (HKLM\...\{BFDE25C2-FA72-4449-9A7B-B785DA052D99}) (Version: 14.0.17177.0 - Microsoft Corporation) Hidden SSMS Post Install Tasks (HKLM\...\{14A0B7B6-1D73-42E1-AD69-CDBC9AEB979A}) (Version: 14.0.17177.0 - Microsoft Corporation) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.341 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.02.6402 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.3.3 - Toshiba Europe GmbH) TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{D23DC9CD-5870-9D26-5DE9-6273CAC7DD5B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{51523D5B-FC32-CAB4-E54E-E41C0E4C1726}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{05086CEC-62C1-B12C-2FEC-C58E166FA7E8}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden VS Immersive Activate Helper (HKLM-x32\...\{FD1039C3-228B-43BB-820A-ACAED580A9D5}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{028492D7-855B-4018-B0A8-B5411EED541A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_helpconfigmsi (HKLM-x32\...\{9C975D07-01C8-4EFF-95E3-0768063E4F27}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{66555B06-A474-4F98-A9D4-D753E5EBABE8}) (Version: 15.0.26906 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{1AD35036-0E71-1C38-E4F8-14F6ED75EA98}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.15063.468 (HKLM-x32\...\{0a829ae9-ca13-4f58-a168-648e80cf6739}) (Version: 10.1.15063.468 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{3E1718A0-E5A4-04EB-E85C-DF94790FCCF4}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{26FD6F7E-30DF-16AB-9F3B-2EC665C36498}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{B3E6FE24-A4E4-0454-5004-D8A3CCC9B0F6}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{CC57D696-D6B5-DB4D-7ABC-C373CF7E6D73}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{891DDA6A-C9D4-9C57-BC4E-B77CE28BAFC3}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{C22B0226-A0C4-B973-C0BF-24A3D66B8C3E}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{F3F1C906-9349-1B25-3680-65015218BD99}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{CB8253BF-62B4-A504-7E06-BA102F48C02B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0594B025-1626-45A1-8D6D-5995E2D1662F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] () Task: {0A106DDF-07DF-4A19-931A-B1F59ED98FA2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {0B5617E9-90FA-4213-B399-9F8E9509D44C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {288B5341-FFDE-45BD-86F3-7F832C46B49A} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-01-04] (Toshiba Europe GmbH) Task: {2E2F0911-B564-4C7A-93A3-37CCDBCD8557} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {386E4252-E76E-4A16-81E1-3FA5DDCAC064} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-30] (Microsoft Corporation) Task: {3ED2B7C9-EFB4-42D3-B2B0-F0BF59D9E26E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-18] (Microsoft Corporation) Task: {401AC1DD-D9DE-456C-BAAF-DEBB1542743D} - System32\Tasks\IHSelfDeleteTASK => CMD /C DEL C:\Users\sandr\AppData\Local\Temp\IHU8FE4.tmp.exe <==== ATTENTION Task: {447B49B6-6A2D-4573-A2DA-9A9701313C3B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-08-29] (McAfee, Inc.) Task: {6240580B-198F-49FE-B3F0-941D39104CAF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {62582C4D-79D7-48EF-AC0E-2D27E2CFD64F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {69783BEA-4747-4DC9-84F2-7AF06313D4E8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-05-04] (Synaptics Incorporated) Task: {6C19156E-7FF9-44CB-A9C5-417BA7928F0D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {6CBAEBC7-991B-4FDD-B42A-ECCEC12F7D6A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {7201060E-F050-4A19-B944-56E75B36BD71} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated) Task: {73D4500E-0E93-46EE-BE93-31C057A930AB} - \CCleanerSkipUAC -> No File <==== ATTENTION Task: {77850A4B-5979-41D6-AA56-BEC402FA9A7A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {85EC749F-D33C-427F-A9D8-6EB0D826E782} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation) Task: {97871869-1504-487D-8A7F-1F5AF5D59559} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\sandr\AppData\Local\Temp\IHU8DB0.tmp.exe <==== ATTENTION Task: {9B2420FC-D312-4A45-8C57-A6C07BEB761C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {B429543D-A733-44EE-9F55-68570CE234AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {B8F2DD9D-CCA8-4CC3-9688-EF2C05BE50AC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-30] (Microsoft Corporation) Task: {C19509FC-ACB5-4041-BB60-53F80CD94A28} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.) Task: {C37802BD-2110-4BE3-A52D-54909965AEC3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-11-30] (Microsoft Corporation) Task: {C3A21178-C632-4BFB-822C-8AC349AD414A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation) Task: {C84890EB-E82E-4BC2-8667-80F0D396ED43} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {CF2B4367-7DD2-4E1F-A34D-9D9D772CB2DC} - \WPD\SqmUpload_S-1-5-21-4243993546-206752626-989636995-1001 -> No File <==== ATTENTION Task: {D2361313-AB7A-43D4-941D-68015A02CD85} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation) Task: {D5424D9B-0D5F-4ED5-9100-67D8A4FFB658} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] () Task: {D8CA9B6A-176B-4247-8F2B-3570A3C2B1C4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {DC9627BC-031E-47BB-9BDA-E6021A376D4F} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2017-11-22] (Microsoft Corporation) Task: {E42FA236-8CE3-4878-8A67-303B971ECABE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F99C6010-681C-4982-BB53-D108197EB066} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-10-22 19:54 - 2013-06-28 14:28 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2017-11-10 13:39 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-11-10 13:39 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-09-03 12:22 - 2017-11-07 21:49 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-10-04 10:01 - 2017-10-04 10:01 - 000076456 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2017-03-18 21:59 - 2017-03-20 04:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-11-30 08:31 - 2017-11-30 08:32 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-11-30 08:31 - 2017-11-30 08:32 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-11-30 08:31 - 2017-11-30 08:32 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-11-30 08:31 - 2017-11-30 08:32 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll 2017-11-30 08:31 - 2017-11-30 08:32 - 000672256 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2017-11-16 09:21 - 2017-11-10 10:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll 2017-11-16 09:21 - 2017-11-10 10:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll 2013-06-28 16:23 - 2012-07-18 06:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2017-08-20 16:50 - 2017-11-30 10:45 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ClientTelemetry.dll 2017-08-20 16:47 - 2017-10-22 11:15 - 000165032 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4243993546-206752626-989636995-1006\...\sharepoint.com -> hxxps://thomasmore365-myfiles.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2017-06-19 20:36 - 000000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4243993546-206752626-989636995-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\sandr\Desktop\twinkle2017.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "TODDMain" HKLM\...\StartupApproved\Run: => "TecoResident" HKLM\...\StartupApproved\Run: => "TosWaitSrv" HKLM\...\StartupApproved\Run: => "TCrdMain" HKLM\...\StartupApproved\Run: => "btbb_McciTrayApp" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center" HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64" HKLM\...\StartupApproved\Run32: => "1.TPUReg" HKLM\...\StartupApproved\Run32: => "TSVU" HKLM\...\StartupApproved\Run32: => "ProductUpdater" HKLM\...\StartupApproved\Run32: => "FileZilla Server Interface" HKU\S-1-5-21-4243993546-206752626-989636995-1006\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6D09DCFF-F890-41E7-8160-8B2D49D310A4}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{8E368F18-D2A9-4BE0-8BE3-BDA48EF839F1}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [UDP Query User{B70D890C-72F9-4E6F-853F-324A12278F67}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [TCP Query User{2592448D-C064-4BF4-BD28-82C815EB8416}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{D88DE400-CFCF-45DA-A5AB-7B71C6CFD293}C:\program files (x86)\voobly\voobly.exe] => (Block) C:\program files (x86)\voobly\voobly.exe FirewallRules: [TCP Query User{1D0817F7-2EC8-4003-98B6-DC124191D90F}C:\program files (x86)\voobly\voobly.exe] => (Block) C:\program files (x86)\voobly\voobly.exe FirewallRules: [UDP Query User{4B7229D2-50DE-49E2-8075-55E2EC08A443}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe FirewallRules: [TCP Query User{A224475E-C721-472A-89CA-A65CF7D7CAFE}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe FirewallRules: [UDP Query User{5677DFD8-0084-4389-A616-0330C22D49C5}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe FirewallRules: [TCP Query User{55067D8E-B2F1-4EF9-A404-874E6DD4192A}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe FirewallRules: [{8DD5036E-3CFE-4413-ACA9-EE6CF2B8C2F6}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe FirewallRules: [{AE10C12A-C09E-476D-B4C7-70F494E8CEC5}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe FirewallRules: [{B654A4B6-3CA4-4696-8865-DF7A308161E4}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe FirewallRules: [{8270CF73-1246-4700-A9D3-0CA39AFDD660}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe FirewallRules: [{E248002D-3657-47F6-9B56-D1E35C0BEC3A}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe FirewallRules: [{6323658B-BF2F-4436-B550-6A3B29EFF151}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\node.exe FirewallRules: [{CE413C99-5B54-4578-B532-5656F69DA67E}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\node.exe FirewallRules: [TCP Query User{74DA973E-0FF6-4395-B730-D8D9C83DC698}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{9C7F21CB-BD10-4493-962A-2670CD8CF432}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{E04675B9-BD53-4AE7-98B3-76E907C0F748}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{E7CAB047-82EB-4140-AE91-88EA0C3FF91C}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => (Block) C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe FirewallRules: [UDP Query User{F189049A-AE93-4D7D-803B-91D1A9718BF2}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => (Block) C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe FirewallRules: [{D89D8435-3004-4676-B404-F4D4193C966A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{3CEF88EF-B471-44EC-A45B-34676289F94A}] => (Allow) LPort=2869 FirewallRules: [{3401B7ED-4FE3-47D3-85F0-5382385BDD0C}] => (Allow) LPort=1900 FirewallRules: [{0FB1E402-94A1-4618-B3E5-67A07A17F094}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D5FAEE9F-A8A3-43C9-94A1-BD19A301E470}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A42A5788-35C2-4381-AD1B-DB1453756B84}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{30A92F83-304A-4641-98C6-EE6B73467DB5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{C539C40B-3AD2-49AF-AF04-B104BDB6CA11}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{6D4B001B-F60E-47CB-8880-389E560AA605}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{57989A80-748E-4F90-A171-1F7C49A9362E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{016458C2-5767-4BBB-B909-ECFAEE8A02E6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{06FA687E-667B-4A26-86AD-67DB6FD33979}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [TCP Query User{8280EC00-A0DC-4259-93C3-58400EA3DC2B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{A6D7F9E3-5917-4EEE-B368-9809FC098C60}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{AC7C7698-4854-4651-BA91-E2795A207AE7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{7C27841B-1442-492D-BE5D-CEB11571505B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{CE522669-D59F-4FFC-96E7-47D69C05B83E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{CF51A60E-B544-49E6-89D8-8807A7B418BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{E3EBA2AA-DBCB-4B80-80E5-D26017CA3646}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{BB2F5469-C91C-4A37-A236-FFCCD3280673}C:\users\r0711\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\r0711\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{47C5A74E-8074-4486-88F0-BA93D5A0C6FE}C:\users\r0711\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\r0711\appdata\roaming\spotify\spotify.exe FirewallRules: [{33C526FC-455A-47D7-97A0-208B45D8B184}] => (Block) C:\users\r0711\appdata\roaming\spotify\spotify.exe FirewallRules: [{AC1C8CEB-DA2E-4294-9D4B-310CCB73E876}] => (Block) C:\users\r0711\appdata\roaming\spotify\spotify.exe ==================== Restore Points ========================= 26-11-2017 22:53:42 Scheduled Checkpoint 06-12-2017 15:04:38 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/07/2017 10:23:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_TokenBroker, version: 10.0.15063.0, time stamp: 0x02799ef5 Faulting module name: combase.dll, version: 10.0.15063.608, time stamp: 0xb66dc19d Exception code: 0xc0000602 Fault offset: 0x0000000000030540 Faulting process ID: 0x1a18 Faulting application start time: 0x01d36f35edb1c4b9 Faulting application path: c:\windows\system32\svchost.exe Faulting module path: C:\WINDOWS\System32\combase.dll Report ID: a0bb828f-98c0-48ea-b2d5-4b25bccd452f Faulting package full name: Faulting package-relative application ID: Error: (12/07/2017 09:46:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (12/07/2017 09:27:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: THING) Description: Package Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (12/07/2017 09:27:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THING) Description: Activation of application Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/07/2017 09:26:12 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Microsoft.Photos.exe version 2017.39091.16340.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1e48 Start Time: 01d36f34ca30b89d Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Report Id: 16edf9eb-5143-43c7-b092-819f29cce2bf Faulting package full name: Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (12/07/2017 09:25:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THING) Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/07/2017 09:20:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THING) Description: Activation of application Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/07/2017 09:19:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: THING) Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/07/2017 09:17:58 AM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (12/06/2017 08:55:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: thing) Description: Package Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. System errors: ============= Error: (12/07/2017 11:35:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/07/2017 11:35:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/07/2017 11:35:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/07/2017 11:35:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/07/2017 11:34:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/07/2017 10:20:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Feature update to Windows 10, version 1709. Error: (12/07/2017 09:36:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/07/2017 09:36:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/07/2017 09:36:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/07/2017 09:36:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-11-30 20:08:10.963 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2017-11-27 19:42:25.314 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2017-10-18 10:03:20.002 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-10-18 10:03:13.490 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-10-18 10:03:12.148 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-19 21:21:58.103 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-19 21:21:55.117 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-19 21:21:39.045 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-19 21:21:27.073 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-19 21:21:26.869 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 1005M @ 1.90GHz Percentage of memory in use: 83% Total physical RAM: 3971.27 MB Available physical RAM: 647.41 MB Total Virtual: 7555.27 MB Available Virtual: 3574.46 MB ==================== Drives ================================ Drive c: (TI31109800A) (Fixed) (Total:453.81 GB) (Free:199.87 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ |
07.12.2017, 15:08 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Disk beinahe immer bei 100% , auch wenn nur ein Program läuft.Code:
ATTFilter S3 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [392384 2017-07-06] (Microsoft Corporation) S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [565952 2017-07-06] (Microsoft Corporation) S3 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [198848 2016-04-30] (Microsoft Corporation)
__________________ Logfiles bitte immer in CODE-Tags posten |
07.12.2017, 15:52 | #6 |
| Student nicht Gewerbe Hallo Cosinus, Nein, ich hab das für meinen Database Kurs gebraucht. Ich bin im ersten Semester an der Hochschule in Mechelen (Belgien) und studiere Datamanagement. Ich habe mit dem MSQL-Server die Basics in SQL gelernt. Auf meinem Laptop ist auch Visual Studio, für den Basic Kurs in C#. Beide Programme haben nichts mit meinem Problem zu tun, da ich die schon vor meinen Performance Problemen auf dem Laptop hatte. Ich hoffe, dass ist kein Grund für einen Rausschmiss aus dem Hilfsthema. Sandra |
07.12.2017, 16:16 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Disk beinahe immer bei 100% , auch wenn nur ein Program läuft. Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
07.12.2017, 17:38 | #8 |
| Disk beinahe immer bei 100% , auch wenn nur ein Program läuft.Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.10.3.1001 www.malwarebytes.org Database version: main: v2017.12.07.06 rootkit: v2017.10.14.01 Windows 10 x64 NTFS Internet Explorer 11.726.15063.0 r0711 :: THING [administrator] 07/12/2017 16:22:03 mbar-log-2017-12-07 (16-22-03).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 383763 Time elapsed: 1 hour(s), 11 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
07.12.2017, 21:16 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Disk beinahe immer bei 100% , auch wenn nur ein Program läuft. Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! adwCleaner v7.x Downloade Dir bitte AdwCleaner auf Deinen Desktop (Bebilderte Anleitung).
__________________ Logfiles bitte immer in CODE-Tags posten |
04.01.2018, 12:10 | #10 |
| Sorry Hallo Cosinus Sorry, dass ich mich so lange nicht mehr gemeldet habe. Hier ist der Adware Cleaner report: Code:
ATTFilter # AdwCleaner 7.0.6.0 - Logfile created on Thu Jan 04 10:56:13 2018 # Updated on 2017/21/12 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: Update service ***** [ Folders ] ***** Deleted: C:\Program Files (x86)\Common Files\freemake shared ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: IHSelfDeleteTASK Deleted: IHUninstallTrackingTASK Deleted: ihuninstalltrackingtask ***** [ Registry ] ***** Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ProductUpdater Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\FMUpdater.dll Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\Newtonsoft.Json.dll Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\GAnalytics.dll Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\GoCartMonad.dll ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Prefetch files deleted ::Proxy settings cleared ::IE policies deleted ::Chrome policies deleted ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [2239 B] - [2018/1/4 10:53:3] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## |
04.01.2018, 12:45 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Disk beinahe immer bei 100% , auch wenn nur ein Program läuft. adwcleaner bitte zwecks Kontrolle wiederholen
__________________ Logfiles bitte immer in CODE-Tags posten |
04.01.2018, 16:54 | #12 |
| Disk beinahe immer bei 100% , auch wenn nur ein Program läuft. zweiter Scan mit Adware Cleaner Code:
ATTFilter # AdwCleaner 7.0.6.0 - Logfile created on Thu Jan 04 15:44:04 2018 # Updated on 2017/21/12 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Prefetch files deleted ::Proxy settings cleared ::IE policies deleted ::Chrome policies deleted ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [2298 B] - [2018/1/4 10:56:13] C:/AdwCleaner/AdwCleaner[S0].txt - [2239 B] - [2018/1/4 10:53:3] C:/AdwCleaner/AdwCleaner[S1].txt - [1078 B] - [2018/1/4 15:43:13] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ########## |
05.01.2018, 11:42 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Disk beinahe immer bei 100% , auch wenn nur ein Program läuft. Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Disk beinahe immer bei 100% , auch wenn nur ein Program läuft. |
100%, 100% datenträger, 100% disk, askbar, bild, brauche, c:\windows, computer, dateien, datenträger, deinstallation, folge, laptop, malwarebytes, microsoft, neues, nicht mehr, probleme, programme, scan, suche, svchost.exe, system, system32, task manager, taskmanager, viren, windows |