| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Habe eine SEHR verdächtige .scr Datei ausgeführt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.06.2015, 15:16
| #1 |
| |  Habe eine SEHR verdächtige .scr Datei ausgeführt. Hallo erstmal, wie im Titel erwähnt habe ich eine .scr Datei ausgeführt, die als Video getarnt war. Die Datei war Teil eines .rar Archivs mit einigen Bildern und diesem Video. Mein Betriebssystem ist Win7 Pro 64. Zu der Datei: Beim Doppelklicken passierte erstmal nichts, deshalb habe ich einen anderen Player versucht, der die Datei nicht wiedergeben konnte. Daraufhin untersuchte ich die Datei und mir fiel der merkwürdige Dateiname auf. (Daraufhin schloss ich dann erstmal alle Programme, löschte die Datei und schloss alle Prozesse, die ich nicht kannte. Windows hatte zu diesem Zeitpunkt auch nicht gefragt, ob es die Datei wirklich ausführen soll.) Die Zeichen im Dateinamen werden in der falschen Reihenfolge angezeigt. Wenn man im Dateinamen mit den Cursortasten navigiert, springt der Cursor zum Ende und geht dann rückwärts. Mein Bild zeigt den Dateinamen und die tatsächliche Reihenfolge der Zeichen. Sie sieht also auch mit angezeigter Dateierweiterung wie eine mp4 aus. Der "reale" Dateiname ist also 117206 4pm.scr  Ich habe die Datei bei Virus Total hochgeladen, hier das Ergebnis: https://www.virustotal.com/de/file/ca9688c3cfc2e3926ccdeb158c7cccf9b45e95eb13613e7e3e864191737df410/analysis/1433939479/ Anzumerken an dieser Stelle vielleicht, dass die Datei gestern (also 9.6) um die gleiche Zeit bei Virus Total erst 5/57 Erkennungen hatte, jetzt sind es schon 11. Ich besitze die Datei noch (in Archivform), falls das hilfreich ist. Ich kann sie hier aber nicht verlinken, da sie nicht jugendfrei ist - zusätzlich zu der vermuteten Trojanergeschichte. Zu den Logs: Ich benutze AVG, der hat nichts gefunden und das ist alles, was der als Logdatei ausgibt: Code:
ATTFilter Gesamten Computer scannen
Bei diesem Scan wurde keine Infizierung gefunden
Gescannt: Gesamten Computer scannen
Gestartet: 10.06.2015, 02:34:01
Beendet: 10.06.2015, 02:51:47
Anzahl der Elemente: 348750
Gestartet von: Keytsch
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:19 on 10/06/2015 (Keytsch)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Keytsch (administrator) on KEYTSCHENS on 10-06-2015 14:22:50
Running from C:\Users\Keytsch\Desktop
Loaded Profiles: Keytsch (Available Profiles: Keytsch)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
() C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1684214826-1027775411-3983282945-1000\...\CurrentVersion\Windows: [Load] C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe <===== ATTENTION
HKU\S-1-5-21-1684214826-1027775411-3983282945-1000\...\MountPoints2: {5118b043-79a5-11e3-aa14-806e6f6e6963} - D:\AutoStarter.exe
HKU\S-1-5-21-1684214826-1027775411-3983282945-1000\...\MountPoints2: {a201c907-7dea-11e3-8c10-bc5ff4e9fe7a} - E:\Autorun.exe
HKU\S-1-5-21-1684214826-1027775411-3983282945-1000\...\MountPoints2: {a5980f37-79da-11e3-a657-806e6f6e6963} - F:\ASRSetup.exe
HKU\S-1-5-21-1684214826-1027775411-3983282945-1000\...\MountPoints2: {b3f154fe-79f6-11e3-b3c8-bc5ff4e9fe7a} - D:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-17] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1684214826-1027775411-3983282945-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-04-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-04-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-04-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-04-21] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default
FF DefaultSearchEngine: Ixquick Custom Search
FF SelectedSearchEngine: IMDb
FF Homepage: hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-19] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1684214826-1027775411-3983282945-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-04-24] ()
FF SearchPlugin: C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\searchplugins\anidb.xml [2014-01-17]
FF SearchPlugin: C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\searchplugins\bakabt.xml [2014-03-29]
FF SearchPlugin: C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\searchplugins\imdb.xml [2014-01-13]
FF SearchPlugin: C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\searchplugins\ixquick-custom-search.xml [2014-09-02]
FF SearchPlugin: C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\searchplugins\rotten-tomatoes.xml [2014-04-05]
FF SearchPlugin: C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\searchplugins\steam-search.xml [2014-01-13]
FF SearchPlugin: C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\searchplugins\youtube-videosuche.xml [2014-06-15]
FF Extension: Ghostery - C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\Extensions\firefox@ghostery.com.xpi [2014-01-10]
FF Extension: MEGA - C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\Extensions\firefox@mega.co.nz.xpi [2015-06-10]
FF Extension: Save Images - C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\Extensions\LDSI_plashcor@gmail.com.xpi [2014-01-10]
FF Extension: NoScript - C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-10]
FF Extension: Video DownloadHelper - C:\Users\Keytsch\AppData\Roaming\Mozilla\Firefox\Profiles\nj4ehbnm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-10]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-06-06] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-05-04] (AVG Technologies CZ, s.r.o.)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [202840 2011-08-20] (Creative Technology Ltd.)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1417816 2011-08-20] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [94808 2011-08-20] (Creative Technology Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-06-06] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-01-15] (Duplex Secure Ltd.)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
R3 TRIXX; \??\C:\Users\Keytsch\AppData\Local\Temp\TRIXX.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-10 14:22 - 2015-06-10 14:22 - 00011093 _____ C:\Users\Keytsch\Desktop\FRST.txt
2015-06-10 14:22 - 2015-06-10 14:22 - 00000000 ____D C:\FRST
2015-06-10 14:19 - 2015-06-10 14:19 - 00000586 _____ C:\Users\Keytsch\Desktop\defogger_disable.log
2015-06-10 14:19 - 2015-06-10 14:19 - 00000020 _____ C:\Users\Keytsch\defogger_reenable
2015-06-10 14:14 - 2015-06-10 14:14 - 00380416 _____ C:\Users\Keytsch\Desktop\Gmer-19357.exe
2015-06-10 14:13 - 2015-06-10 14:13 - 02108928 _____ (Farbar) C:\Users\Keytsch\Desktop\FRST64.exe
2015-06-10 14:10 - 2015-06-10 14:10 - 00050477 _____ C:\Users\Keytsch\Desktop\Defogger.exe
2015-06-10 14:01 - 2015-06-10 14:01 - 00000512 _____ C:\Users\Keytsch\Desktop\AVGscanlog.csv
2015-06-10 12:31 - 2015-06-10 12:31 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Keytsch\Downloads\flashplayer18au_ha_install.exe
2015-06-10 03:23 - 2015-06-10 03:23 - 00000000 ____D C:\Users\Keytsch\Downloads\Abby
2015-06-10 03:17 - 2015-06-10 12:38 - 00000000 ____D C:\Users\Keytsch\Downloads\Mega
2015-06-09 17:19 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-09 17:19 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-09 17:17 - 2015-04-21 20:16 - 12304384 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 17:17 - 2015-04-21 20:16 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 17:17 - 2015-04-21 20:16 - 02470912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 17:17 - 2015-04-21 19:57 - 06032896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 17:17 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-09 17:17 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-09 17:17 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-09 17:17 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-09 17:17 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-09 17:17 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-09 17:17 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-09 17:17 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-09 17:17 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-09 17:17 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-09 17:17 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-09 17:17 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-09 17:17 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-09 17:17 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-09 17:17 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-09 17:17 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-09 17:17 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-09 17:17 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-09 17:17 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-09 17:17 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-09 17:17 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-09 17:17 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-09 17:17 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-09 17:17 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-09 17:17 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-09 17:17 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-09 17:17 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-09 17:17 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-09 17:17 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-09 17:17 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-09 17:17 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-09 17:17 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-09 17:17 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-09 17:17 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-09 17:17 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-09 17:17 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-09 17:17 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-09 17:17 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-09 17:17 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-09 17:17 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-09 17:17 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-09 17:17 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 17:17 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-09 17:17 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-06-09 17:17 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-09 17:17 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-06-09 17:17 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 17:17 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 17:17 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 17:17 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-09 17:17 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-09 17:17 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-09 17:17 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-09 17:17 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-09 17:17 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-09 17:17 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-09 17:17 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-09 17:17 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-09 17:17 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-09 17:17 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-09 17:17 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-09 17:17 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-09 17:17 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-09 17:17 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-09 17:17 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-06-09 17:17 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-06-09 17:17 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-06-09 17:17 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-09 17:17 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-09 17:17 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-09 17:17 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-09 17:17 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-09 17:16 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-09 17:16 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-09 17:16 - 2015-04-21 20:17 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 17:16 - 2015-04-21 20:16 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-09 17:16 - 2015-04-21 20:16 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-06-09 17:16 - 2015-04-21 20:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-09 17:16 - 2015-04-21 20:15 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 17:16 - 2015-04-21 19:58 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 11030016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 02088448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-06-09 17:16 - 2015-04-21 19:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2015-06-09 17:16 - 2015-04-21 19:56 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 17:16 - 2015-04-21 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-09 17:16 - 2015-04-21 19:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-09 17:16 - 2015-04-21 19:56 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-09 17:16 - 2015-04-21 19:44 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 17:16 - 2015-04-21 19:29 - 00386560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 17:16 - 2015-04-21 19:22 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 17:16 - 2015-04-21 19:11 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-09 17:16 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-09 17:16 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-09 17:16 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-09 17:16 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 17:16 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-09 17:16 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-09 17:16 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-09 17:16 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-09 17:16 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-09 17:16 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-06-09 17:16 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-09 17:16 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-09 17:16 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-09 17:16 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-09 17:16 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-09 17:16 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-09 17:16 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-09 17:16 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-09 17:16 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-09 17:16 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-09 17:16 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-09 17:16 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-09 17:16 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-09 17:16 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-09 17:16 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-09 17:16 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-09 17:16 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-09 17:16 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-09 17:16 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-09 17:16 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-09 17:16 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-09 17:16 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-09 17:16 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-09 17:16 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-09 17:16 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-09 17:16 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-09 17:16 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-09 17:16 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-09 17:16 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-09 17:16 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-09 17:16 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-09 17:16 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-06-09 17:16 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-06-09 17:16 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-09 17:16 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-06-09 17:16 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-09 17:16 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-09 17:16 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-06-09 17:16 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-09 17:16 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-09 17:16 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-09 17:16 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-09 17:16 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-09 17:16 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-06-09 17:16 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-06-09 17:16 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-06-09 17:16 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-06-09 17:16 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-09 17:16 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-06-09 17:16 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-06-09 17:16 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-09 17:16 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-06-09 17:16 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-09 17:16 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-09 17:16 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-09 17:16 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-06-09 17:16 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-06-09 17:16 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-09 17:16 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-09 17:16 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-09 17:16 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-09 17:16 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-06-09 17:16 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-09 17:16 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-09 17:16 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-09 17:16 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-09 17:16 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-06-09 17:16 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-09 17:16 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-06-09 17:16 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-06-09 17:14 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-09 17:14 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-06-09 16:04 - 2015-06-09 16:05 - 18040262 _____ C:\Users\Keytsch\Downloads\Abby.rar
2015-06-09 15:55 - 2015-06-09 15:55 - 00154283 ____H C:\Users\Keytsch\AppData\Roaming\Keytsch-wchelper.dll
2015-06-09 15:55 - 2015-06-09 15:55 - 00000000 ____D C:\Windows\SysWOW64\WinDir
2015-06-08 23:23 - 2015-06-08 23:23 - 00000000 ____D C:\Users\Keytsch\AppData\Roaming\XRay Engine
2015-06-06 00:58 - 2015-06-06 00:58 - 00000000 ____D C:\Users\Keytsch\Downloads\stkcs-for-pack-efigspcjh-patch-any-10
2015-06-06 00:55 - 2015-06-06 00:58 - 73567896 _____ C:\Users\Keytsch\Downloads\stkcs-for-pack-efigspcjh-patch-any-10.zip
2015-06-06 00:24 - 2015-06-06 00:25 - 57167432 _____ (Deep Silver ) C:\Users\Keytsch\Downloads\stkcs-for-pack-efigs-patch-any-3.exe
2015-06-06 00:19 - 2015-06-06 00:58 - 00314016 _____ C:\Windows\system32\Drivers\atksgt.sys
2015-06-06 00:19 - 2015-06-06 00:58 - 00043680 _____ C:\Windows\system32\Drivers\lirsgt.sys
2015-06-06 00:16 - 2015-06-06 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
2015-06-06 00:15 - 2015-06-06 01:05 - 00000000 ____D C:\Users\Public\Documents\STALKER-STCS
2015-06-03 12:17 - 2015-06-03 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 12:01 - 2015-06-02 12:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-06-02 12:01 - 2015-06-02 12:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-06-02 12:00 - 2015-06-02 12:00 - 00000000 ____D C:\Users\Keytsch\AppData\Local\Avg
2015-06-01 11:44 - 2015-06-01 11:44 - 35521632 _____ (THQ ) C:\Users\Keytsch\Downloads\stk-ww-10005.exe
2015-06-01 11:44 - 2015-06-01 11:44 - 08057608 _____ (THQ ) C:\Users\Keytsch\Downloads\stk-sck-efigspc-patch-5-6.exe
2015-06-01 11:06 - 2015-06-01 11:06 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2015-06-01 10:59 - 2015-06-05 17:16 - 00000000 ____D C:\Users\Public\Documents\STALKER-SHOC
2015-05-20 23:43 - 2015-05-20 23:50 - 00000000 ____D C:\Users\Keytsch\Documents\Witcher 2
2015-05-20 23:43 - 2015-05-20 23:43 - 00000000 ____D C:\Users\Keytsch\AppData\Local\The Witcher 2
2015-05-20 00:21 - 2015-05-20 00:21 - 00007168 _____ C:\Users\Keytsch\Documents\wochenendelina.xls
2015-05-19 03:46 - 2015-05-20 04:34 - 00000000 ____D C:\Program Files (x86)\KMPlayer
2015-05-18 14:38 - 2015-05-18 14:38 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-05-18 14:38 - 2015-05-18 14:38 - 00000000 ____D C:\Program Files\Realtek
2015-05-18 14:38 - 2013-07-30 20:16 - 03564376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-05-18 14:38 - 2013-07-30 17:14 - 02585304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-05-18 14:38 - 2013-07-30 13:47 - 00620273 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-05-18 14:38 - 2013-07-29 18:41 - 00147672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-05-18 14:38 - 2013-07-29 13:48 - 30311936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-05-18 14:38 - 2013-07-27 03:56 - 06219096 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-05-18 14:38 - 2013-07-27 03:55 - 01908568 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-05-18 14:38 - 2013-07-27 03:55 - 00312152 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-05-18 14:38 - 2013-07-27 03:55 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-05-18 14:38 - 2013-07-26 14:26 - 05694504 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-05-18 14:38 - 2013-07-26 14:05 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-05-18 14:38 - 2013-07-24 10:07 - 27519232 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-05-18 14:38 - 2013-07-24 10:07 - 14042880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-05-18 14:38 - 2013-07-24 10:07 - 03604224 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2015-05-18 14:38 - 2013-07-24 10:07 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-05-18 14:38 - 2013-07-24 10:07 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-05-18 14:38 - 2013-07-24 10:07 - 01904384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-05-18 14:38 - 2013-07-24 10:07 - 01044736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-05-18 14:38 - 2013-07-24 10:07 - 00933120 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-05-18 14:38 - 2013-07-24 10:07 - 00920832 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-05-18 14:38 - 2013-07-24 10:07 - 00660224 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-05-18 14:38 - 2013-07-24 10:07 - 00650496 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-05-18 14:38 - 2013-07-24 01:45 - 00875776 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-05-18 14:38 - 2013-07-24 01:45 - 00845568 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-05-18 14:38 - 2013-07-24 01:45 - 00720128 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-05-18 14:38 - 2013-07-24 01:45 - 00244480 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-05-18 14:38 - 2013-07-22 15:37 - 01004248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-05-18 14:38 - 2013-07-18 14:48 - 02795224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-05-18 14:38 - 2013-07-17 16:17 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-05-18 14:38 - 2013-07-08 18:32 - 04810008 _____ (ASUSTeKcomputer.Inc) C:\Windows\system32\RTKSMlfx.dll
2015-05-18 14:38 - 2013-07-08 18:31 - 00758104 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2015-05-18 14:38 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-05-18 14:38 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-05-18 14:38 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-05-18 14:38 - 2013-06-21 11:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2015-05-18 14:38 - 2013-06-18 17:00 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-05-18 14:38 - 2013-06-05 21:42 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-05-18 14:38 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-05-18 14:38 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-05-18 14:38 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-05-18 14:38 - 2012-10-02 14:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-05-18 14:38 - 2012-10-02 14:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-05-18 14:38 - 2012-10-02 14:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-05-18 14:38 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-05-18 14:38 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-05-18 14:38 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-05-18 14:38 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-05-18 14:38 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-05-18 14:38 - 2012-07-15 21:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-05-18 14:38 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-05-18 14:38 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-05-18 14:38 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-05-18 14:38 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-05-18 14:38 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-05-18 14:38 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-05-18 14:38 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-05-18 14:38 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-05-18 14:38 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-05-18 14:38 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-05-18 14:38 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-05-18 14:38 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-05-18 14:38 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-05-18 14:38 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-05-18 14:38 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-05-18 14:38 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-05-18 14:38 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-05-18 14:38 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-05-18 14:38 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-05-18 14:38 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-05-18 14:38 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-05-18 14:38 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-05-18 14:38 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-05-18 14:38 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-05-18 14:38 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-05-18 14:38 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-05-18 13:31 - 2015-05-18 13:31 - 00000000 ____D C:\Users\Keytsch\AppData\Local\DriverToolkit
2015-05-18 12:42 - 2008-04-28 11:36 - 00108032 _____ (Creative Technology Ltd) C:\Windows\system32\cttele64.dll
2015-05-18 12:42 - 2008-04-28 11:36 - 00102400 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\cttele32.dll
2015-05-18 02:59 - 2015-05-18 12:45 - 00000000 ____D C:\ProgramData\Creative
2015-05-18 02:54 - 2015-05-18 02:54 - 00000029 _____ C:\Windows\sfbm.INI
2015-05-18 02:54 - 2015-05-18 02:54 - 00000000 ____D C:\ProgramData\Creative Labs
2015-05-18 02:46 - 2009-02-09 13:40 - 00006010 ____N C:\Windows\SysWOW64\CTOPT352.cat
2015-05-18 02:46 - 2009-02-09 13:39 - 00006130 ____N C:\Windows\system32\CTOPT352.cat
2015-05-18 02:46 - 2009-01-30 15:47 - 00188064 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT352.dll
2015-05-18 02:46 - 2009-01-30 15:47 - 00171680 ____N (Creative Technology Ltd) C:\Windows\SysWOW64\CTOPT352.dll
2015-05-18 02:46 - 2008-12-22 20:13 - 00061440 ____N (Creative Technology Ltd) C:\Windows\SysWOW64\CTChkAud.dll
2015-05-18 02:46 - 2008-12-22 20:13 - 00049664 ____N (Creative Technology Ltd) C:\Windows\system32\CTChkAud.dll
2015-05-18 02:46 - 2006-12-05 13:53 - 00042496 ____N (Creative Technology Ltd.) C:\Windows\system32\AddCat.exe
2015-05-18 02:46 - 2006-06-09 15:20 - 00003072 _____ () C:\Windows\SysWOW64\CTXFIGER.DLL
2015-05-18 02:46 - 2006-06-09 15:20 - 00003072 _____ () C:\Windows\system32\CTXFIGER.DLL
2015-05-18 02:43 - 2015-05-18 02:59 - 00000000 ____D C:\Windows\SysWOW64\Data
2015-05-18 02:43 - 2015-05-18 02:59 - 00000000 ____D C:\Windows\system32\Data
2015-05-18 02:43 - 2011-08-19 21:15 - 00003072 _____ () C:\Windows\system32\CTXFIRES.DLL
2015-05-18 02:43 - 2011-08-19 19:39 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2015-05-18 02:43 - 2007-10-08 14:44 - 00012288 _____ (Creative Technology Limited) C:\Windows\system32\INRES.DLL
2015-05-18 02:43 - 2007-10-08 14:44 - 00011776 _____ (Creative Technology Limited) C:\Windows\SysWOW64\INRES.DLL
2015-05-18 02:34 - 2015-05-18 02:34 - 00000000 ____D C:\Users\Keytsch\AppData\Roaming\AVG2015
2015-05-18 02:33 - 2015-06-02 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-18 02:33 - 2015-05-18 02:34 - 00000000 ____D C:\ProgramData\AVG2015
2015-05-18 02:33 - 2015-05-18 02:33 - 00000000 ___HD C:\$AVG
2015-05-18 02:33 - 2015-05-18 02:33 - 00000000 ____D C:\Users\Keytsch\AppData\Roaming\TuneUp Software
2015-05-18 02:33 - 2015-05-18 02:33 - 00000000 ____D C:\Program Files (x86)\AVG
2015-05-18 02:22 - 2015-06-10 13:40 - 00000000 ____D C:\ProgramData\MFAData
2015-05-18 02:22 - 2015-05-18 02:41 - 00000000 ____D C:\Users\Keytsch\AppData\Local\Avg2015
2015-05-18 02:22 - 2015-05-18 02:22 - 04818760 _____ (AVG Technologies) C:\Users\Keytsch\Downloads\avg_free_stb_all_5863p1_177.exe
2015-05-18 02:22 - 2015-05-18 02:22 - 00000000 ____D C:\Users\Keytsch\AppData\Local\MFAData
2015-05-18 02:19 - 2011-08-20 00:32 - 00016472 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\PFMODNT.SYS
2015-05-18 02:19 - 2011-08-20 00:31 - 01562712 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\HA20X2K.SYS
2015-05-18 02:19 - 2011-08-20 00:31 - 00688088 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\CTAUD2K.SYS
2015-05-18 02:19 - 2011-08-20 00:31 - 00213080 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\CTSFM2K.SYS
2015-05-18 02:19 - 2011-08-20 00:31 - 00178776 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CTOSS2K.SYS
2015-05-18 02:19 - 2011-08-20 00:31 - 00118360 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\EMUPIA2K.SYS
2015-05-18 02:19 - 2011-08-20 00:31 - 00015960 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\CTPRXY2K.SYS
2015-05-18 02:19 - 2011-08-20 00:30 - 01417816 _____ (Creative Technology Ltd.) C:\Windows\system32\CTEXFIFX.DLL
2015-05-18 02:19 - 2011-08-20 00:30 - 00580696 _____ (Creative Technology Ltd) C:\Windows\system32\Drivers\CTAC32K.SYS
2015-05-18 02:19 - 2011-08-20 00:30 - 00202840 _____ (Creative Technology Ltd.) C:\Windows\system32\CT20XUT.DLL
2015-05-18 02:19 - 2011-08-20 00:30 - 00094808 _____ (Creative Technology Ltd.) C:\Windows\system32\CTHWIUT.DLL
2015-05-18 02:19 - 2011-08-19 21:14 - 00047104 _____ (Creative Technology Ltd) C:\Windows\system32\CTXFIBTN.DLL
2015-05-18 02:19 - 2011-08-19 21:14 - 00043008 _____ (Creative Technology Ltd) C:\Windows\system32\CTXFISPK.DLL
2015-05-18 02:19 - 2011-08-19 21:14 - 00024576 _____ (Creative Technology Ltd) C:\Windows\system32\CTXFIHLP.EXE
2015-05-18 02:19 - 2011-08-19 21:09 - 01714176 _____ (Creative Technology Ltd) C:\Windows\system32\CTXFISPI.EXE
2015-05-18 02:19 - 2011-08-19 21:09 - 00048128 _____ (Creative Technology Ltd) C:\Windows\system32\CTXFIREG.EXE
2015-05-18 02:19 - 2011-08-19 21:09 - 00019456 _____ (Creative Technology Ltd) C:\Windows\system32\CT20XSPI.DLL
2015-05-18 02:19 - 2011-08-19 21:02 - 00117760 _____ (Creative Technology Ltd) C:\Windows\system32\CTEMUPIA.DLL
2015-05-18 02:19 - 2011-08-19 20:59 - 00182272 _____ (Creative Technology Ltd) C:\Windows\system32\CT_OAL.DLL
2015-05-18 02:19 - 2011-08-19 20:59 - 00067584 _____ (Creative Technology Ltd) C:\Windows\system32\CTDPROXY.DLL
2015-05-18 02:19 - 2011-08-19 20:59 - 00055808 _____ (Creative Technology Ltd) C:\Windows\system32\CTASIO.DLL
2015-05-18 02:19 - 2011-08-19 20:56 - 00137216 _____ (Creative Technology Ltd) C:\Windows\system32\SFMS32.DLL
2015-05-18 02:19 - 2011-08-19 20:56 - 00089088 _____ (Creative Technology Ltd) C:\Windows\system32\CTOSUSER.DLL
2015-05-18 02:19 - 2011-08-19 20:56 - 00083456 _____ (Creative Technology Ltd) C:\Windows\system32\PIAPROXY.DLL
2015-05-18 02:19 - 2011-08-19 20:56 - 00018432 _____ C:\Windows\system32\REGPLIB.EXE
2015-05-18 02:19 - 2011-08-19 20:56 - 00010752 _____ (Creative Technology Ltd) C:\Windows\system32\SFMAN32.DLL
2015-05-18 02:19 - 2011-08-19 20:55 - 00044544 _____ (Creative Technology Ltd) C:\Windows\system32\DEVREG.DLL
2015-05-18 02:19 - 2011-08-19 20:55 - 00014336 _____ ( ) C:\Windows\system32\KILLAPPS.EXE
2015-05-18 02:19 - 2011-08-19 20:55 - 00008704 _____ C:\Windows\system32\ENLOCSTR.EXE
2015-05-18 02:19 - 2011-08-19 19:39 - 00041984 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTXFIBTN.DLL
2015-05-18 02:19 - 2011-08-19 19:39 - 00039424 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPK.DLL
2015-05-18 02:19 - 2011-08-19 19:39 - 00023552 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTXFIHLP.EXE
2015-05-18 02:19 - 2011-08-19 19:35 - 00047104 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTXFIREG.EXE
2015-05-18 02:19 - 2011-08-19 19:35 - 00015360 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CT20XSPI.DLL
2015-05-18 02:19 - 2011-08-19 19:34 - 01225216 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
2015-05-18 02:19 - 2011-08-19 19:28 - 00323856 _____ C:\Windows\SysWOW64\CTDLANG.DAT
2015-05-18 02:19 - 2011-08-19 19:28 - 00323856 _____ C:\Windows\system32\CTDLANG.DAT
2015-05-18 02:19 - 2011-08-19 19:28 - 00056405 _____ C:\Windows\SysWOW64\CTDNLSTR.DAT
2015-05-18 02:19 - 2011-08-19 19:28 - 00056405 _____ C:\Windows\system32\CTDNLSTR.DAT
2015-05-18 02:19 - 2011-08-19 19:27 - 00114688 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTEMUPIA.DLL
2015-05-18 02:19 - 2011-08-19 19:23 - 00193024 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CT_OAL.DLL
2015-05-18 02:19 - 2011-08-19 19:23 - 00061952 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTDPROXY.DLL
2015-05-18 02:19 - 2011-08-19 19:23 - 00051712 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTASIO.DLL
2015-05-18 02:19 - 2011-08-19 19:22 - 00113152 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\SFMS32.DLL
2015-05-18 02:19 - 2011-08-19 19:22 - 00080896 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\PIAPROXY.DLL
2015-05-18 02:19 - 2011-08-19 19:22 - 00074240 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\CTOSUSER.DLL
2015-05-18 02:19 - 2011-08-19 19:22 - 00010240 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\SFMAN32.DLL
2015-05-18 02:19 - 2011-08-19 19:20 - 00012800 _____ ( ) C:\Windows\SysWOW64\KILLAPPS.EXE
2015-05-18 02:19 - 2011-08-19 19:20 - 00007680 _____ C:\Windows\SysWOW64\ENLOCSTR.EXE
2015-05-18 02:19 - 2011-08-19 19:19 - 00036864 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\DEVREG.DLL
2015-05-18 02:19 - 2010-03-02 11:45 - 00194048 _____ (Creative Technology Limited) C:\Windows\system32\CTDVINST.DLL
2015-05-18 02:19 - 2010-03-02 11:45 - 00073728 _____ (Creative Technology Limited) C:\Windows\system32\CTCOINST.DLL
2015-05-18 02:19 - 2009-11-16 10:46 - 00850432 _____ (Creative Technology Ltd.) C:\Windows\system32\UDAAPO64.DLL
2015-05-18 02:19 - 2009-11-16 10:46 - 00715776 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\UDAAPO32.DLL
2015-05-18 02:19 - 2009-11-16 10:46 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\UDAPLD64.DLL
2015-05-18 02:19 - 2009-11-16 10:46 - 00010062 _____ C:\Windows\SysWOW64\UDAAPO64.UDA
2015-05-18 02:19 - 2009-07-30 09:45 - 00809496 _____ (Creative Labs Inc.) C:\Windows\SysWOW64\OALInst.exe
2015-05-18 02:19 - 2008-06-02 11:42 - 00005530 _____ C:\Windows\SysWOW64\CTMLFX64.UDA
2015-05-18 02:19 - 2008-06-02 10:09 - 00072704 _____ (Creative Technology Ltd) C:\Windows\system32\CTMLFX64.DLL
2015-05-18 02:19 - 2008-04-28 11:36 - 00099064 _____ (Creative Technology Ltd) C:\Windows\system32\ctpxst64.exe
2015-05-18 02:19 - 2008-04-28 11:36 - 00089336 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\ctpxst32.exe
2015-05-18 02:19 - 2007-10-11 09:51 - 07572224 _____ C:\Windows\SysWOW64\CT8MGM.SF2
2015-05-18 02:19 - 2007-10-11 09:51 - 07572224 _____ C:\Windows\system32\CT8MGM.SF2
2015-05-18 02:19 - 2007-10-11 09:51 - 04174814 _____ C:\Windows\SysWOW64\CT4MGM.SF2
2015-05-18 02:19 - 2007-10-11 09:51 - 04174814 _____ C:\Windows\system32\CT4MGM.SF2
2015-05-18 02:19 - 2007-09-28 16:12 - 00060928 _____ ( ) C:\Windows\SysWOW64\A3D.DLL
2015-05-18 02:19 - 2007-09-28 16:12 - 00048640 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\AC3API.DLL
2015-05-18 02:19 - 2007-09-28 16:12 - 00048400 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\AddCat.exe
2015-05-18 02:19 - 2007-09-05 18:36 - 02167684 _____ C:\Windows\SysWOW64\CT2MGM.SF2
2015-05-18 02:19 - 2007-09-05 18:36 - 02167684 _____ C:\Windows\system32\CT2MGM.SF2
2015-05-18 02:19 - 2007-09-05 18:36 - 01048576 _____ C:\Windows\SysWOW64\CT1MGM.ROM
2015-05-18 02:19 - 2007-09-05 18:36 - 01048576 _____ C:\Windows\system32\CT1MGM.ROM
2015-05-18 02:19 - 2007-09-05 18:36 - 00077824 _____ (Creative Labs) C:\Windows\SysWOW64\EAXAC3.DLL
2015-05-18 02:19 - 2007-09-05 18:36 - 00003128 _____ C:\Windows\system32\XFi.bmp
2015-05-18 02:19 - 2007-09-05 18:36 - 00000307 _____ C:\Windows\SysWOW64\KILL.INI
2015-05-18 02:19 - 2007-09-05 18:36 - 00000307 _____ C:\Windows\system32\KILL.INI
2015-05-18 02:19 - 2007-09-05 18:36 - 00000059 _____ C:\Windows\system32\DEFAULT8.SFM
2015-05-18 02:19 - 2007-09-05 18:36 - 00000059 _____ C:\Windows\system32\DEFAULT4.SFM
2015-05-18 02:19 - 2007-09-05 18:36 - 00000059 _____ C:\Windows\system32\DEFAULT.SFM
2015-05-16 21:36 - 2015-05-16 21:36 - 00000000 ____D C:\Program Files (x86)\Dungeon Defenders 2
2015-05-12 00:20 - 2015-05-12 00:20 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-05-12 00:16 - 2015-06-09 00:15 - 00000000 ____D C:\Users\Keytsch\Downloads\RealtekAudio(v7004)
2015-05-12 00:05 - 2015-05-12 00:16 - 220644822 _____ C:\Users\Keytsch\Downloads\RealtekAudio(v7004).zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-10 14:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-10 14:20 - 2009-07-14 06:51 - 00060790 _____ C:\Windows\setupact.log
2015-06-10 14:19 - 2014-01-10 04:44 - 01581752 _____ C:\Windows\WindowsUpdate.log
2015-06-10 14:19 - 2014-01-10 04:43 - 00000000 ____D C:\Users\Keytsch
2015-06-10 14:00 - 2014-05-13 12:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-10 12:44 - 2015-01-25 15:51 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2015-06-10 12:37 - 2009-07-14 19:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2015-06-10 12:37 - 2009-07-14 19:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2015-06-10 12:37 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 12:37 - 2009-07-14 06:45 - 00013568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-10 12:37 - 2009-07-14 06:45 - 00013568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-10 03:24 - 2014-02-21 20:23 - 00000000 ____D C:\Users\Keytsch\AppData\Roaming\vlc
2015-06-09 17:31 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-09 17:30 - 2009-07-14 06:45 - 00295392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-09 17:29 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-09 17:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-09 17:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-06-09 17:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 17:25 - 2014-01-10 21:35 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 17:25 - 2014-01-10 05:51 - 01593956 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-09 15:56 - 2005-04-08 04:16 - 00000000 ___HD C:\Users\Keytsch\AppData\Roaming\34112BEE
2015-06-09 02:37 - 2014-11-12 23:13 - 00000000 ____D C:\Users\Keytsch\AppData\Local\Spotify
2015-06-09 02:30 - 2014-04-16 22:16 - 00000000 ____D C:\Users\Keytsch\Documents\ff
2015-06-09 02:06 - 2014-11-12 23:12 - 00000000 ____D C:\Users\Keytsch\AppData\Roaming\Spotify
2015-06-06 00:18 - 2014-01-15 01:47 - 00453922 _____ C:\Windows\DirectX.log
2015-06-06 00:11 - 2014-01-10 17:52 - 00000000 ____D C:\Spiele
2015-06-04 10:49 - 2014-01-12 15:23 - 00169308 _____ C:\Windows\PFRO.log
2015-06-04 10:49 - 2014-01-10 05:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-31 18:02 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-27 23:51 - 2014-03-05 04:44 - 00000000 ____D C:\Users\Keytsch\AppData\Roaming\uTorrent
2015-05-24 17:35 - 2014-01-15 01:46 - 00000000 ____D C:\Users\Keytsch\Documents\My Games
2015-05-24 17:35 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-19 17:37 - 2015-04-18 20:34 - 00000000 ____D C:\ProgramData\DivX
2015-05-19 17:35 - 2014-08-14 16:16 - 00000000 ____D C:\Users\Keytsch\AppData\Local\Adobe
2015-05-19 17:35 - 2014-05-13 12:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-19 17:35 - 2014-01-10 05:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-19 17:35 - 2014-01-10 05:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-18 14:39 - 2014-01-10 04:56 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-05-18 14:38 - 2014-01-10 04:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 14:38 - 2014-01-10 04:59 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-05-18 14:18 - 2014-04-23 16:13 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-05-18 14:18 - 2014-04-23 16:13 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-05-18 14:18 - 2014-04-23 16:13 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-05-18 14:18 - 2014-04-23 16:13 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-05-18 02:43 - 2014-04-23 16:13 - 00000000 ____D C:\Program Files (x86)\OpenAL
2015-05-15 16:01 - 2014-01-15 23:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 10:50 - 2015-05-10 19:24 - 00000000 ____D C:\Users\Keytsch\dwhelper
==================== Files in the root of some directories =======
2015-06-09 15:55 - 2015-06-09 15:55 - 0154283 ____H () C:\Users\Keytsch\AppData\Roaming\Keytsch-wchelper.dll
2014-12-04 19:06 - 2014-12-04 19:07 - 1065984 _____ () C:\Users\Keytsch\AppData\Local\file__0.localstorage
2015-02-07 22:17 - 2015-02-07 22:17 - 0007605 _____ () C:\Users\Keytsch\AppData\Local\Resmon.ResmonCfg
2014-02-21 20:18 - 2014-04-29 22:33 - 0000040 ___SH () C:\ProgramData\.zreglib
2015-05-12 00:20 - 2015-05-12 00:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-02-27 21:28 - 2014-02-27 21:28 - 0000040 _____ () C:\ProgramData\ra3.ini
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
Some files in TEMP:
====================
C:\Users\Keytsch\AppData\Local\Temp\drm_dialogs.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-03 14:09
==================== End of log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-10 14:29:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006b Samsung_ rev.DXT0 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Keytsch\AppData\Local\Temp\kwtyifow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\SearchIndexer.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fade50 5 bytes JMP 0000000077110128
.text C:\Windows\system32\SearchIndexer.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fadf70 5 bytes JMP 0000000077110018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fade50 5 bytes JMP 0000000077110128
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fadf70 5 bytes JMP 0000000077110018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2996] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e5dbc0 5 bytes JMP 00000000771100a0
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fade50 5 bytes JMP 0000000077110128
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fadf70 5 bytes JMP 0000000077110018
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e5dbc0 5 bytes JMP 00000000771100a0
.text C:\Windows\system32\taskeng.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fade50 5 bytes JMP 0000000077110128
.text C:\Windows\system32\taskeng.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fadf70 5 bytes JMP 0000000077110018
.text C:\Windows\system32\taskeng.exe[1524] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e5dbc0 5 bytes JMP 00000000771100a0
.text C:\Windows\system32\Dwm.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fade50 5 bytes JMP 0000000077110128
.text C:\Windows\system32\Dwm.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fadf70 5 bytes JMP 0000000077110018
.text C:\Windows\system32\Dwm.exe[2460] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e5dbc0 5 bytes JMP 00000000771100a0
.text C:\Windows\Explorer.EXE[3116] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fade50 5 bytes JMP 0000000077110128
.text C:\Windows\Explorer.EXE[3116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fadf70 5 bytes JMP 0000000077110018
.text C:\Windows\Explorer.EXE[3116] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e5dbc0 5 bytes JMP 00000000771100a0
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007715fc4c 5 bytes JMP 0000000171621460
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007715fe10 5 bytes JMP 0000000171621120
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076283b93 5 bytes JMP 0000000171621260
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000754e1401 2 bytes JMP 7629b1ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000754e1419 2 bytes JMP 7629b31a C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000754e1431 2 bytes JMP 76318f09 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000754e144a 2 bytes CALL 76274885 C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000754e14dd 2 bytes JMP 76318802 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000754e14f5 2 bytes JMP 763189d8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000754e150d 2 bytes JMP 763186f8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000754e1525 2 bytes JMP 76318ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000754e153d 2 bytes JMP 7628fc78 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000754e1555 2 bytes JMP 762968bf C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000754e156d 2 bytes JMP 76318fc1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000754e1585 2 bytes JMP 76318b22 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000754e159d 2 bytes JMP 763186bc C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000754e15b5 2 bytes JMP 7628fd11 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000754e15cd 2 bytes JMP 7629b2b0 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000754e16b2 2 bytes JMP 76318e84 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe[3308] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000754e16bd 2 bytes JMP 76318651 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fade50 5 bytes JMP 0000000077110128
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fadf70 5 bytes JMP 0000000077110018
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3316] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e5dbc0 5 bytes JMP 00000000771100a0
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007715fc4c 5 bytes JMP 0000000171621460
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007715fe10 5 bytes JMP 0000000171621120
.text C:\Windows\SysWOW64\ctfmon.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007715fc4c 5 bytes JMP 0000000171621460
.text C:\Windows\SysWOW64\ctfmon.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007715fe10 5 bytes JMP 0000000171621120
.text C:\Windows\SysWOW64\ctfmon.exe[3700] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076283b93 5 bytes JMP 0000000171621260
.text C:\Windows\system32\wbem\wmiprvse.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fade50 5 bytes JMP 0000000077110128
.text C:\Windows\system32\wbem\wmiprvse.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fadf70 5 bytes JMP 0000000077110018
.text C:\Windows\system32\wbem\wmiprvse.exe[3356] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e5dbc0 5 bytes JMP 00000000771100a0
.text C:\Windows\system32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fade50 5 bytes JMP 0000000176e30128
.text C:\Windows\system32\svchost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fadf70 5 bytes JMP 0000000176e30018
.text C:\Windows\system32\svchost.exe[3140] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e5dbc0 5 bytes JMP 0000000176e300a0
.text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fade50 5 bytes JMP 0000000176e30128
.text C:\Windows\System32\svchost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fadf70 5 bytes JMP 0000000176e30018
.text C:\Windows\System32\svchost.exe[3112] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e5dbc0 5 bytes JMP 0000000176e300a0
.text C:\Windows\system32\DllHost.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fade50 5 bytes JMP 0000000077110128
.text C:\Windows\system32\DllHost.exe[4964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fadf70 5 bytes JMP 0000000077110018
.text C:\Windows\system32\DllHost.exe[4964] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e5dbc0 5 bytes JMP 00000000771100a0
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3276:3816] 000007fefa372bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3276:3884] 000007fee517cf60
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4648:5084] 00000000754f7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4648:2664] 0000000072bd8aa6
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4648:2668] 00000000771813b5
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4648:5072] 00000000771927e5
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4648:5112] 00000000771927e5
---- Processes - GMER 2.1 ----
Process C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe (*** suspicious ***) @ C:\Users\Keytsch\AppData\Roaming\Microsoft\Windows\AdobeARMservice.exe [3308](2015-06-09 13:55:40) 0000000000b60000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x55 0x6A 0x84 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x75 0xF0 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x93 0x03 0x04 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x55 0x6A 0x84 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x75 0xF0 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x93 0x03 0x04 0x07 ...
---- EOF - GMER 2.1 ----
Meine große lautet Frage also wohl: Zeit zu formatieren? In jedem Fall bedanke ich mich schonmal ganz herzlich für die Aufmerksamkeit! |
| Themen zu Habe eine SEHR verdächtige .scr Datei ausgeführt. |
| .dll, administrator, avg, browser, computer, cursor, defender, explorer, firefox, flash player, frage, helper, homepage, installation, mozilla, prozesse, realtek, registry, required, scan, software, svchost.exe, temp, virus, virus total, windows, winlogon.exe |
Baum-Darstellung