| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner in Datei Fkx.exe, Win32:SuspBehav-CWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.05.2010, 15:57
| #1 |
 |  Trojaner in Datei Fkx.exe, Win32:SuspBehav-C Hi Leute... Nach langer Zeit mal wieder was eingefangen (neues Win7 =( )  Beim entpacken eines Mods für Crysis hat sich anscheinend etwas ausgebreitet, wurde auch vorher bei Virustotal getestet, dort schien es jedoch harmlos D= Nach dem Öffnen der Entpacker-exe öffneten sich 4 Avast!5 Fenster und meldeten verdächtige Aktivitäten im Temp Ordern. Datei Fkx.exe hat den Heuristikscanner auf sich aufmerksam gemacht. Natürlich habe ich das Programm sofort geschlossen und mit HJT gescannt. Hier =D Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:30:05, on 28.05.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files\Avast! 5\AvastUI.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Big-Blue\Documents\Downloads\HiJackThis204.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast! 5\avastUI.exe" /nogui O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Windows\system32\sshnas21.dll,Beep16 O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast! 5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast! 5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast! 5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5883 bytes MBAM: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4151
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
28.05.2010 16:48:42
mbam-log-2010-05-28 (16-48-42).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 119374
Laufzeit: 1 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.
OTL: Code:
ATTFilter OTL logfile created on: 28.05.2010 16:50:20 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Big-Blue\Documents\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 361,23 Gb Total Space | 230,80 Gb Free Space | 63,89% Space Free | Partition Type: NTFS Drive D: | 570,19 Gb Total Space | 569,37 Gb Free Space | 99,86% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 5,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GAME-STATION Current User Name: Big-Blue Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Big-Blue\Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Programme\Avast! 5\AvastUI.exe (ALWIL Software) PRC - C:\Programme\Avast! 5\AvastSvc.exe (ALWIL Software) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe () PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\Big-Blue\Documents\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Avast! 5\AvastSvc.exe (ALWIL Software) SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Avast! 5\AvastSvc.exe (ALWIL Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Avast! 5\AvastSvc.exe (ALWIL Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe () SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (AODDriver2) -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys (Advanced Micro Devices) DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 B5 60 C9 4B F8 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010.05.20 21:09:42 | 000,395,382 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 13651 more lines... O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Avast! 5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.10.25 01:29:17 | 000,000,000 | ---D | M] - F:\autorun -- [ CDFS ] O32 - AutoRun File - [2007.07.19 16:53:44 | 000,000,058 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2007.10.25 00:11:40 | 004,318,432 | R--- | M] (Crytek) - F:\AutoRunCD.exe -- [ CDFS ] O33 - MountPoints2\{e6e5617d-6469-11df-8a26-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e6e5617d-6469-11df-8a26-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRunCD.exe -- [2007.10.25 00:11:40 | 004,318,432 | R--- | M] (Crytek) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* |
|
28.05.2010, 15:58
| #2 |
| |  Trojaner in Datei Fkx.exe, Win32:SuspBehav-CCode:
ATTFilter ========== Files/Folders - Created Within 30 Days ==========
[2010.05.28 16:45:27 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Malwarebytes
[2010.05.28 16:45:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.28 16:45:16 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.28 16:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.28 16:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.05.28 16:00:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.05.26 19:24:41 | 000,000,000 | ---D | C] -- C:\weia
[2010.05.26 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\TortoiseSVN
[2010.05.26 19:19:29 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Subversion
[2010.05.26 19:18:18 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\TSVNCache
[2010.05.26 19:16:19 | 000,000,000 | ---D | C] -- C:\Programme\TortoiseSVN
[2010.05.26 19:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TortoiseOverlays
[2010.05.25 15:04:16 | 000,000,000 | ---D | C] -- C:\ati8703_Win7Vista64
[2010.05.25 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Microsoft Games
[2010.05.24 13:45:13 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Ubisoft
[2010.05.24 13:44:43 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010.05.24 13:44:43 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010.05.24 13:44:43 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010.05.24 13:44:43 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010.05.24 13:44:43 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010.05.24 13:44:43 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010.05.24 13:44:43 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010.05.24 13:44:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010.05.24 13:44:43 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010.05.24 13:44:43 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010.05.24 13:44:43 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010.05.24 13:44:43 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.05.24 13:44:42 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010.05.24 13:44:42 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.05.24 13:44:42 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010.05.24 13:44:42 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010.05.24 13:44:42 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010.05.24 13:44:42 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010.05.24 13:44:42 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010.05.24 13:44:42 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010.05.24 13:44:42 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010.05.24 13:44:42 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010.05.24 13:44:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010.05.24 13:44:42 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010.05.24 13:44:42 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010.05.24 13:44:42 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010.05.24 13:44:42 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010.05.24 13:44:42 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010.05.24 13:44:42 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010.05.24 13:44:42 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010.05.24 13:44:42 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010.05.24 13:44:42 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010.05.24 13:44:42 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010.05.24 13:44:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010.05.24 13:44:41 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010.05.24 13:44:41 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010.05.24 13:44:41 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010.05.24 13:44:41 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010.05.24 13:44:41 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010.05.24 13:44:41 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010.05.24 13:44:41 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010.05.24 13:44:41 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010.05.24 13:44:41 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010.05.24 13:44:41 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010.05.24 13:44:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010.05.24 13:44:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010.05.24 13:44:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010.05.24 13:44:41 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010.05.24 13:44:41 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010.05.24 13:44:41 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010.05.24 13:44:41 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010.05.24 13:44:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010.05.24 13:44:40 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010.05.24 13:44:40 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010.05.24 13:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010.05.24 13:41:20 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Anno1404_Demo_GER_2009_06_10_16_27
[2010.05.24 13:37:09 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Zattoo
[2010.05.24 13:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010.05.24 13:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010.05.24 13:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2010.05.24 13:23:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.05.24 13:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.05.24 11:09:32 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Desktop\CoreTemp64
[2010.05.23 19:58:21 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Desktop\pic
[2010.05.22 18:03:50 | 000,000,000 | RH-D | C] -- C:\Users\Big-Blue\AppData\Roaming\SecuROM
[2010.05.22 17:37:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7451F7D5-591C-4490-8D3B-C73A69A0E782}
[2010.05.22 17:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.05.22 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.05.22 17:20:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2010.05.22 16:57:50 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.05.22 16:56:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2010.05.22 16:22:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010.05.22 10:23:20 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\vlc
[2010.05.22 10:23:20 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\dvdcss
[2010.05.22 10:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010.05.22 10:06:14 | 000,000,000 | ---D | C] -- C:\Mama Musik
[2010.05.22 10:04:39 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\BonkEnc
[2010.05.22 10:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonkEnc
[2010.05.21 21:16:19 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.05.21 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\AquaMark3
[2010.05.21 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\AquaMark3
[2010.05.21 19:50:09 | 000,020,400 | ---- | C] (EnTech Taiwan) -- C:\Windows\SysWow64\drivers\entech.sys
[2010.05.21 19:50:08 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Macromedia
[2010.05.21 19:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AquaMark3
[2010.05.21 19:49:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010.05.21 19:49:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.05.21 16:05:59 | 000,000,000 | ---D | C] -- C:\Windows\Uninstall
[2010.05.21 15:48:07 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Unigine Heaven
[2010.05.21 15:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Futuremark
[2010.05.21 15:29:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010.05.21 15:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010.05.21 15:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.05.21 15:27:01 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Adobe
[2010.05.21 15:09:50 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\Square Enix
[2010.05.21 15:08:09 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.05.21 13:09:25 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.05.21 13:07:41 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.05.21 13:07:40 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.05.21 13:07:40 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.05.21 13:07:40 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.05.21 13:07:39 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.05.21 13:07:39 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.05.21 13:07:38 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.05.21 13:07:38 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.05.21 13:07:38 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.05.21 13:07:37 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.05.21 13:07:37 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.05.21 13:07:37 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.05.21 13:07:37 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.05.21 13:07:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.05.21 13:07:37 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.05.21 13:07:37 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.05.21 13:07:37 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.05.21 13:07:37 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.05.21 13:07:37 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.05.21 13:07:37 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.05.21 13:07:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.05.21 13:07:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.05.21 13:07:36 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.05.21 13:07:36 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.05.21 13:07:34 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.05.21 13:07:34 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.05.21 13:07:34 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.05.21 13:07:34 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.05.21 13:07:34 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.05.21 13:07:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.05.21 13:07:32 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.05.21 13:07:31 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.05.21 13:07:31 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.05.21 13:07:31 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.05.21 13:07:31 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.05.21 13:07:30 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.05.21 13:07:30 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.05.21 13:07:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.05.21 13:07:30 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.05.21 13:07:29 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.05.21 13:07:29 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.05.21 13:07:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.05.21 13:07:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.05.21 13:07:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.05.21 13:07:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.05.21 13:07:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.05.21 13:07:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.05.21 13:07:19 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010.05.21 13:06:46 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.05.21 13:06:46 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.05.21 13:06:46 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.05.21 13:06:46 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.05.21 13:06:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.05.21 13:06:46 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.05.21 13:06:46 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.05.21 13:06:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.05.21 13:06:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.05.21 13:05:49 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.05.21 13:05:49 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010.05.21 13:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.05.21 13:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010.05.21 13:05:11 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.05.21 13:05:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.05.21 13:05:10 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.05.21 13:05:10 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.05.21 13:05:10 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.05.21 13:05:10 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.05.21 13:05:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.05.21 13:05:08 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.05.21 13:05:08 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.05.21 13:05:08 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.05.21 13:04:56 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.05.21 13:04:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.05.21 13:04:55 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010.05.21 13:02:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unigine
[2010.05.21 02:45:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.05.21 01:49:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.05.21 01:46:51 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.05.21 01:46:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.05.20 22:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010.05.20 22:11:33 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Desktop\Prime 95
[2010.05.20 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Desktop\Z's
[2010.05.20 22:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2010.05.20 22:09:26 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010.05.20 22:09:26 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010.05.20 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2010.05.20 22:09:25 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010.05.20 22:09:25 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010.05.20 22:09:25 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010.05.20 22:09:25 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010.05.20 22:09:25 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010.05.20 22:09:25 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010.05.20 22:09:25 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010.05.20 22:09:25 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010.05.20 22:09:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010.05.20 22:09:25 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010.05.20 22:09:25 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010.05.20 22:09:25 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010.05.20 22:09:24 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010.05.20 22:09:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010.05.20 22:09:23 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010.05.20 22:09:23 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010.05.20 22:09:23 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010.05.20 22:09:23 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010.05.20 22:09:22 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010.05.20 22:09:22 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010.05.20 22:09:21 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010.05.20 22:09:21 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010.05.20 22:09:21 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010.05.20 22:09:21 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010.05.20 22:09:20 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010.05.20 22:09:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010.05.20 22:09:20 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010.05.20 22:09:20 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010.05.20 22:09:19 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010.05.20 22:09:19 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010.05.20 22:09:19 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010.05.20 22:09:19 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010.05.20 22:09:19 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010.05.20 22:09:19 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010.05.20 22:09:19 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010.05.20 22:09:19 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010.05.20 22:09:19 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010.05.20 22:09:19 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010.05.20 22:09:18 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.05.20 22:09:18 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010.05.20 22:09:18 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.05.20 22:09:18 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010.05.20 22:09:18 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010.05.20 22:09:18 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010.05.20 22:09:18 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010.05.20 22:09:18 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010.05.20 22:09:17 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010.05.20 22:09:17 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010.05.20 22:09:16 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010.05.20 22:09:16 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010.05.20 22:09:16 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010.05.20 22:09:16 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010.05.20 22:09:16 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010.05.20 22:09:16 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010.05.20 22:09:15 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010.05.20 22:09:15 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010.05.20 22:09:12 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010.05.20 22:09:12 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010.05.20 22:09:11 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010.05.20 22:09:11 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010.05.20 22:09:11 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010.05.20 22:09:11 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010.05.20 22:09:11 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010.05.20 22:09:11 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010.05.20 22:09:10 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010.05.20 22:09:10 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010.05.20 22:09:10 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010.05.20 22:09:10 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010.05.20 22:09:09 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010.05.20 22:09:09 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010.05.20 22:09:09 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010.05.20 22:09:09 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010.05.20 22:09:09 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010.05.20 22:09:09 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010.05.20 22:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\oZone3D
[2010.05.20 21:22:30 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\My Games
[2010.05.20 21:19:32 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010.05.20 21:19:32 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010.05.20 21:19:32 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010.05.20 21:19:32 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010.05.20 21:19:31 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010.05.20 21:19:31 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010.05.20 21:19:31 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010.05.20 21:19:31 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010.05.20 21:19:31 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010.05.20 21:19:31 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010.05.20 21:19:31 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010.05.20 21:19:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010.05.20 21:19:30 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010.05.20 21:19:30 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010.05.20 21:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010.05.20 21:14:48 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Leadertech
[2010.05.20 21:14:27 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.05.20 21:14:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.05.20 21:14:01 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.05.20 21:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.05.20 21:13:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LogiShrd
[2010.05.20 21:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.20 21:05:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.05.20 20:46:13 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\Downloads
[2010.05.20 20:42:58 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Google
[2010.05.20 20:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.05.20 20:42:57 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.05.20 20:42:56 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.05.20 20:42:55 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.05.20 20:42:53 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.05.20 20:42:50 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.05.20 20:42:24 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.05.20 20:42:24 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010.05.20 20:42:23 | 000,000,000 | ---D | C] -- C:\Programme\Avast! 5
[2010.05.20 20:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.05.20 20:38:06 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Deployment
[2010.05.20 20:38:06 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Apps
[2010.05.20 20:36:21 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.05.20 20:36:21 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.05.20 20:36:21 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.05.20 20:36:21 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.05.20 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Logitech
[2010.05.20 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Logishrd
[2010.05.20 20:30:07 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\ATI
[2010.05.20 20:30:07 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\ATI
[2010.05.20 20:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.05.20 20:28:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2010.05.20 20:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.05.20 20:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010.05.20 20:26:36 | 000,000,000 | ---D | C] -- C:\ATI
[2010.05.20 20:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2010.05.20 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Downloaded Installations
[2010.05.20 20:23:56 | 000,325,664 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010.05.20 20:23:56 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2010.05.20 20:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010.05.20 20:21:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010.05.20 20:19:33 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2010.05.20 20:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2010.05.20 20:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.05.20 20:16:12 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2010.05.20 20:16:09 | 000,039,480 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2010.05.20 20:16:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.05.20 20:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2010.05.20 20:15:35 | 000,016,440 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\AtiPcie.sys
[2010.05.20 20:15:35 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.05.20 20:15:35 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.05.20 20:15:13 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.05.20 20:14:00 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\AMD_Chipset_V307620_XPVISTAWIN7
[2010.05.20 20:13:56 | 075,841,115 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Big-Blue\Documents\10-4_vista64_win7_64_dd_ccc_wdm_enu.exe
[2010.05.20 20:13:41 | 001,301,504 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2010.05.20 20:13:41 | 000,980,480 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2010.05.20 20:13:41 | 000,534,528 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2010.05.20 20:13:41 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2010.05.20 20:13:41 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2010.05.20 20:13:41 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2010.05.20 20:13:41 | 000,084,992 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2010.05.20 20:13:41 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2010.05.20 20:13:41 | 000,076,288 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2010.05.20 20:13:38 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\VIA_Audio_V6018100_XPVISTAWIN7
[2010.05.20 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\RTL8111E_V57482042010_62232092010_7152092010
[2010.05.20 20:13:33 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\NEC_USB3_V10190_XpVistaWin7
[2010.05.20 20:01:36 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Searches
[2010.05.20 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Identities
[2010.05.20 20:01:26 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Contacts
[2010.05.20 20:01:24 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\VirtualStore
[2010.05.20 20:01:18 | 000,000,000 | --SD | C] -- C:\Users\Big-Blue\AppData\Roaming\Microsoft
[2010.05.20 20:01:18 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Favorites
[2010.05.20 20:01:18 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Downloads
[2010.05.20 20:01:18 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Documents
[2010.05.20 20:01:18 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Desktop
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Vorlagen
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\AppData\Local\Verlauf
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\AppData\Local\Temporary Internet Files
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Startmenü
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\SendTo
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Recent
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Netzwerkumgebung
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Lokale Einstellungen
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Documents\Eigene Videos
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Documents\Eigene Musik
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Eigene Dateien
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Documents\Eigene Bilder
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Druckumgebung
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Cookies
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\AppData\Local\Anwendungsdaten
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Anwendungsdaten
[2010.05.20 20:01:18 | 000,000,000 | -H-D | C] -- C:\Users\Big-Blue\AppData
[2010.05.20 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Temp
[2010.05.20 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Microsoft
[2010.05.20 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Media Center Programs
[2010.05.20 20:01:17 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Videos
[2010.05.20 20:01:17 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Saved Games
[2010.05.20 20:01:17 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Pictures
[2010.05.20 20:01:17 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Music
[2010.05.20 20:01:17 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Links
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.04.29 11:47:50 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010.04.29 11:47:50 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
========== Files - Modified Within 30 Days ==========
[2010.05.28 16:50:36 | 005,242,880 | -HS- | M] () -- C:\Users\Big-Blue\NTUSER.DAT
[2010.05.28 16:45:20 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.28 16:33:43 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.28 16:33:43 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.28 16:27:27 | 000,211,968 | ---- | M] () -- C:\Windows\SysWow64\sshnas21.dll
[2010.05.28 16:10:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.28 16:10:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.28 16:09:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.28 16:04:15 | 330,739,392 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.05.28 15:56:57 | 001,964,685 | -H-- | M] () -- C:\Users\Big-Blue\AppData\Local\IconCache.db
[2010.05.28 15:53:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.27 19:23:56 | 000,001,895 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Sandbox 2.lnk
[2010.05.25 18:52:38 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.25 18:52:38 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.25 18:52:38 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.25 18:52:38 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.25 18:52:38 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.25 15:10:08 | 000,007,605 | ---- | M] () -- C:\Users\Big-Blue\AppData\Local\Resmon.ResmonCfg
[2010.05.25 13:44:47 | 000,001,402 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Downloads - Verknüpfung.lnk
[2010.05.24 13:44:45 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.05.24 13:44:44 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.05.24 13:38:12 | 000,019,456 | ---- | M] () -- C:\Users\Big-Blue\AppData\Local\WebpageIcons.db
[2010.05.24 13:22:48 | 000,009,298 | ---- | M] () -- C:\Users\Big-Blue\Documents\cc_20100524_132245.reg
[2010.05.24 13:20:55 | 000,001,885 | ---- | M] () -- C:\Users\Big-Blue\Desktop\CCleaner.lnk
[2010.05.24 11:09:50 | 000,001,100 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Core Temp.lnk
[2010.05.23 12:20:40 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.05.23 12:20:35 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.05.23 12:20:35 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.05.23 12:20:09 | 000,001,298 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2010.05.23 10:04:03 | 000,001,017 | ---- | M] () -- C:\Users\Big-Blue\Desktop\HWMonitor.lnk
[2010.05.22 21:50:39 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\AMD OverDrive.lnk
[2010.05.22 17:38:15 | 000,001,985 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Crysis Warhead.lnk
[2010.05.22 17:20:20 | 000,001,217 | ---- | M] () -- C:\Users\Public\Desktop\Crysis Wars.lnk
[2010.05.22 16:57:50 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.05.22 16:37:02 | 000,001,142 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010.05.21 19:50:09 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\AquaMark3.lnk
[2010.05.21 19:11:29 | 000,000,992 | ---- | M] () -- C:\Users\Big-Blue\Desktop\CPU-Z.lnk
[2010.05.21 19:10:44 | 000,001,035 | ---- | M] () -- C:\Users\Big-Blue\Desktop\GPU-Z.lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP2).lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP1).lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP0).lnk
[2010.05.21 15:54:10 | 000,003,412 | ---- | M] () -- C:\Users\Big-Blue\unigine_20100521_1554.html
[2010.05.21 14:59:27 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.21 13:02:07 | 000,001,036 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Heaven Benchmark v2.0.lnk
[2010.05.21 01:50:30 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.05.21 01:50:30 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.05.20 22:12:46 | 000,001,007 | ---- | M] () -- C:\Users\Big-Blue\Desktop\SpeedFan.lnk
[2010.05.20 22:12:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.05.20 22:10:41 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\3DMark Vantage.lnk
[2010.05.20 22:02:40 | 000,001,311 | ---- | M] () -- C:\Users\Big-Blue\Desktop\FurMark.lnk
[2010.05.20 21:14:27 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.05.20 21:09:42 | 000,395,382 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.05.20 21:05:07 | 000,001,258 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Spybot - Search & Destroy.lnk
[2010.05.20 20:43:30 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.05.20 20:42:57 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.05.20 20:42:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.05.20 20:30:17 | 000,057,560 | ---- | M] () -- C:\Users\Big-Blue\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.20 20:29:42 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.05.20 20:24:59 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010.05.20 20:20:32 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2010.05.20 20:16:24 | 000,524,288 | -HS- | M] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.05.20 20:16:24 | 000,524,288 | -HS- | M] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.05.20 20:16:24 | 000,065,536 | -HS- | M] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.05.20 20:13:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.20 20:01:18 | 000,000,020 | -HS- | M] () -- C:\Users\Big-Blue\ntuser.ini
[2010.05.20 19:56:34 | 075,841,115 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Big-Blue\Documents\10-4_vista64_win7_64_dd_ccc_wdm_enu.exe
[2010.05.06 22:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010.05.06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.05.06 22:39:27 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.05.06 22:39:06 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.05.06 22:34:30 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.05.06 22:34:14 | 000,063,568 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.05.06 22:33:50 | 000,022,096 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.04.30 13:25:42 | 001,048,576 | ---- | M] () -- C:\Users\Big-Blue\Documents\M4A87TD-EVO-ASUS-0605.ROM
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.29 11:47:50 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010.04.29 11:47:50 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
========== Files Created - No Company Name ==========
[2010.05.28 16:45:20 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.28 16:27:27 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\sshnas21.dll
[2010.05.28 16:00:49 | 330,739,392 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.05.27 19:23:56 | 000,001,895 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Sandbox 2.lnk
[2010.05.25 15:10:08 | 000,007,605 | ---- | C] () -- C:\Users\Big-Blue\AppData\Local\Resmon.ResmonCfg
[2010.05.25 13:44:47 | 000,001,402 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Downloads - Verknüpfung.lnk
[2010.05.24 13:44:45 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.05.24 13:44:44 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.05.24 13:37:09 | 000,019,456 | ---- | C] () -- C:\Users\Big-Blue\AppData\Local\WebpageIcons.db
[2010.05.24 13:36:47 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.05.24 13:36:47 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010.05.24 13:22:46 | 000,009,298 | ---- | C] () -- C:\Users\Big-Blue\Documents\cc_20100524_132245.reg
[2010.05.24 13:20:55 | 000,001,885 | ---- | C] () -- C:\Users\Big-Blue\Desktop\CCleaner.lnk
[2010.05.24 11:09:50 | 000,001,100 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Core Temp.lnk
[2010.05.23 12:20:09 | 000,001,298 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2010.05.23 10:04:03 | 000,001,017 | ---- | C] () -- C:\Users\Big-Blue\Desktop\HWMonitor.lnk
[2010.05.22 21:50:39 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\AMD OverDrive.lnk
[2010.05.22 17:38:15 | 000,001,985 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Crysis Warhead.lnk
[2010.05.22 17:20:20 | 000,001,217 | ---- | C] () -- C:\Users\Public\Desktop\Crysis Wars.lnk
[2010.05.22 16:37:02 | 000,001,142 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010.05.22 16:32:25 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.05.22 16:32:23 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.05.22 16:32:23 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.05.21 19:50:09 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\AquaMark3.lnk
[2010.05.21 19:10:44 | 000,001,035 | ---- | C] () -- C:\Users\Big-Blue\Desktop\GPU-Z.lnk
[2010.05.21 19:10:15 | 000,000,992 | ---- | C] () -- C:\Users\Big-Blue\Desktop\CPU-Z.lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP2).lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP1).lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP0).lnk
[2010.05.21 15:54:10 | 000,003,412 | ---- | C] () -- C:\Users\Big-Blue\unigine_20100521_1554.html
[2010.05.21 13:02:07 | 000,001,036 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Heaven Benchmark v2.0.lnk
[2010.05.20 22:12:46 | 000,001,007 | ---- | C] () -- C:\Users\Big-Blue\Desktop\SpeedFan.lnk
[2010.05.20 22:12:44 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.05.20 22:10:41 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\3DMark Vantage.lnk
[2010.05.20 22:02:40 | 000,001,311 | ---- | C] () -- C:\Users\Big-Blue\Desktop\FurMark.lnk
[2010.05.20 21:05:07 | 000,001,258 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Spybot - Search & Destroy.lnk
[2010.05.20 20:43:30 | 000,002,194 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.05.20 20:43:02 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.20 20:43:01 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.20 20:42:57 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.05.20 20:42:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.05.20 20:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.20 20:23:56 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010.05.20 20:20:32 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2010.05.20 20:14:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.05.20 20:14:00 | 001,048,576 | ---- | C] () -- C:\Users\Big-Blue\Documents\M4A87TD-EVO-ASUS-0605.ROM
[2010.05.20 20:13:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.20 20:01:18 | 000,524,288 | -HS- | C] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.05.20 20:01:18 | 000,524,288 | -HS- | C] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.05.20 20:01:18 | 000,262,144 | -HS- | C] () -- C:\Users\Big-Blue\ntuser.dat.LOG1
[2010.05.20 20:01:18 | 000,065,536 | -HS- | C] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.05.20 20:01:18 | 000,000,020 | -HS- | C] () -- C:\Users\Big-Blue\ntuser.ini
[2010.05.20 20:01:18 | 000,000,000 | -HS- | C] () -- C:\Users\Big-Blue\ntuser.dat.LOG2
[2010.05.20 20:01:17 | 005,242,880 | -HS- | C] () -- C:\Users\Big-Blue\NTUSER.DAT
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
< End of report >
Grüße |
|
29.05.2010, 08:41
| #3 |
| | Trojaner in Datei Fkx.exe, Win32:SuspBehav-C GMER hat gerade gemeldet:
__________________GMER hasn't found any system modification. Habe ich vielleicht doch Glück gehabt? EDIT: Habe übrigends die MBAM Funde gelöscht. OSAM zeigt auch keine Risiken an. (Bis auf die Packet Capture Sachen von Wireshark) Geändert von Big-Blue (29.05.2010 um 09:20 Uhr) |
|
29.05.2010, 12:51
| #4 |
| | Trojaner in Datei Fkx.exe, Win32:SuspBehav-C Oh, und ich muss den Threadtitel berichtigen: Die Dateien hießen Fxk.exe ... Dazu gibt es im Internet leider einige Einträge D= |
|
30.05.2010, 15:47
| #5 |
| | Trojaner in Datei Fkx.exe, Win32:SuspBehav-C Ich brings mal wieder auf Seite 1. |
|
30.05.2010, 16:16
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner in Datei Fkx.exe, Win32:SuspBehav-C Hallo, Bitte Malwarebytes' Datenbank updaten und einen Vollscan machen, dann sehen wir weiter.
__________________ --> Trojaner in Datei Fkx.exe, Win32:SuspBehav-C |
|
30.05.2010, 16:50
| #7 |
| |  Trojaner in Datei Fkx.exe, Win32:SuspBehav-C Joah, hab ich. ^^ Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4156
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
30.05.2010 17:48:34
mbam-log-2010-05-30 (17-48-34).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 278482
Laufzeit: 28 Minute(n), 3 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
30.05.2010, 17:03
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner in Datei Fkx.exe, Win32:SuspBehav-C Sieht ok aus, auch das Log von OTL ist unauffällig. Du kannst nochmal ein Kontrollscan mit SUPERAntiSpyware machen wenn Du willst. => http://www.trojaner-board.de/51871-a...tispyware.html
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.05.2010, 18:51
| #9 |
| | Trojaner in Datei Fkx.exe, Win32:SuspBehav-C Auch nichts. ^^ Habe genau die Settings übernommen. Vielleicht habe ich ja Glück gehabt. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/30/2010 at 07:50 PM
Application Version : 4.38.1004
Core Rules Database Version : 5007
Trace Rules Database Version: 2819
Scan type : Complete Scan
Total Scan Time : 01:13:44
Memory items scanned : 683
Memory threats detected : 0
Registry items scanned : 8997
Registry threats detected : 0
File items scanned : 177650
File threats detected : 0
|
|
30.05.2010, 19:11
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner in Datei Fkx.exe, Win32:SuspBehav-C Auch unauffällig. Noch Probleme bzw. Funde?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2010, 19:26
| #11 |
| | Trojaner in Datei Fkx.exe, Win32:SuspBehav-C Hmm, Probleme eigentlich nicht, Funde auch nicht. Nur als ich SUPERAntiSpyware installiert habe, und ich die Homepage auf about:blank gelockt habe, habe ich direkt danach eine Meldung bekommen, ein Versuch wurde blockiert, die Homepage auf www.microsoft.com/?wasweisich, irgendwas mit f und einer Zahlenkombination zu ändern. |
|
| Themen zu Trojaner in Datei Fkx.exe, Win32:SuspBehav-C |
| antivirus, autorun, avast, avast!, cdburnerxp, error, fontcache, format, google, gupdate, hdaudio.sys, hijack, hijackthis, home, home premium, internet, internet explorer, langs, location, logfile, malwarebytes' anti-malware, oldtimer, otl logfile, otl.exe, programm, realtek, registry, rundll, safer networking, schädling, security, server, software, staropen, syswow64, temp, trojaner, usb, virus, webcheck, windows |
Linear-Darstellung
