| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Hijacked Hostfile [Part 1]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.06.2017, 12:20
| #1 |
 | ![Windows 7: Hijacked Hostfile [Part 1] - Standard](images/icons/icon1.gif){kind=icon} Windows 7: Hijacked Hostfile [Part 1] Aktuelles Problem modified Host File. Nach 14 Tagen googeln, scannen, säubern und booten, (Eure Beiträge hier waren echt hilfreich) komme ich alleine nicht mehr weiter. Ich bin meine eigene IT Abteilung und mit diesem Thema überfordert. Ich könnte Euro unterstützung gebrauchen... Aktueller FRST scan: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2017
durchgeführt von koehler (Administrator) auf KOEHLER-VAIO-HD (02-06-2017 12:27:20)
Gestartet von C:\Users\koehler\Desktop
Geladene Profile: koehler & NK (Verfügbare Profile: koehler & NK)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(COMODO) C:\Program Files (x86)\COMODO\Comodo ITSM\ItsmRsp.exe
(COMODO) C:\Program Files (x86)\COMODO\Comodo ITSM\ITSMService.exe
() C:\altera\13.1\quartus\bin64\jtagserver.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
() C:\Program Files (x86)\COMODO\Comodo ITSM\PmService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\COMODO\Comodo ITSM\RmmService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\COMODO\Comodo ITSM\SpmService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
() C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(COMODO) C:\Program Files (x86)\COMODO\Comodo ITSM\ITSMAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 5\program\swriter.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 5\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Neil Hodgson neilh@scintilla.org) C:\Program Files (x86)\SciTE\SciTE.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(COMODO) C:\Program Files (x86)\COMODO\Comodo ITSM\ITSMAgent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1621184 2017-05-30] (COMODO)
HKLM-x32\...\Run: [Comodo ITSM] => C:\Program Files (x86)\COMODO\Comodo ITSM\ITSMAgent.exe [1805504 2017-05-26] (COMODO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\ DisallowedCertificates: 1916A2AF346D399F50313C393200F14140456616 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 6431723036FD26DEA502792FA595922493030F97 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: B533345D06F64516403C00DA03187D3BFEF59156 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: CEA586B2CE593EC7D939898337C57814708AB2BE (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (Avast Antivirus/Software) <==== ACHTUNG
HKU\S-1-5-21-2204290386-4168390828-2152525736-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9772248 2017-05-20] (Piriform Ltd)
HKU\S-1-5-21-2204290386-4168390828-2152525736-1000\...\MountPoints2: {375b701e-b2c6-11e2-88ca-f0bf97ecdb8a} - E:\laucher.exe
BootExecute: autocheck autochk *
GroupPolicy: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{356BB228-275F-4324-AA7D-39E42EE73EEC}: [DhcpNameServer] 192.168.179.1
Internet Explorer:
==================
HKU\S-1-5-21-2204290386-4168390828-2152525736-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2204290386-4168390828-2152525736-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
HKU\S-1-5-21-2204290386-4168390828-2152525736-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2204290386-4168390828-2152525736-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2204290386-4168390828-2152525736-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2204290386-4168390828-2152525736-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2204290386-4168390828-2152525736-1000 -> {5407CBDD-8D78-4F2B-96EC-09D81E601112} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q112&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2204290386-4168390828-2152525736-1002 -> {3083675F-D239-487E-979A-D264210136C8} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q112&_nkw={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: WsftpBrowserHelper Class -> {601ED020-FB6C-11D3-87D8-0050DA59922B} -> C:\Program Files (x86)\WS_FTP Pro\wsbho2k0.dll [2002-10-01] (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-2204290386-4168390828-2152525736-1000 -> Kein Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Keine Datei
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: yllfuvex.default-1394610451215
FF ProfilePath: C:\Users\koehler\AppData\Roaming\Mozilla\Firefox\Profiles\yllfuvex.default-1394610451215 [2017-06-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\yllfuvex.default-1394610451215 -> Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\yllfuvex.default-1394610451215 -> Startpage HTTPS - Deutsch
FF NetworkProxy: Mozilla\Firefox\Profiles\yllfuvex.default-1394610451215 -> type", 0
FF Extension: (Priv8) - C:\Users\koehler\AppData\Roaming\Mozilla\Firefox\Profiles\yllfuvex.default-1394610451215\Extensions\id@baku.priv8.xpi [2017-05-02]
FF Extension: (Adblock Plus) - C:\Users\koehler\AppData\Roaming\Mozilla\Firefox\Profiles\yllfuvex.default-1394610451215\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-29]
FF SearchPlugin: C:\Users\koehler\AppData\Roaming\Mozilla\Firefox\Profiles\yllfuvex.default-1394610451215\searchplugins\startpage-https---deutsch.xml [2016-05-19]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-05-02] [ist nicht signiert]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll [2013-08-15] ()
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\npDeployJava1.dll [Keine Datei]
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-08-15] ()
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll [Keine Datei]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.startpage.de/"
CHR DefaultSearchURL: Default -> hxxps://www.startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=opensearch&language=deutsch
CHR DefaultSearchKeyword: Default -> startpage.de
CHR Profile: C:\Users\koehler\AppData\Local\Google\Chrome\User Data\Default [2017-06-02]
CHR Extension: (Google Präsentationen) - C:\Users\koehler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-18]
CHR Extension: (Google Docs) - C:\Users\koehler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-18]
CHR Extension: (Google Drive) - C:\Users\koehler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-18]
CHR Extension: (YouTube) - C:\Users\koehler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-18]
CHR Extension: (Google Tabellen) - C:\Users\koehler\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\koehler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\koehler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-16]
CHR Extension: (Google Mail) - C:\Users\koehler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\koehler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-14] (Intel Corporation) [Datei ist nicht signiert]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-14] (Intel Corporation) [Datei ist nicht signiert]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-14] (Intel Corporation) [Datei ist nicht signiert]
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6669832 2017-05-30] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271936 2017-05-30] (COMODO)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.) [Datei ist nicht signiert]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [Datei ist nicht signiert]
S3 ibt_rails; C:\ibt\RailsInstaller\service_wrapper\service_wrapper.exe [70144 2012-08-22] () [Datei ist nicht signiert]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-10-24] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
R2 ItsmRsp; C:\Program Files (x86)\COMODO\Comodo ITSM\ItsmRsp.exe [1620160 2017-05-26] (COMODO)
R2 ITSMService; C:\Program Files (x86)\COMODO\Comodo ITSM\ITSMService.exe [6590656 2017-05-26] (COMODO)
R2 JTAGServer; C:\altera\13.1\quartus\bin64\jtagserver.exe [269312 2013-10-24] () [Datei ist nicht signiert]
S3 mysqld_ibt; C:\ibt\RailsInstaller\MYSQL\bin\mysqld.exe [8202752 2012-12-10] () [Datei ist nicht signiert]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-04] ()
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin)
R2 PmService; C:\Program Files (x86)\COMODO\Comodo ITSM\PmService.exe [690880 2017-05-26] ()
R2 RmmService; C:\Program Files (x86)\COMODO\Comodo ITSM\RmmService.exe [115392 2017-05-26] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 SpmService; C:\Program Files (x86)\COMODO\Comodo ITSM\SpmService.exe [673472 2017-05-26] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [894624 2011-09-01] (Sony Corporation)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1656600 2016-03-31] (Sony Corporation)
R2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [102912 2016-05-20] () [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31152 2017-04-11] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830064 2017-04-11] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-04-11] (COMODO)
S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [36816 2013-05-23] (Juniper Networks) [Datei ist nicht signiert]
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [117344 2017-04-11] (COMODO)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
R1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [205952 2017-04-28] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [137920 2017-04-18] (Oracle Corporation)
S3 VGA2USB; C:\Windows\System32\Drivers\vga2usb.sys [1640456 2013-07-24] (Epiphan Systems Inc.)
S2 Xe20usbOEM1; C:\Windows\System32\Drivers\Xeusb5.sys [26328 2012-02-29] (Philips Semiconductors)
U4 npcap_wifi; kein ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-02 12:20 - 2017-06-02 12:26 - 00070863 _____ C:\Users\koehler\Desktop\Addition.txt
2017-06-02 12:18 - 2017-06-02 12:27 - 00025436 _____ C:\Users\koehler\Desktop\FRST.txt
2017-06-02 12:17 - 2017-06-02 12:17 - 02433536 _____ (Farbar) C:\Users\koehler\Desktop\FRST64.exe
2017-06-02 12:15 - 2017-06-02 12:15 - 02433536 _____ (Farbar) C:\Users\koehler\Downloads\FRST64.exe
2017-06-02 10:36 - 2017-06-02 10:36 - 00000000 _____ C:\Users\NK\Desktop\Neues Textdokument.txt
2017-06-02 10:03 - 2017-06-02 10:04 - 00000000 ____D C:\Users\NK\AppData\LocalLow\Mozilla
2017-06-02 10:03 - 2017-06-02 10:03 - 00000000 ____D C:\Users\NK\AppData\Roaming\Thunderbird
2017-06-02 10:03 - 2017-06-02 10:03 - 00000000 ____D C:\Users\NK\AppData\Roaming\Mozilla
2017-06-02 10:03 - 2017-06-02 10:03 - 00000000 ____D C:\Users\NK\AppData\Local\Thunderbird
2017-06-02 10:02 - 2012-05-26 22:25 - 00002102 _____ C:\Users\NK\Desktop\Mozilla Thunderbird.lnk
2017-06-02 08:49 - 2017-06-02 08:49 - 00006142 _____ C:\Users\NK\Desktop\comodo.htm
2017-06-02 08:14 - 2017-06-02 08:15 - 00058303 _____ C:\Users\NK\Desktop\Addition.txt
2017-06-02 08:13 - 2017-06-02 12:27 - 00000000 ____D C:\FRST
2017-06-02 08:13 - 2017-06-02 08:15 - 00070119 _____ C:\Users\NK\Desktop\FRST.txt
2017-06-02 08:13 - 2017-06-02 08:13 - 00000000 ____D C:\Users\NK\Desktop\FRST-OlderVersion
2017-06-01 18:23 - 2017-06-01 18:23 - 04110280 _____ C:\Users\NK\Desktop\AdwCleaner_6.047.exe
2017-06-01 18:21 - 2017-06-02 08:13 - 02433536 _____ (Farbar) C:\Users\NK\Desktop\FRST64.exe
2017-06-01 18:15 - 2017-06-01 18:16 - 00797760 _____ C:\Users\NK\Desktop\DelFix_1.013.exe
2017-06-01 18:02 - 2017-06-01 18:02 - 00000000 ____D C:\Program Files (x86)\ESET
2017-06-01 17:39 - 2017-06-01 17:39 - 00003395 _____ C:\Users\koehler\Desktop\JRT.txt
2017-06-01 17:27 - 2017-06-01 17:27 - 02870984 _____ (ESET) C:\Users\NK\Desktop\esetsmartinstaller_deu.exe
2017-06-01 17:22 - 2017-06-01 17:22 - 01663672 _____ (Malwarebytes) C:\Users\NK\Desktop\JRT.exe
2017-06-01 16:46 - 2017-06-01 16:46 - 00000000 ____D C:\Users\NK\AppData\Roaming\LibreOffice
2017-06-01 16:45 - 2017-06-01 16:45 - 00085328 _____ C:\Users\NK\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-01 16:45 - 2017-06-01 16:45 - 00000000 ____D C:\Users\NK\AppData\Roaming\Comodo
2017-06-01 16:33 - 2017-06-01 16:33 - 00001524 _____ C:\Users\NK\Desktop\LibreOffice Writer.lnk
2017-06-01 16:33 - 2017-06-01 16:33 - 00001506 _____ C:\Users\NK\Desktop\LibreOffice Impress.lnk
2017-06-01 16:33 - 2017-06-01 16:33 - 00001438 _____ C:\Users\NK\Desktop\LibreOffice Calc.lnk
2017-06-01 15:02 - 2017-06-01 16:33 - 00000000 ____D C:\Users\NK\AppData\Roaming\Ipswitch
2017-06-01 13:14 - 2017-06-01 15:08 - 00000000 ____D C:\Users\NK\AppData\Local\Google
2017-06-01 13:14 - 2017-06-01 13:14 - 00001425 _____ C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-01 13:14 - 2017-06-01 13:14 - 00000000 ____D C:\Users\NK\AppData\Roaming\Adobe
2017-06-01 13:13 - 2017-06-01 13:16 - 00000000 ____D C:\Users\NK\AppData\Roaming\Sony Corporation
2017-06-01 13:13 - 2017-06-01 13:14 - 00000000 ____D C:\Users\NK
2017-06-01 13:13 - 2017-06-01 13:13 - 00000020 ___SH C:\Users\NK\ntuser.ini
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\Vorlagen
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\Startmenü
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\Netzwerkumgebung
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\Lokale Einstellungen
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\Eigene Dateien
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\Druckumgebung
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\Documents\Eigene Videos
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\Documents\Eigene Musik
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\Documents\Eigene Bilder
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\AppData\Local\Verlauf
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\AppData\Local\Anwendungsdaten
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 _SHDL C:\Users\NK\Anwendungsdaten
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 ____D C:\Users\NK\AppData\Roaming\Intel
2017-06-01 13:13 - 2017-06-01 13:13 - 00000000 ____D C:\Users\NK\AppData\Local\VirtualStore
2017-06-01 13:13 - 2014-10-09 03:02 - 00000000 ____D C:\Users\NK\Documents\Visual Studio 2013
2017-06-01 13:13 - 2011-12-14 02:14 - 00000000 ____D C:\Users\NK\AppData\Roaming\Media Center Programs
2017-06-01 13:01 - 2017-06-01 13:01 - 00000021 _____ C:\Windows\S.dirmngr
2017-05-30 10:14 - 2017-05-30 10:14 - 00000000 ____D C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2017-05-30 09:26 - 2017-05-30 10:01 - 00000000 ____D C:\Users\koehler\SecurityScans
2017-05-30 09:18 - 2017-05-30 09:18 - 00002246 _____ C:\Users\koehler\Desktop\aswMBR.txt
2017-05-30 09:18 - 2017-05-30 09:18 - 00000512 _____ C:\Users\koehler\Desktop\MBR.dat
2017-05-29 21:42 - 2017-05-29 21:42 - 00000000 ____D C:\Users\koehler\AppData\Local\Juniper Networks
2017-05-29 18:23 - 2017-05-29 18:23 - 00000000 ____D C:\Users\koehler\Desktop\RevoUninstallerPortable
2017-05-29 18:22 - 2017-05-29 18:22 - 00000642 _____ C:\Users\koehler\Documents\cc_20170529_182205.reg
2017-05-29 17:55 - 2017-05-31 07:02 - 00000000 ____D C:\AdwCleaner
2017-05-29 17:52 - 2017-05-29 17:53 - 07135915 _____ (PortableApps.com) C:\Users\koehler\Desktop\RevoUninstallerPortable_2.0.3.paf.exe
2017-05-29 17:44 - 2017-05-29 17:44 - 04102600 _____ C:\Users\koehler\Desktop\AdwCleaner_6.046.exe
2017-05-29 16:49 - 2017-05-29 16:49 - 05198336 _____ (AVAST Software) C:\Users\koehler\Desktop\aswMBR.exe
2017-05-29 16:43 - 2017-05-29 16:43 - 00000642 _____ C:\Users\koehler\Documents\cc_20170529_164318.reg
2017-05-29 12:44 - 2017-05-31 14:23 - 00000000 ____D C:\cce_linux
2017-05-24 12:54 - 2017-05-24 12:54 - 00000000 ____D C:\Users\koehler\AppData\Roaming\Comodo
2017-05-24 12:54 - 2017-05-24 12:54 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-05-20 18:40 - 2017-05-20 18:40 - 00006982 _____ C:\Users\koehler\Documents\cc_20170520_184044.reg
2017-05-20 18:32 - 2017-05-20 18:32 - 09548112 _____ (Piriform Ltd) C:\Users\koehler\Downloads\ccsetup530.exe
2017-05-19 17:11 - 2017-05-19 17:12 - 00018870 _____ C:\Users\koehler\Documents\CisReport_x64_v8.3.0.5285_20170519-171146.zip
2017-05-19 16:59 - 2017-05-19 16:59 - 00023830 _____ C:\Users\koehler\Documents\cc_20170519_165936.reg
2017-05-19 16:50 - 2017-05-19 16:50 - 00000000 ____D C:\Users\koehler\AppData\Roaming\Sony
2017-05-19 16:45 - 2017-06-02 06:40 - 00049636 _____ C:\Windows\system32\Drivers\fvstore.dat
2017-05-19 16:45 - 2017-05-19 16:45 - 00000000 ___HD C:\VTRoot
2017-05-19 15:32 - 2017-05-19 15:32 - 00000020 _____ C:\Windows\Ðöœ
2017-05-19 14:44 - 2017-05-19 14:44 - 00021208 _____ C:\Users\koehler\Documents\CisReport_x64_v8.3.0.5285_20170519-144434.zip
2017-05-19 14:11 - 2017-05-19 14:11 - 00037368 _____ C:\Users\koehler\Documents\install_1.txt
2017-05-19 14:10 - 2017-05-19 14:10 - 00037368 _____ C:\Users\koehler\Documents\install.txt
2017-05-19 13:27 - 2017-05-19 13:27 - 00236932 _____ C:\Users\koehler\Documents\cc_20170519_132703.reg
2017-05-19 13:07 - 2017-05-19 16:56 - 00455508 _____ C:\Windows\ntbtlog.txt
2017-05-18 17:57 - 2017-05-23 09:26 - 00000000 ____D C:\Users\koehler\AppData\Local\CrashDumps
2017-05-18 12:36 - 2017-05-18 12:36 - 00000000 ____D C:\Users\Public\Documents\sun
2017-05-18 12:30 - 2017-05-18 12:30 - 00001468 _____ C:\Users\Public\Desktop\LibreOffice 5.2.lnk
2017-05-18 12:30 - 2017-05-18 12:30 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2
2017-05-18 12:14 - 2017-05-18 12:17 - 223805440 _____ C:\Users\koehler\Downloads\LibreOffice_5.2.6_Win_x86.msi
2017-05-17 20:47 - 2017-05-17 20:47 - 00001786 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-05-17 20:44 - 2017-05-17 20:47 - 00000000 ____D C:\Program Files\Wireshark
2017-05-17 18:55 - 2017-05-17 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-17 17:49 - 2017-05-17 17:49 - 02598355 _____ C:\Users\koehler\Downloads\howto_avira_rescue_system_en.pdf
2017-05-17 17:49 - 2017-05-17 17:49 - 02598355 _____ C:\Users\koehler\Downloads\howto_avira_rescue_system_en (2).pdf
2017-05-17 17:49 - 2017-05-17 17:49 - 02598355 _____ C:\Users\koehler\Downloads\howto_avira_rescue_system_en (1).pdf
2017-05-17 17:26 - 2017-05-17 17:36 - 703033344 _____ C:\Users\koehler\Downloads\rescue-system.iso
2017-05-17 13:41 - 2017-05-17 13:41 - 00000000 ____D C:\Windows\SysWOW64\C
2017-05-17 12:17 - 2017-04-28 00:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-05-17 12:17 - 2017-04-17 17:37 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-05-17 12:17 - 2017-04-17 17:37 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-05-17 12:17 - 2017-04-17 17:37 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-05-17 12:17 - 2017-04-17 17:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-05-17 12:17 - 2017-04-17 17:23 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-05-17 12:17 - 2017-04-17 17:22 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-05-17 12:17 - 2017-04-17 17:21 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-05-17 12:17 - 2017-04-17 17:21 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-05-17 12:17 - 2017-04-17 17:21 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-05-17 12:17 - 2017-04-17 17:21 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-05-17 12:17 - 2017-04-17 17:21 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-05-17 12:17 - 2017-04-17 17:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-05-17 12:17 - 2017-04-17 17:01 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-05-17 12:17 - 2017-04-17 17:01 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-05-17 12:17 - 2017-04-17 17:01 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-05-17 12:17 - 2017-04-17 17:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-05-17 12:17 - 2017-04-12 15:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-05-16 07:34 - 2017-05-16 07:34 - 12444504 _____ (COMODO) C:\Users\koehler\Downloads\ComodoClientViewer.exe
2017-05-16 07:23 - 2017-05-16 07:23 - 00021845 _____ C:\Users\koehler\Documents\CisReport_x64_v8.3.0.5285_20170516-072317.zip
2017-05-15 13:16 - 2017-06-02 12:21 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2017-05-15 13:09 - 2017-06-02 12:24 - 00000593 _____ C:\Users\Public\Desktop\Shared Space.lnk
2017-05-15 13:09 - 2017-05-15 13:10 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2017-05-15 13:07 - 2017-05-15 13:09 - 00000000 ___SD C:\ProgramData\Shared Space
2017-05-15 13:07 - 2017-05-15 13:07 - 00000000 ____D C:\Program Files\COMODO
2017-05-15 13:01 - 2017-05-29 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-05-15 12:56 - 2017-05-15 12:56 - 00003576 _____ C:\Windows\System32\Tasks\Update certificates for COMODO Client - Communication Updater
2017-05-15 12:56 - 2017-05-15 12:56 - 00003404 _____ C:\Windows\System32\Tasks\Check for COMODO Client - Communication updates
2017-05-15 12:52 - 2017-05-15 12:52 - 36941824 _____ C:\Users\koehler\Downloads\itsm_vgIy4dhq_installer.msi
2017-05-15 12:27 - 2017-05-24 12:54 - 00000000 ____D C:\ProgramData\COMODO
2017-05-14 18:52 - 2017-05-14 18:52 - 09138496 _____ (COMODO) C:\Users\koehler\Downloads\ccav_installer.exe
2017-05-14 01:11 - 2017-05-14 01:11 - 00001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-05-14 01:11 - 2017-05-14 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-05-14 01:09 - 2017-04-28 17:37 - 00961768 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2017-05-14 01:09 - 2017-04-28 17:37 - 00149304 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2017-05-14 01:02 - 2017-05-14 01:03 - 00274878 _____ C:\Users\koehler\Documents\Client Risk Report - 20170514_010253.pdf
2017-05-14 01:02 - 2017-05-14 01:02 - 00072447 _____ C:\Users\koehler\Documents\Network Management Plan - 20170514_010234.pdf
2017-05-14 00:14 - 2017-05-14 00:14 - 00000967 _____ C:\Users\koehler\Desktop\Nmap - Zenmap GUI.lnk
2017-05-14 00:14 - 2017-05-14 00:14 - 00000000 ____D C:\Users\koehler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2017-05-14 00:11 - 2017-05-14 00:12 - 00000000 ____D C:\Program Files\Npcap
2017-05-14 00:11 - 2017-05-14 00:11 - 00000000 ____D C:\Windows\SysWOW64\Npcap
2017-05-14 00:11 - 2017-05-14 00:11 - 00000000 ____D C:\Windows\system32\Npcap
2017-05-14 00:10 - 2017-05-14 00:13 - 00000000 ____D C:\Program Files (x86)\Nmap
2017-05-14 00:09 - 2017-05-14 00:09 - 27078904 _____ (Insecure.org) C:\nmap-7.40-setup.exe
2017-05-14 00:07 - 2017-05-14 00:07 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2017-05-14 00:07 - 2017-05-14 00:07 - 00001081 _____ C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.3.lnk
2017-05-14 00:07 - 2017-05-14 00:07 - 00000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2017-05-14 00:06 - 2017-05-14 00:06 - 01818624 _____ C:\MBSASetup-x64-EN.msi
2017-05-14 00:02 - 2017-05-14 00:02 - 06732600 _____ C:\Users\koehler\Downloads\Comodo_Network_Assessment_Tool.exe
2017-05-13 22:24 - 2017-05-13 22:26 - 123669848 _____ (Oracle Corporation) C:\VirtualBox-5.1.22-115126-Win.exe
2017-05-13 12:40 - 2017-05-15 13:01 - 00000000 ____D C:\Program Files (x86)\COMODO
2017-05-13 12:37 - 2017-05-13 12:38 - 36941824 _____ C:\Users\koehler\Downloads\itsm_PdxmFH0w_installer.msi
2017-05-13 12:35 - 2017-05-13 12:36 - 36941824 _____ C:\Users\koehler\Downloads\itsm_PaHaaSp4_installer.msi
2017-05-13 12:34 - 2017-05-13 12:34 - 36941824 _____ C:\Users\koehler\Downloads\itsm_T3u3zmS5_installer.msi
2017-05-13 12:33 - 2017-05-13 12:34 - 36941824 _____ C:\Users\koehler\Downloads\itsm_JUiLEsc8_installer.msi
2017-05-13 12:33 - 2017-05-13 12:33 - 36941824 _____ C:\Users\koehler\Downloads\itsm_LMlaEIlC_installer.msi
2017-05-13 12:32 - 2017-05-13 12:33 - 36941824 _____ C:\Users\koehler\Downloads\itsm_pJDbb2jj_installer.msi
2017-05-13 11:55 - 2017-05-14 00:03 - 00000000 ____D C:\COMODO
2017-05-13 11:46 - 2017-05-13 11:46 - 00000000 ____D C:\Users\koehler\Documents\Comodo
2017-05-13 11:31 - 2017-04-28 03:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-13 11:31 - 2017-04-26 16:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-13 11:31 - 2017-04-17 17:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-13 11:31 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-13 11:31 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-13 11:31 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-13 11:31 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-13 11:31 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-13 11:31 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-13 11:31 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-13 11:31 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-13 11:31 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-13 11:31 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-13 11:30 - 2017-04-28 03:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-13 11:30 - 2017-04-28 03:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-13 11:30 - 2017-04-28 03:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-13 11:30 - 2017-04-28 03:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-13 11:30 - 2017-04-28 03:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-13 11:30 - 2017-04-28 03:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-13 11:30 - 2017-04-28 02:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-13 11:30 - 2017-04-28 02:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-13 11:30 - 2017-04-28 02:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-13 11:30 - 2017-04-28 02:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-13 11:30 - 2017-04-20 02:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-13 11:30 - 2017-04-20 01:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-13 11:30 - 2017-04-17 17:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-13 11:30 - 2017-04-17 17:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-13 11:30 - 2017-04-17 17:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-13 11:30 - 2017-04-17 17:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-13 11:30 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-13 11:30 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-13 11:30 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-13 11:30 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-13 11:30 - 2017-04-16 10:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-13 11:30 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-13 11:30 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-13 11:30 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-13 11:30 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-13 11:30 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-13 11:30 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-13 11:30 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-13 11:30 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-13 11:30 - 2017-04-16 09:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-13 11:30 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-13 11:30 - 2017-04-12 17:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-13 11:30 - 2017-04-12 17:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-13 11:30 - 2017-04-07 17:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-13 11:30 - 2017-04-07 17:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-13 11:30 - 2017-04-07 17:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-13 11:30 - 2017-04-05 16:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-13 11:30 - 2017-04-05 16:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-13 11:30 - 2017-04-04 17:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-13 11:30 - 2017-04-04 17:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-13 11:30 - 2017-04-04 17:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-13 11:30 - 2017-04-04 16:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-13 11:30 - 2017-04-04 16:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-13 11:29 - 2017-04-28 03:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-13 11:29 - 2017-04-28 03:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-13 11:29 - 2017-04-28 03:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-13 11:29 - 2017-04-28 02:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-13 11:29 - 2017-04-28 02:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-13 11:29 - 2017-04-28 02:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-13 11:29 - 2017-04-28 02:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-13 11:29 - 2017-04-28 02:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-13 11:29 - 2017-04-28 02:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-13 11:29 - 2017-04-28 02:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-13 11:29 - 2017-04-21 17:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-13 11:29 - 2017-04-17 17:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-13 11:29 - 2017-04-17 17:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-13 11:29 - 2017-04-17 17:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-13 11:29 - 2017-04-17 16:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-13 11:29 - 2017-04-16 10:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-13 11:29 - 2017-04-16 10:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-13 11:29 - 2017-04-16 10:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-13 11:29 - 2017-04-16 10:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-13 11:29 - 2017-04-16 10:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-13 11:29 - 2017-04-16 10:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-13 11:29 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-13 11:29 - 2017-04-16 10:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-13 11:29 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-13 11:29 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-13 11:29 - 2017-04-16 09:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-13 11:29 - 2017-04-16 09:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-13 11:29 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-13 11:29 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-13 11:29 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-13 11:29 - 2017-04-16 09:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-13 11:29 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-13 11:29 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-13 11:29 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-13 11:29 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-13 11:29 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-13 11:29 - 2017-04-12 17:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-13 11:29 - 2017-04-12 17:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-13 11:29 - 2017-04-12 17:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-13 11:29 - 2017-04-07 17:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-13 11:29 - 2017-04-05 16:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-13 11:28 - 2017-04-28 03:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-13 11:28 - 2017-04-28 03:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-13 11:28 - 2017-04-28 03:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-13 11:28 - 2017-04-28 03:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-13 11:28 - 2017-04-28 03:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-13 11:28 - 2017-04-28 03:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-13 11:28 - 2017-04-28 03:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-13 11:28 - 2017-04-28 03:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-13 11:28 - 2017-04-28 03:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-13 11:28 - 2017-04-28 02:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-13 11:28 - 2017-04-28 02:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-13 11:28 - 2017-04-28 02:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-13 11:28 - 2017-04-28 02:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-13 11:28 - 2017-04-28 02:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-13 11:28 - 2017-04-28 02:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-13 11:28 - 2017-04-28 02:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-13 11:28 - 2017-04-28 02:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-13 11:28 - 2017-04-28 02:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-13 11:28 - 2017-04-28 02:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-13 11:28 - 2017-04-21 17:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-13 11:28 - 2017-04-16 10:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-13 11:28 - 2017-04-16 10:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-13 11:28 - 2017-04-16 10:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-13 11:28 - 2017-04-16 10:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-13 11:28 - 2017-04-16 10:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-13 11:28 - 2017-04-16 10:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-13 11:28 - 2017-04-16 10:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-13 11:28 - 2017-04-16 09:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-13 11:28 - 2017-04-16 09:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-13 11:28 - 2017-04-16 09:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-13 11:28 - 2017-04-16 09:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-13 11:28 - 2017-04-16 09:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-13 11:28 - 2017-04-16 09:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-13 11:28 - 2017-04-16 09:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-13 11:28 - 2017-04-12 17:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-13 11:27 - 2017-04-28 03:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-13 11:27 - 2017-04-28 03:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-13 11:27 - 2017-04-28 03:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-13 11:27 - 2017-04-28 03:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-13 11:27 - 2017-04-28 03:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-13 11:27 - 2017-04-28 02:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-13 11:27 - 2017-04-28 02:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-13 11:27 - 2017-04-28 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-13 11:27 - 2017-04-28 02:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-13 11:27 - 2017-04-28 02:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-13 11:27 - 2017-04-28 02:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-13 11:27 - 2017-04-28 02:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-13 11:27 - 2017-04-28 02:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-13 11:27 - 2017-04-28 02:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-13 11:27 - 2017-04-28 02:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-13 11:27 - 2017-04-28 02:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-13 11:27 - 2017-04-28 02:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-13 11:27 - 2017-04-16 11:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-13 11:27 - 2017-04-16 11:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-13 11:27 - 2017-04-16 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-13 11:27 - 2017-04-16 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-13 11:27 - 2017-04-16 09:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-13 11:27 - 2017-04-16 09:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-13 11:27 - 2017-04-12 17:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-13 11:27 - 2017-04-12 17:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-13 11:27 - 2017-04-07 17:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-13 11:20 - 2017-03-10 18:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-13 11:20 - 2017-03-10 18:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-13 11:20 - 2017-03-10 18:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-13 11:20 - 2017-03-10 18:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-13 11:20 - 2017-03-10 17:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-13 11:20 - 2017-03-10 17:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-13 11:20 - 2017-03-10 17:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-13 11:20 - 2017-03-09 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-13 11:20 - 2017-03-09 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-13 10:54 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-05-13 10:54 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-05-13 10:54 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-05-13 10:54 - 2015-12-16 20:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-05-13 10:54 - 2015-12-16 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-05-13 10:54 - 2015-12-16 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-05-13 10:53 - 2015-08-05 19:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-05-13 10:53 - 2015-08-05 19:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-05-06 15:23 - 2017-05-13 11:54 - 00016519 _____ C:\Users\koehler\Documents\nebel_v5_Bundesfinale.ods
2017-05-06 15:21 - 2017-05-06 15:43 - 00002475 _____ C:\Users\koehler\Documents\tuju_2017_Bundesfinale_v5.dlm
2017-05-06 13:42 - 2017-05-06 13:42 - 00002223 _____ C:\Users\koehler\Documents\tuju_2017_Bundesfinale_N_40_v4.dlm
2017-05-06 12:12 - 2017-05-06 15:21 - 00002475 _____ C:\Users\koehler\Documents\tuju_2017_Bundesfinale_v4.dlm
2017-05-06 11:43 - 2017-05-06 12:15 - 00015518 _____ C:\Users\koehler\Documents\nebel_v3_Bundesfinale.ods
2017-05-04 17:24 - 2017-05-04 17:24 - 00027761 _____ C:\configuration.zip
2017-05-03 12:51 - 2017-05-03 12:52 - 00000000 ____D C:\ember
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-02 10:07 - 2016-11-18 18:01 - 00000000 ____D C:\Users\koehler\AppData\LocalLow\Mozilla
2017-06-02 03:13 - 2009-07-14 06:45 - 00028576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-02 03:13 - 2009-07-14 06:45 - 00028576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-01 13:01 - 2016-02-28 13:17 - 00000091 _____ C:\HaxLogs.txt
2017-06-01 13:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-01 10:56 - 2017-05-02 14:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-01 09:59 - 2016-11-09 10:39 - 00000000 ____D C:\Program Files\FRITZ!Fernzugang
2017-06-01 08:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-31 12:15 - 2012-05-26 22:14 - 00000000 ____D C:\Users\koehler\AppData\Roaming\SoftGrid Client
2017-05-30 16:49 - 2012-01-20 03:12 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-05-30 16:42 - 2012-05-26 21:44 - 00000000 ____D C:\Users\koehler
2017-05-30 09:36 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-05-30 07:06 - 2012-01-20 02:58 - 01050192 _____ C:\Windows\system32\perfh007.dat
2017-05-30 07:06 - 2012-01-20 02:58 - 00421274 _____ C:\Windows\system32\perfc007.dat
2017-05-29 23:10 - 2009-07-14 07:13 - 01778860 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-29 23:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-05-29 22:00 - 2012-01-20 03:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-29 21:57 - 2012-01-20 03:19 - 00000000 ____D C:\Program Files (x86)\Sony
2017-05-29 21:57 - 2012-01-20 03:05 - 00000000 ____D C:\ProgramData\Sony Corporation
2017-05-29 21:50 - 2012-01-20 03:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main
2017-05-29 21:50 - 2012-01-20 03:00 - 00000000 ____D C:\Program Files\Sony
2017-05-29 21:45 - 2016-09-09 08:01 - 00000000 ____D C:\ProgramData\MAGIX
2017-05-29 21:43 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-05-29 21:42 - 2012-06-20 13:35 - 00000000 ____D C:\Users\koehler\AppData\Roaming\Juniper Networks
2017-05-29 21:40 - 2013-04-24 10:44 - 00000000 ____D C:\Program Files (x86)\Juniper Networks
2017-05-29 21:38 - 2013-09-25 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-29 21:34 - 2016-02-28 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-05-29 21:27 - 2012-05-28 08:38 - 00000000 ____D C:\ProgramData\Avira
2017-05-29 21:23 - 2012-01-20 03:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-05-29 18:33 - 2014-02-07 16:12 - 00157472 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2017-05-29 18:33 - 2014-02-07 16:11 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2017-05-29 18:33 - 2014-02-07 16:11 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2017-05-29 18:19 - 2013-03-02 12:05 - 00007603 _____ C:\Users\koehler\AppData\Local\Resmon.ResmonCfg
2017-05-29 12:10 - 2009-07-14 04:34 - 00000994 _____ C:\Windows\system32\Drivers\etc\hosts.ccebak
2017-05-25 20:53 - 2017-04-13 13:26 - 00051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2017-05-25 20:53 - 2017-04-13 13:25 - 00825792 _____ (COMODO) C:\Windows\system32\guard64.dll
2017-05-25 20:53 - 2017-04-13 13:25 - 00652320 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2017-05-25 20:51 - 2017-04-13 13:23 - 00397504 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2017-05-25 20:50 - 2017-04-13 13:23 - 00051904 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2017-05-25 20:48 - 2017-04-13 13:21 - 00317120 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2017-05-25 20:47 - 2017-04-13 13:20 - 00046784 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2017-05-23 13:08 - 2013-07-24 03:09 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 13:02 - 2012-10-17 08:18 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-23 12:54 - 2012-11-18 10:38 - 00000000 ____D C:\Users\koehler\.VirtualBox
2017-05-22 17:38 - 2012-11-18 11:21 - 00000000 ____D C:\Users\koehler\VirtualBox VMs
2017-05-20 18:36 - 2012-05-29 16:40 - 00000000 ____D C:\Users\koehler\AppData\Roaming\TeamViewer
2017-05-20 18:34 - 2014-01-13 13:07 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-20 18:34 - 2014-01-13 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-19 16:55 - 2009-07-14 06:45 - 00365056 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-19 16:51 - 2012-05-26 21:48 - 00000000 ____D C:\Users\koehler\AppData\Local\Adobe
2017-05-19 16:38 - 2012-05-26 21:45 - 00000000 ____D C:\Users\koehler\AppData\Roaming\Sony Corporation
2017-05-19 15:49 - 2012-01-20 04:07 - 00000000 ____D C:\Program Files (x86)\Downloaded Installations
2017-05-19 15:43 - 2012-01-20 04:17 - 00000000 ____D C:\Program Files (x86)\Windows Live
2017-05-19 15:37 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-05-19 15:32 - 2012-01-20 04:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-05-19 15:13 - 2012-05-26 21:45 - 00085328 _____ C:\Users\koehler\AppData\Local\GDIPFONTCACHEV1.DAT
2017-05-19 15:05 - 2012-01-20 03:53 - 00000000 ____D C:\ProgramData\Adobe
2017-05-19 14:45 - 2014-06-25 22:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-19 13:33 - 2014-10-07 11:17 - 00000000 ____D C:\Windows\Minidump
2017-05-18 16:25 - 2014-01-13 13:07 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-05-18 16:24 - 2013-06-30 06:38 - 00003182 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate 2
2017-05-18 12:29 - 2016-11-02 12:50 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2017-05-18 08:12 - 2016-11-02 13:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-05-18 08:12 - 2012-05-26 21:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-17 20:46 - 2014-10-07 11:58 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-17 18:55 - 2015-03-17 10:29 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-17 18:55 - 2012-01-20 04:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-17 18:55 - 2012-01-20 04:10 - 00000000 ____D C:\ProgramData\Skype
2017-05-17 14:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-05-17 12:23 - 2011-02-11 01:03 - 01753140 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-16 16:13 - 2017-01-18 11:36 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-16 16:13 - 2017-01-18 11:36 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-15 13:19 - 2017-01-18 11:35 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-13 13:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-13 10:05 - 2017-01-18 13:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-05-06 12:18 - 2012-05-26 22:19 - 00000000 ____D C:\Users\koehler\AppData\Roaming\Skype
2017-05-03 13:21 - 2015-11-10 20:45 - 00000000 ____D C:\Users\koehler\Documents\Visual Studio 2015
2017-05-03 13:00 - 2015-11-10 18:38 - 00000000 ____D C:\ProgramData\VsTelemetry
2017-05-03 08:57 - 2016-09-04 12:32 - 00000000 ___RD C:\Users\koehler\Dropbox
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-01-26 11:12 - 2016-01-26 11:13 - 0000600 _____ () C:\Users\koehler\AppData\Local\PUTTY.RND
2013-03-02 12:05 - 2017-05-29 18:19 - 0007603 _____ () C:\Users\koehler\AppData\Local\Resmon.ResmonCfg
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\koehler\dzk.bat
C:\Users\koehler\hddzk.bat
C:\Users\koehler\jtag.bat
C:\Users\koehler\lock.dat
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-06-02 02:57
==================== Ende von FRST.txt ============================
|
| Themen zu Windows 7: Hijacked Hostfile [Part 1] |
| administrator, avast, avira, booten, defender, euro, explorer, file, ftp, google, home, host file windows update, installation, mozilla, problem, prozesse, realtek, registry, router, rundll, scan, services.exe, svchost.exe, system, windows, winlogon.exe, wrapper |
![Windows 7: Hijacked Hostfile [Part 1]](iconimages/log-analyse-auswertung/windows-7-hijacked-hostfile-part-1-a_ltr.gif)
Baum-Darstellung