Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner in Datei Fkx.exe, Win32:SuspBehav-C (https://www.trojaner-board.de/86531-trojaner-datei-fkx-exe-win32-suspbehav-c.html)

Big-Blue 28.05.2010 15:57
Trojaner in Datei Fkx.exe, Win32:SuspBehav-C
 
Hi Leute...
Nach langer Zeit mal wieder was eingefangen (neues Win7 =( ) :pfui:
Beim entpacken eines Mods für Crysis hat sich anscheinend etwas ausgebreitet, wurde auch vorher bei Virustotal getestet, dort schien es jedoch harmlos D=
Nach dem Öffnen der Entpacker-exe öffneten sich 4 Avast!5 Fenster und meldeten verdächtige Aktivitäten im Temp Ordern. Datei Fkx.exe hat den Heuristikscanner auf sich aufmerksam gemacht. Natürlich habe ich das Programm sofort geschlossen und mit HJT gescannt. Hier =D
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:30:05, on 28.05.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Avast! 5\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Big-Blue\Documents\Downloads\HiJackThis204.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast! 5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Windows\system32\sshnas21.dll,Beep16
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast! 5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast! 5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast! 5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5883 bytes
Das mit Halo2 habe ich bereits gefixt (da StartUp ja recht kritisch ist), den Rest nicht angerührt. Halo2 habe ich btw. nicht... Eine Prüfung mit Avast erbrachte nichts. Virendatenbank und Programm sind aktuell, keine Scanner ausgeschaltet.
MBAM:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4151

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.05.2010 16:48:42
mbam-log-2010-05-28 (16-48-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 119374
Laufzeit: 1 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.
Ich hoffe der Schädling konnte nicht zu weit eindringen, hoffentlich hat Avast das ein wenig abgeblockt. ^^ Ist denn eine Neuinstallation nötig?

OTL:
Code:
OTL logfile created on: 28.05.2010 16:50:20 - Run 1
OTL by OldTimer - Version 3.2.5.0    Folder = C:\Users\Big-Blue\Documents\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 361,23 Gb Total Space | 230,80 Gb Free Space | 63,89% Space Free | Partition Type: NTFS
Drive D: | 570,19 Gb Total Space | 569,37 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 5,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GAME-STATION
Current User Name: Big-Blue
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Big-Blue\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme\Avast! 5\AvastUI.exe (ALWIL Software)
PRC - C:\Programme\Avast! 5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Big-Blue\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Avast! 5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Avast! 5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Avast! 5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (AODDriver2) -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 B5 60 C9 4B F8 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2010.05.20 21:09:42 | 000,395,382 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        www.123fporn.info
O1 - Hosts: 13651 more lines...
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Avast! 5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.25 01:29:17 | 000,000,000 | ---D | M] - F:\autorun -- [ CDFS ]
O32 - AutoRun File - [2007.07.19 16:53:44 | 000,000,058 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.10.25 00:11:40 | 004,318,432 | R--- | M] (Crytek) - F:\AutoRunCD.exe -- [ CDFS ]
O33 - MountPoints2\{e6e5617d-6469-11df-8a26-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e6e5617d-6469-11df-8a26-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRunCD.exe -- [2007.10.25 00:11:40 | 004,318,432 | R--- | M] (Crytek)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Big-Blue 28.05.2010 15:58
Code:
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.28 16:45:27 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Malwarebytes
[2010.05.28 16:45:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.28 16:45:16 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.28 16:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.28 16:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.05.28 16:00:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.05.26 19:24:41 | 000,000,000 | ---D | C] -- C:\weia
[2010.05.26 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\TortoiseSVN
[2010.05.26 19:19:29 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Subversion
[2010.05.26 19:18:18 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\TSVNCache
[2010.05.26 19:16:19 | 000,000,000 | ---D | C] -- C:\Programme\TortoiseSVN
[2010.05.26 19:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TortoiseOverlays
[2010.05.25 15:04:16 | 000,000,000 | ---D | C] -- C:\ati8703_Win7Vista64
[2010.05.25 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Microsoft Games
[2010.05.24 13:45:13 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Ubisoft
[2010.05.24 13:44:43 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010.05.24 13:44:43 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010.05.24 13:44:43 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010.05.24 13:44:43 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010.05.24 13:44:43 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010.05.24 13:44:43 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010.05.24 13:44:43 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010.05.24 13:44:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010.05.24 13:44:43 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010.05.24 13:44:43 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010.05.24 13:44:43 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010.05.24 13:44:43 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.05.24 13:44:42 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010.05.24 13:44:42 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.05.24 13:44:42 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010.05.24 13:44:42 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010.05.24 13:44:42 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010.05.24 13:44:42 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010.05.24 13:44:42 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010.05.24 13:44:42 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010.05.24 13:44:42 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010.05.24 13:44:42 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010.05.24 13:44:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010.05.24 13:44:42 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010.05.24 13:44:42 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010.05.24 13:44:42 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010.05.24 13:44:42 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010.05.24 13:44:42 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010.05.24 13:44:42 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010.05.24 13:44:42 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010.05.24 13:44:42 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010.05.24 13:44:42 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010.05.24 13:44:42 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010.05.24 13:44:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010.05.24 13:44:41 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010.05.24 13:44:41 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010.05.24 13:44:41 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010.05.24 13:44:41 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010.05.24 13:44:41 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010.05.24 13:44:41 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010.05.24 13:44:41 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010.05.24 13:44:41 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010.05.24 13:44:41 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010.05.24 13:44:41 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010.05.24 13:44:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010.05.24 13:44:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010.05.24 13:44:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010.05.24 13:44:41 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010.05.24 13:44:41 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010.05.24 13:44:41 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010.05.24 13:44:41 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010.05.24 13:44:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010.05.24 13:44:40 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010.05.24 13:44:40 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010.05.24 13:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010.05.24 13:41:20 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Anno1404_Demo_GER_2009_06_10_16_27
[2010.05.24 13:37:09 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Zattoo
[2010.05.24 13:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010.05.24 13:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010.05.24 13:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2010.05.24 13:23:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.05.24 13:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.05.24 11:09:32 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Desktop\CoreTemp64
[2010.05.23 19:58:21 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Desktop\pic
[2010.05.22 18:03:50 | 000,000,000 | RH-D | C] -- C:\Users\Big-Blue\AppData\Roaming\SecuROM
[2010.05.22 17:37:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7451F7D5-591C-4490-8D3B-C73A69A0E782}
[2010.05.22 17:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.05.22 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.05.22 17:20:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2010.05.22 16:57:50 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.05.22 16:56:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2010.05.22 16:22:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010.05.22 10:23:20 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\vlc
[2010.05.22 10:23:20 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\dvdcss
[2010.05.22 10:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010.05.22 10:06:14 | 000,000,000 | ---D | C] -- C:\Mama Musik
[2010.05.22 10:04:39 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\BonkEnc
[2010.05.22 10:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonkEnc
[2010.05.21 21:16:19 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.05.21 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\AquaMark3
[2010.05.21 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\AquaMark3
[2010.05.21 19:50:09 | 000,020,400 | ---- | C] (EnTech Taiwan) -- C:\Windows\SysWow64\drivers\entech.sys
[2010.05.21 19:50:08 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Macromedia
[2010.05.21 19:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AquaMark3
[2010.05.21 19:49:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010.05.21 19:49:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.05.21 16:05:59 | 000,000,000 | ---D | C] -- C:\Windows\Uninstall
[2010.05.21 15:48:07 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Unigine Heaven
[2010.05.21 15:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Futuremark
[2010.05.21 15:29:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010.05.21 15:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010.05.21 15:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.05.21 15:27:01 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Adobe
[2010.05.21 15:09:50 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\Square Enix
[2010.05.21 15:08:09 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.05.21 13:09:25 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.05.21 13:07:41 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.05.21 13:07:40 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.05.21 13:07:40 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.05.21 13:07:40 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.05.21 13:07:39 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.05.21 13:07:39 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.05.21 13:07:38 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.05.21 13:07:38 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.05.21 13:07:38 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.05.21 13:07:37 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.05.21 13:07:37 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.05.21 13:07:37 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.05.21 13:07:37 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.05.21 13:07:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.05.21 13:07:37 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.05.21 13:07:37 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.05.21 13:07:37 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.05.21 13:07:37 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.05.21 13:07:37 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.05.21 13:07:37 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.05.21 13:07:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.05.21 13:07:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.05.21 13:07:36 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.05.21 13:07:36 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.05.21 13:07:34 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.05.21 13:07:34 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.05.21 13:07:34 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.05.21 13:07:34 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.05.21 13:07:34 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.05.21 13:07:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.05.21 13:07:32 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.05.21 13:07:31 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.05.21 13:07:31 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.05.21 13:07:31 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.05.21 13:07:31 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.05.21 13:07:30 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.05.21 13:07:30 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.05.21 13:07:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.05.21 13:07:30 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.05.21 13:07:29 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.05.21 13:07:29 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.05.21 13:07:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.05.21 13:07:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.05.21 13:07:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.05.21 13:07:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.05.21 13:07:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.05.21 13:07:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.05.21 13:07:19 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010.05.21 13:06:46 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.05.21 13:06:46 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.05.21 13:06:46 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.05.21 13:06:46 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.05.21 13:06:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.05.21 13:06:46 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.05.21 13:06:46 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.05.21 13:06:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.05.21 13:06:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.05.21 13:05:49 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.05.21 13:05:49 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010.05.21 13:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.05.21 13:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010.05.21 13:05:11 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.05.21 13:05:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.05.21 13:05:10 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.05.21 13:05:10 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.05.21 13:05:10 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.05.21 13:05:10 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.05.21 13:05:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.05.21 13:05:08 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.05.21 13:05:08 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.05.21 13:05:08 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.05.21 13:04:56 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.05.21 13:04:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.05.21 13:04:55 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010.05.21 13:02:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unigine
[2010.05.21 02:45:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.05.21 01:49:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.05.21 01:46:51 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.05.21 01:46:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.05.20 22:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010.05.20 22:11:33 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Desktop\Prime 95
[2010.05.20 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Desktop\Z's
[2010.05.20 22:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2010.05.20 22:09:26 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010.05.20 22:09:26 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010.05.20 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2010.05.20 22:09:25 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010.05.20 22:09:25 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010.05.20 22:09:25 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010.05.20 22:09:25 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010.05.20 22:09:25 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010.05.20 22:09:25 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010.05.20 22:09:25 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010.05.20 22:09:25 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010.05.20 22:09:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010.05.20 22:09:25 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010.05.20 22:09:25 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010.05.20 22:09:25 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010.05.20 22:09:24 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010.05.20 22:09:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010.05.20 22:09:23 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010.05.20 22:09:23 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010.05.20 22:09:23 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010.05.20 22:09:23 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010.05.20 22:09:22 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010.05.20 22:09:22 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010.05.20 22:09:21 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010.05.20 22:09:21 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010.05.20 22:09:21 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010.05.20 22:09:21 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010.05.20 22:09:20 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010.05.20 22:09:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010.05.20 22:09:20 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010.05.20 22:09:20 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010.05.20 22:09:19 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010.05.20 22:09:19 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010.05.20 22:09:19 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010.05.20 22:09:19 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010.05.20 22:09:19 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010.05.20 22:09:19 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010.05.20 22:09:19 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010.05.20 22:09:19 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010.05.20 22:09:19 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010.05.20 22:09:19 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010.05.20 22:09:18 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.05.20 22:09:18 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010.05.20 22:09:18 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.05.20 22:09:18 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010.05.20 22:09:18 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010.05.20 22:09:18 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010.05.20 22:09:18 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010.05.20 22:09:18 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010.05.20 22:09:17 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010.05.20 22:09:17 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010.05.20 22:09:16 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010.05.20 22:09:16 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010.05.20 22:09:16 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010.05.20 22:09:16 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010.05.20 22:09:16 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010.05.20 22:09:16 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010.05.20 22:09:15 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010.05.20 22:09:15 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010.05.20 22:09:12 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010.05.20 22:09:12 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010.05.20 22:09:11 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010.05.20 22:09:11 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010.05.20 22:09:11 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010.05.20 22:09:11 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010.05.20 22:09:11 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010.05.20 22:09:11 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010.05.20 22:09:10 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010.05.20 22:09:10 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010.05.20 22:09:10 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010.05.20 22:09:10 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010.05.20 22:09:09 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010.05.20 22:09:09 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010.05.20 22:09:09 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010.05.20 22:09:09 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010.05.20 22:09:09 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010.05.20 22:09:09 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010.05.20 22:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\oZone3D
[2010.05.20 21:22:30 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\My Games
[2010.05.20 21:19:32 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010.05.20 21:19:32 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010.05.20 21:19:32 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010.05.20 21:19:32 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010.05.20 21:19:31 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010.05.20 21:19:31 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010.05.20 21:19:31 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010.05.20 21:19:31 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010.05.20 21:19:31 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010.05.20 21:19:31 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010.05.20 21:19:31 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010.05.20 21:19:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010.05.20 21:19:30 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010.05.20 21:19:30 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010.05.20 21:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010.05.20 21:14:48 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Leadertech
[2010.05.20 21:14:27 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.05.20 21:14:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.05.20 21:14:01 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.05.20 21:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.05.20 21:13:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LogiShrd
[2010.05.20 21:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.20 21:05:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.05.20 20:46:13 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\Downloads
[2010.05.20 20:42:58 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Google
[2010.05.20 20:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.05.20 20:42:57 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.05.20 20:42:56 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.05.20 20:42:55 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.05.20 20:42:53 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.05.20 20:42:50 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.05.20 20:42:24 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.05.20 20:42:24 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010.05.20 20:42:23 | 000,000,000 | ---D | C] -- C:\Programme\Avast! 5
[2010.05.20 20:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.05.20 20:38:06 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Deployment
[2010.05.20 20:38:06 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Apps
[2010.05.20 20:36:21 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.05.20 20:36:21 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.05.20 20:36:21 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.05.20 20:36:21 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.05.20 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Logitech
[2010.05.20 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Logishrd
[2010.05.20 20:30:07 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\ATI
[2010.05.20 20:30:07 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\ATI
[2010.05.20 20:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.05.20 20:28:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2010.05.20 20:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.05.20 20:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010.05.20 20:26:36 | 000,000,000 | ---D | C] -- C:\ATI
[2010.05.20 20:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2010.05.20 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Downloaded Installations
[2010.05.20 20:23:56 | 000,325,664 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010.05.20 20:23:56 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2010.05.20 20:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010.05.20 20:21:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010.05.20 20:19:33 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2010.05.20 20:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2010.05.20 20:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.05.20 20:16:12 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2010.05.20 20:16:09 | 000,039,480 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2010.05.20 20:16:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.05.20 20:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2010.05.20 20:15:35 | 000,016,440 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\AtiPcie.sys
[2010.05.20 20:15:35 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.05.20 20:15:35 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.05.20 20:15:13 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.05.20 20:14:00 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\AMD_Chipset_V307620_XPVISTAWIN7
[2010.05.20 20:13:56 | 075,841,115 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Big-Blue\Documents\10-4_vista64_win7_64_dd_ccc_wdm_enu.exe
[2010.05.20 20:13:41 | 001,301,504 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2010.05.20 20:13:41 | 000,980,480 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2010.05.20 20:13:41 | 000,534,528 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2010.05.20 20:13:41 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2010.05.20 20:13:41 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2010.05.20 20:13:41 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2010.05.20 20:13:41 | 000,084,992 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2010.05.20 20:13:41 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2010.05.20 20:13:41 | 000,076,288 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2010.05.20 20:13:38 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\VIA_Audio_V6018100_XPVISTAWIN7
[2010.05.20 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\RTL8111E_V57482042010_62232092010_7152092010
[2010.05.20 20:13:33 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\Documents\NEC_USB3_V10190_XpVistaWin7
[2010.05.20 20:01:36 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Searches
[2010.05.20 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Identities
[2010.05.20 20:01:26 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Contacts
[2010.05.20 20:01:24 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\VirtualStore
[2010.05.20 20:01:18 | 000,000,000 | --SD | C] -- C:\Users\Big-Blue\AppData\Roaming\Microsoft
[2010.05.20 20:01:18 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Favorites
[2010.05.20 20:01:18 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Downloads
[2010.05.20 20:01:18 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Documents
[2010.05.20 20:01:18 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Desktop
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Vorlagen
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\AppData\Local\Verlauf
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\AppData\Local\Temporary Internet Files
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Startmenü
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\SendTo
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Recent
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Netzwerkumgebung
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Lokale Einstellungen
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Documents\Eigene Videos
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Documents\Eigene Musik
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Eigene Dateien
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Documents\Eigene Bilder
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Druckumgebung
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Cookies
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\AppData\Local\Anwendungsdaten
[2010.05.20 20:01:18 | 000,000,000 | -HSD | C] -- C:\Users\Big-Blue\Anwendungsdaten
[2010.05.20 20:01:18 | 000,000,000 | -H-D | C] -- C:\Users\Big-Blue\AppData
[2010.05.20 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Temp
[2010.05.20 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Local\Microsoft
[2010.05.20 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\Big-Blue\AppData\Roaming\Media Center Programs
[2010.05.20 20:01:17 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Videos
[2010.05.20 20:01:17 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Saved Games
[2010.05.20 20:01:17 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Pictures
[2010.05.20 20:01:17 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Music
[2010.05.20 20:01:17 | 000,000,000 | R--D | C] -- C:\Users\Big-Blue\Links
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.05.20 20:01:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.04.29 11:47:50 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010.04.29 11:47:50 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.28 16:50:36 | 005,242,880 | -HS- | M] () -- C:\Users\Big-Blue\NTUSER.DAT
[2010.05.28 16:45:20 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.28 16:33:43 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.28 16:33:43 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.28 16:27:27 | 000,211,968 | ---- | M] () -- C:\Windows\SysWow64\sshnas21.dll
[2010.05.28 16:10:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.28 16:10:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.28 16:09:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.28 16:04:15 | 330,739,392 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.05.28 15:56:57 | 001,964,685 | -H-- | M] () -- C:\Users\Big-Blue\AppData\Local\IconCache.db
[2010.05.28 15:53:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.27 19:23:56 | 000,001,895 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Sandbox 2.lnk
[2010.05.25 18:52:38 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.25 18:52:38 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.25 18:52:38 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.25 18:52:38 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.25 18:52:38 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.25 15:10:08 | 000,007,605 | ---- | M] () -- C:\Users\Big-Blue\AppData\Local\Resmon.ResmonCfg
[2010.05.25 13:44:47 | 000,001,402 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Downloads - Verknüpfung.lnk
[2010.05.24 13:44:45 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.05.24 13:44:44 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.05.24 13:38:12 | 000,019,456 | ---- | M] () -- C:\Users\Big-Blue\AppData\Local\WebpageIcons.db
[2010.05.24 13:22:48 | 000,009,298 | ---- | M] () -- C:\Users\Big-Blue\Documents\cc_20100524_132245.reg
[2010.05.24 13:20:55 | 000,001,885 | ---- | M] () -- C:\Users\Big-Blue\Desktop\CCleaner.lnk
[2010.05.24 11:09:50 | 000,001,100 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Core Temp.lnk
[2010.05.23 12:20:40 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.05.23 12:20:35 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.05.23 12:20:35 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.05.23 12:20:09 | 000,001,298 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2010.05.23 10:04:03 | 000,001,017 | ---- | M] () -- C:\Users\Big-Blue\Desktop\HWMonitor.lnk
[2010.05.22 21:50:39 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\AMD OverDrive.lnk
[2010.05.22 17:38:15 | 000,001,985 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Crysis Warhead.lnk
[2010.05.22 17:20:20 | 000,001,217 | ---- | M] () -- C:\Users\Public\Desktop\Crysis Wars.lnk
[2010.05.22 16:57:50 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.05.22 16:37:02 | 000,001,142 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010.05.21 19:50:09 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\AquaMark3.lnk
[2010.05.21 19:11:29 | 000,000,992 | ---- | M] () -- C:\Users\Big-Blue\Desktop\CPU-Z.lnk
[2010.05.21 19:10:44 | 000,001,035 | ---- | M] () -- C:\Users\Big-Blue\Desktop\GPU-Z.lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP2).lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP1).lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP0).lnk
[2010.05.21 15:54:10 | 000,003,412 | ---- | M] () -- C:\Users\Big-Blue\unigine_20100521_1554.html
[2010.05.21 14:59:27 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.21 13:02:07 | 000,001,036 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Heaven Benchmark v2.0.lnk
[2010.05.21 01:50:30 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.05.21 01:50:30 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.05.20 22:12:46 | 000,001,007 | ---- | M] () -- C:\Users\Big-Blue\Desktop\SpeedFan.lnk
[2010.05.20 22:12:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.05.20 22:10:41 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\3DMark Vantage.lnk
[2010.05.20 22:02:40 | 000,001,311 | ---- | M] () -- C:\Users\Big-Blue\Desktop\FurMark.lnk
[2010.05.20 21:14:27 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.05.20 21:09:42 | 000,395,382 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.05.20 21:05:07 | 000,001,258 | ---- | M] () -- C:\Users\Big-Blue\Desktop\Spybot - Search & Destroy.lnk
[2010.05.20 20:43:30 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.05.20 20:42:57 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.05.20 20:42:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.05.20 20:30:17 | 000,057,560 | ---- | M] () -- C:\Users\Big-Blue\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.20 20:29:42 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.05.20 20:24:59 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010.05.20 20:20:32 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2010.05.20 20:16:24 | 000,524,288 | -HS- | M] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.05.20 20:16:24 | 000,524,288 | -HS- | M] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.05.20 20:16:24 | 000,065,536 | -HS- | M] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.05.20 20:13:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.20 20:01:18 | 000,000,020 | -HS- | M] () -- C:\Users\Big-Blue\ntuser.ini
[2010.05.20 19:56:34 | 075,841,115 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\Big-Blue\Documents\10-4_vista64_win7_64_dd_ccc_wdm_enu.exe
[2010.05.06 22:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010.05.06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.05.06 22:39:27 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.05.06 22:39:06 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.05.06 22:34:30 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.05.06 22:34:14 | 000,063,568 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.05.06 22:33:50 | 000,022,096 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.04.30 13:25:42 | 001,048,576 | ---- | M] () -- C:\Users\Big-Blue\Documents\M4A87TD-EVO-ASUS-0605.ROM
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.29 11:47:50 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010.04.29 11:47:50 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
 
========== Files Created - No Company Name ==========
 
[2010.05.28 16:45:20 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.28 16:27:27 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\sshnas21.dll
[2010.05.28 16:00:49 | 330,739,392 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.05.27 19:23:56 | 000,001,895 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Sandbox 2.lnk
[2010.05.25 15:10:08 | 000,007,605 | ---- | C] () -- C:\Users\Big-Blue\AppData\Local\Resmon.ResmonCfg
[2010.05.25 13:44:47 | 000,001,402 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Downloads - Verknüpfung.lnk
[2010.05.24 13:44:45 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.05.24 13:44:44 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.05.24 13:37:09 | 000,019,456 | ---- | C] () -- C:\Users\Big-Blue\AppData\Local\WebpageIcons.db
[2010.05.24 13:36:47 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.05.24 13:36:47 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010.05.24 13:22:46 | 000,009,298 | ---- | C] () -- C:\Users\Big-Blue\Documents\cc_20100524_132245.reg
[2010.05.24 13:20:55 | 000,001,885 | ---- | C] () -- C:\Users\Big-Blue\Desktop\CCleaner.lnk
[2010.05.24 11:09:50 | 000,001,100 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Core Temp.lnk
[2010.05.23 12:20:09 | 000,001,298 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2010.05.23 10:04:03 | 000,001,017 | ---- | C] () -- C:\Users\Big-Blue\Desktop\HWMonitor.lnk
[2010.05.22 21:50:39 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\AMD OverDrive.lnk
[2010.05.22 17:38:15 | 000,001,985 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Crysis Warhead.lnk
[2010.05.22 17:20:20 | 000,001,217 | ---- | C] () -- C:\Users\Public\Desktop\Crysis Wars.lnk
[2010.05.22 16:37:02 | 000,001,142 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010.05.22 16:32:25 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.05.22 16:32:23 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.05.22 16:32:23 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.05.21 19:50:09 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\AquaMark3.lnk
[2010.05.21 19:10:44 | 000,001,035 | ---- | C] () -- C:\Users\Big-Blue\Desktop\GPU-Z.lnk
[2010.05.21 19:10:15 | 000,000,992 | ---- | C] () -- C:\Users\Big-Blue\Desktop\CPU-Z.lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP2).lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP1).lnk
[2010.05.21 16:06:53 | 000,002,498 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Half-Life 2 (EP0).lnk
[2010.05.21 15:54:10 | 000,003,412 | ---- | C] () -- C:\Users\Big-Blue\unigine_20100521_1554.html
[2010.05.21 13:02:07 | 000,001,036 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Heaven Benchmark v2.0.lnk
[2010.05.20 22:12:46 | 000,001,007 | ---- | C] () -- C:\Users\Big-Blue\Desktop\SpeedFan.lnk
[2010.05.20 22:12:44 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.05.20 22:10:41 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\3DMark Vantage.lnk
[2010.05.20 22:02:40 | 000,001,311 | ---- | C] () -- C:\Users\Big-Blue\Desktop\FurMark.lnk
[2010.05.20 21:05:07 | 000,001,258 | ---- | C] () -- C:\Users\Big-Blue\Desktop\Spybot - Search & Destroy.lnk
[2010.05.20 20:43:30 | 000,002,194 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.05.20 20:43:02 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.20 20:43:01 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.20 20:42:57 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.05.20 20:42:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.05.20 20:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.20 20:23:56 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010.05.20 20:20:32 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2010.05.20 20:14:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.05.20 20:14:00 | 001,048,576 | ---- | C] () -- C:\Users\Big-Blue\Documents\M4A87TD-EVO-ASUS-0605.ROM
[2010.05.20 20:13:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.20 20:01:18 | 000,524,288 | -HS- | C] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.05.20 20:01:18 | 000,524,288 | -HS- | C] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.05.20 20:01:18 | 000,262,144 | -HS- | C] () -- C:\Users\Big-Blue\ntuser.dat.LOG1
[2010.05.20 20:01:18 | 000,065,536 | -HS- | C] () -- C:\Users\Big-Blue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.05.20 20:01:18 | 000,000,020 | -HS- | C] () -- C:\Users\Big-Blue\ntuser.ini
[2010.05.20 20:01:18 | 000,000,000 | -HS- | C] () -- C:\Users\Big-Blue\ntuser.dat.LOG2
[2010.05.20 20:01:17 | 005,242,880 | -HS- | C] () -- C:\Users\Big-Blue\NTUSER.DAT
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
< End of report >
OTL Extras auch?
Grüße

Big-Blue 29.05.2010 08:41
GMER hat gerade gemeldet:
GMER hasn't found any system modification.
Habe ich vielleicht doch Glück gehabt?

EDIT: Habe übrigends die MBAM Funde gelöscht. OSAM zeigt auch keine Risiken an. (Bis auf die Packet Capture Sachen von Wireshark)

Big-Blue 29.05.2010 12:51
Oh, und ich muss den Threadtitel berichtigen:
Die Dateien hießen Fxk.exe ...
Dazu gibt es im Internet leider einige Einträge D=

Big-Blue 30.05.2010 15:47
Ich brings mal wieder auf Seite 1.

cosinus 30.05.2010 16:16
Hallo,

Bitte Malwarebytes' Datenbank updaten und einen Vollscan machen, dann sehen wir weiter.

Big-Blue 30.05.2010 16:50
Joah, hab ich. ^^
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4156

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30.05.2010 17:48:34
mbam-log-2010-05-30 (17-48-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 278482
Laufzeit: 28 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 30.05.2010 17:03
Sieht ok aus, auch das Log von OTL ist unauffällig. Du kannst nochmal ein Kontrollscan mit SuperantiSpyware machen wenn Du willst. => http://www.trojaner-board.de/51871-a...tispyware.html

Big-Blue 30.05.2010 18:51
Auch nichts. ^^
Habe genau die Settings übernommen.
Vielleicht habe ich ja Glück gehabt.
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/30/2010 at 07:50 PM

Application Version : 4.38.1004

Core Rules Database Version : 5007
Trace Rules Database Version: 2819

Scan type      : Complete Scan
Total Scan Time : 01:13:44

Memory items scanned      : 683
Memory threats detected  : 0
Registry items scanned    : 8997
Registry threats detected : 0
File items scanned        : 177650
File threats detected    : 0

cosinus 30.05.2010 19:11
Auch unauffällig. Noch Probleme bzw. Funde?

Big-Blue 30.05.2010 19:26
Hmm, Probleme eigentlich nicht, Funde auch nicht. Nur als ich SUPERAntiSpyware installiert habe, und ich die Homepage auf about:blank gelockt habe, habe ich direkt danach eine Meldung bekommen, ein Versuch wurde blockiert, die Homepage auf www.microsoft.com/?wasweisich, irgendwas mit f und einer Zahlenkombination zu ändern.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131