Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Fragwürdige Aktionen auf dem Rechner, Infiziert? (https://www.trojaner-board.de/134678-fragwuerdige-aktionen-rechner-infiziert.html)

DH! 08.05.2013 23:09
Fragwürdige Aktionen auf dem Rechner, Infiziert?
 
Schönen Guten Tag zusammen,

Habe da ein Problem, ESET sagt mir seit kurzem das irgendein Exploid entdeckt wurde, irgendwas mit Covert-Channel-Exploid oderso. Das geht jetzt seit n paar Tagen immer beim Booten sofort los und dann ist wieder ruhe.
Frage ist was ist das jetzt, bin ich infiziert mit irgendwas?
Es mehrt sich auch irgendwie die explorer.exe im Taskmanager, im Moment ist sie 4 mal gestartet, obwohl nur einmal der Explorer geöffnet ist.

Klingt für mich nicht so gut, weil Emsisoft hat auch in der Explorer.exe irgendne auffällige Aktivität gefunden.

Bin da auch leider kein Profi drin, aber das ist nicht normal.

Ich hoff mir kann jemand helfen.
Ich weiss nicht weiter, denn Eset findet bei mir nichts und Emsisoft auch nicht im System beim suchen, aber da war ja mal was in der Explorer.exe...
Vllt. son Bot Virus oderso.

Über schnelle hilfe wäre ich froh.

Vielen Dank erstmal, MFG
DH!

cosinus 08.05.2013 23:30
:hallo:

Zitat:
Frage ist was ist das jetzt, bin ich infiziert mit irgendwas?
Wie bitte soll man das beantworten wenn du kein Log postest, nichtmal das Log von ESET? :glaskugel:

Deine Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

DH! 08.05.2013 23:31
Hier ist die HijackThis Log Datei:
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:30:11, on 09.05.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files (x86)\Xion\Xion.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Users\PornStar\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O4 - HKLM\..\Run: [RoccatKone+] "C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe                                                                                                                                                                                                                         
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun                                                                                                                                                                                       
O4 - HKLM\..\Run: [RSShutdown] "C:\Program Files (x86)\Shutdown\Autostart.exe"
O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun                                                                                                                                                                                                         
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray                                                                                                                                                                                                           
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Emsisoft Anti-Malware 7.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RichiStudios Shutdown (RSShutdown) - RichiStudios - C:\Program Files (x86)\Shutdown\service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8009 bytes
--- --- ---
MFG DH!

Hi cosinus,

Du warst leider ein wenig schneller als ich^^

cosinus 08.05.2013 23:33
Lesestoff:
Bitte keine Hijackthis-Logfiles posten!!!

Zitat:
Zitat von Larusso (Beitrag 614538)
Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.
Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke :daumenhoc

DH! 08.05.2013 23:35
OK, dann bitte ich um entschuldigung und werde jetzt mal lesen, hab ich übersprungen weil n kumpel von mir meinte das ich nur das HijackThis Log file posten muss und dann ist gut.

Sorry

cosinus 08.05.2013 23:37
Das war erstmal nur als Hinweis gedacht!
Poste erstmal das Log von ESET und evtl andere Logs mit Funden

mort 08.05.2013 23:38
Ein Exploit selber ist kein direkter Virus / Trojaner. Er nutzt aber Sicherheitslücken aus um z.B. Schadware zu übertragen.

EDIT: Sorry, war noch kein Betrag da, als ich das geschrieben habe :)

cosinus 08.05.2013 23:51
Hast schon einen im Tee? :rofl: 8 Minuten für diesen Satz? ;)

DH! 09.05.2013 01:12
Ne war abgelenkt grad, konnte nix machen.

So, also des weiteren ist mir aufgefallen, das ständig obwohl ich es immer wieder ändere, die Option versteckte Ordner anzeigen & versteckte System Dateien anzeigen sich immer wieder von selbst aktiviert irgendwie.
Was ist da los?? o.O


Hier die Logs:

Bei Defogger kam keine Fehlermeldung, hier ist trotzdem das Log File.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:37 on 09/05/2013 (PornStar)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


Bei OLT wurde irgendwie nur die OLT.txt erstellt und nicht die Extra.txt.

Hier das File:OTL Logfile:
Code:
OTL logfile created on: 09.05.2013 01:53:03 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\PornStar\Desktop\Trojaner-Board.de Tools
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,11% Memory free
8,00 Gb Paging File | 6,46 Gb Available in Paging File | 80,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 41,29 Gb Free Space | 42,32% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 70,11 Gb Free Space | 8,41% Space Free | Partition Type: NTFS
 
Computer Name: PORNSTAR-PC | User Name: PornStar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.09 00:42:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\OTL.exe
PRC - [2013.03.28 19:02:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2013.03.28 19:02:50 | 003,363,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
PRC - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Programme\ESET Smart Security\x86\ekrn.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2004.06.24 17:16:39 | 000,045,056 | ---- | M] (RichiStudios) -- C:\Program Files (x86)\Shutdown\service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.04.24 18:52:06 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.01.28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.13 04:21:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.28 19:02:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013.03.27 04:16:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2013.03.15 18:31:48 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013.03.15 18:31:28 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.01.28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.12.19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004.06.24 17:16:39 | 000,045,056 | ---- | M] (RichiStudios) [Auto | Running] -- C:\Program Files (x86)\Shutdown\service.exe -- (RSShutdown)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.24 19:19:22 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013.04.24 19:19:22 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.04.24 17:48:16 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.14 12:21:06 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013.02.14 12:21:04 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.01.10 09:25:22 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013.01.10 09:25:22 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013.01.10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.11.09 15:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.11.09 15:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.11.09 15:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.11.09 15:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.10.17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013.03.28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2013.03.28 19:03:02 | 000,017,384 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2013.03.15 18:31:40 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012.11.16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2012.04.30 18:45:00 | 000,044,688 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=4E5800248C66E588
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VLC Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013.04.05 00:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:30:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET Smart Security\Mozilla Thunderbird [2013.04.05 00:12:59 | 000,000,000 | ---D | M]
 
[2013.04.30 19:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PornStar\AppData\Roaming\mozilla\Extensions
[2013.04.22 03:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PornStar\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.04.11 17:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\PornStar\AppData\Roaming\mozilla\firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi
 
O1 HOSTS File: ([2013.05.07 02:25:16 | 000,000,982 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2CCA15A-119E-4C9F-9DED-7974F45C209B}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O27:64bit: - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hd-apkhandler.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hd-runapp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hd-startlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\quickstart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sbase.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\scalc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sdraw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\simpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\smath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\soffice.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sptdinst-x64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\swriter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\thunderbird.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hd-apkhandler.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hd-runapp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hd-startlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\quickstart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sbase.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\scalc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sdraw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\simpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\smath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\soffice.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sptdinst-x64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\swriter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\thunderbird.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.04 12:25:12 | 000,000,025 | -H-- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.09 01:38:10 | 000,029,984 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2013.05.09 01:38:09 | 000,037,664 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2013.05.09 00:49:19 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Desktop\Trojaner-Board.de Tools
[2013.05.08 06:30:58 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Media Player Classic
[2013.05.07 22:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.05.07 22:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2013.05.07 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2013.05.07 18:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.05.07 18:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013.05.07 18:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\LicenseProxy
[2013.05.07 03:48:43 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\FLT
[2013.05.07 03:48:36 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\My Games
[2013.05.07 02:47:50 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Anti-Malware
[2013.05.07 02:14:52 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Malwarebytes
[2013.05.07 02:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.07 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.07 02:14:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.07 02:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.06 19:04:08 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2013.05.06 19:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2013.05.06 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Android
[2013.05.06 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Android
[2013.05.05 21:26:44 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\DVDVideoSoft
[2013.05.05 21:25:45 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.05 21:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.05.05 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoft
[2013.05.05 21:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.05.05 21:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.05.05 20:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Recorder Pro
[2013.05.05 20:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audio Recorder Pro
[2013.05.05 17:45:54 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\Vidalia
[2013.05.05 10:59:36 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\gtk-2.0
[2013.05.05 08:26:50 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\tor
[2013.05.05 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\HexChat
[2013.05.05 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Downloads
[2013.05.05 08:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
[2013.05.05 08:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\HexChat
[2013.05.05 06:58:25 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\X-Chat 2
[2013.05.03 04:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shutdown
[2013.04.30 22:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jDownloader
[2013.04.30 22:36:06 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jDownloader
[2013.04.30 21:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.04.30 20:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.04.30 20:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.04.30 20:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.04.30 20:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.04.30 20:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.04.30 20:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.30 20:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.04.30 20:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.04.30 20:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.04.30 20:44:35 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.04.30 20:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.04.30 20:41:09 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Xion
[2013.04.30 20:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xion
[2013.04.30 20:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xion
[2013.04.30 19:15:12 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.30 19:01:15 | 000,000,000 | ---D | C] -- C:\Steam
[2013.04.30 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.30 18:49:08 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\IN-MEDIAKG
[2013.04.30 18:48:57 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\mresreg
[2013.04.30 18:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IntelligentShutdown
[2013.04.30 18:48:23 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intelligent Shutdown
[2013.04.30 18:15:32 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\Mozilla
[2013.04.30 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Carbon
[2013.04.30 06:55:49 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\StarCraft II
[2013.04.30 06:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013.04.30 06:53:39 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Blizzard Entertainment
[2013.04.30 06:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013.04.30 06:52:59 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Battle.net
[2013.04.30 01:49:46 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\Warframe
[2013.04.25 00:10:16 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.04.25 00:10:16 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.04.25 00:10:15 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.04.25 00:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.04.24 23:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.04.24 18:52:50 | 000,514,048 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.04.24 18:52:06 | 000,238,080 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.04.24 18:50:44 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.04.24 18:50:30 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.04.24 18:36:28 | 000,069,632 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.97.100.dll
[2013.04.23 15:53:13 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\OpenOffice.org
[2013.04.23 15:50:41 | 000,000,000 | --SD | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.04.23 15:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.04.22 03:49:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.04.22 03:49:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.04.22 03:49:17 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Babylon
[2013.04.22 03:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.04.22 03:48:45 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\PutLockerDownloader
[2013.04.21 11:28:53 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\GoforFiles
[2013.04.13 05:18:04 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\streamWriter
[2013.04.13 05:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamWriter
[2013.04.13 05:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamWriter
[2013.04.13 05:11:30 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\streamripper
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 01:54:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.09 01:50:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 01:50:23 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.09 01:44:49 | 000,000,704 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_014446.reg
[2013.05.09 01:43:23 | 000,011,620 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_014321.reg
[2013.05.09 00:46:27 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 00:46:27 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 00:37:33 | 000,000,594 | ---- | M] () -- C:\Users\PornStar\defogger_reenable
[2013.05.09 00:26:39 | 000,000,748 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_002636.reg
[2013.05.09 00:21:17 | 000,008,546 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_002114.reg
[2013.05.09 00:00:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.09 00:00:21 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.09 00:00:21 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.09 00:00:21 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.09 00:00:21 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.07 18:00:14 | 000,059,558 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130507_180011.reg
[2013.05.07 02:18:17 | 000,000,033 | ---- | M] () -- C:\Users\PornStar\AppData\Roaming\mbam.context.scan
[2013.05.05 18:22:21 | 000,001,200 | ---- | M] () -- C:\Users\PornStar\Desktop\Tor Browser.lnk
[2013.05.05 14:01:02 | 000,001,886 | ---- | M] () -- C:\Users\PornStar\Desktop\TOR.exe.lnk
[2013.05.05 12:39:07 | 000,000,218 | ---- | M] () -- C:\Users\PornStar\AppData\Local\recently-used.xbel
[2013.05.05 08:48:39 | 000,000,816 | ---- | M] () -- C:\Users\PornStar\Desktop\HexChat.lnk
[2013.05.03 01:53:14 | 000,000,705 | ---- | M] () -- C:\Users\PornStar\AppData\Roaming\MPQEditor.ini
[2013.04.24 18:59:08 | 000,245,936 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2013.04.24 18:59:08 | 000,245,936 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2013.04.24 18:52:50 | 000,514,048 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.04.24 18:52:06 | 000,238,080 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.04.24 18:50:44 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.04.24 18:50:30 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.04.24 18:36:28 | 000,069,632 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_8.97.100.dll
[2013.04.24 18:13:06 | 002,818,784 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.04.24 18:05:56 | 002,852,480 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.04.24 13:14:06 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2013.04.23 22:00:10 | 000,298,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.23 15:53:21 | 000,001,237 | -H-- | M] () -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.09 01:44:47 | 000,000,704 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_014446.reg
[2013.05.09 01:43:22 | 000,011,620 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_014321.reg
[2013.05.09 00:37:17 | 000,000,594 | ---- | C] () -- C:\Users\PornStar\defogger_reenable
[2013.05.09 00:26:38 | 000,000,748 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_002636.reg
[2013.05.09 00:21:15 | 000,008,546 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_002114.reg
[2013.05.07 18:00:13 | 000,059,558 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130507_180011.reg
[2013.05.07 02:18:17 | 000,000,033 | ---- | C] () -- C:\Users\PornStar\AppData\Roaming\mbam.context.scan
[2013.05.05 18:22:21 | 000,001,200 | ---- | C] () -- C:\Users\PornStar\Desktop\Tor Browser.lnk
[2013.05.05 12:39:07 | 000,000,218 | ---- | C] () -- C:\Users\PornStar\AppData\Local\recently-used.xbel
[2013.05.05 08:48:39 | 000,000,816 | ---- | C] () -- C:\Users\PornStar\Desktop\HexChat.lnk
[2013.05.05 08:30:34 | 000,001,886 | ---- | C] () -- C:\Users\PornStar\Desktop\TOR.exe.lnk
[2013.04.30 19:15:12 | 000,000,600 | ---- | C] () -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam.lnk
[2013.04.30 07:04:58 | 000,000,705 | ---- | C] () -- C:\Users\PornStar\AppData\Roaming\MPQEditor.ini
[2013.04.25 00:10:14 | 000,002,203 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.04.24 18:59:08 | 000,245,936 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2013.04.24 18:59:08 | 000,245,936 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2013.04.24 18:13:06 | 002,818,784 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.04.24 18:05:56 | 002,852,480 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.04.24 13:14:06 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2013.04.23 15:53:21 | 000,001,237 | -H-- | C] () -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.04.05 01:31:43 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.04.04 21:46:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.16 22:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.11.16 22:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 032,043,008 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 030,744,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.22 03:49:17 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Babylon
[2013.04.30 06:53:12 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Battle.net
[2013.04.30 14:57:18 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Carbon
[2013.04.06 16:18:38 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013.05.07 17:59:48 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\DAEMON Tools Lite
[2013.05.05 21:36:50 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoft
[2013.05.05 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.04.05 00:14:55 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\ESET
[2013.04.21 11:29:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\GoforFiles
[2013.05.07 10:24:45 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\HexChat
[2013.04.30 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\IN-MEDIAKG
[2013.04.05 02:23:03 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\IrfanView
[2013.04.30 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\mresreg
[2013.04.23 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\OpenOffice.org
[2013.04.30 18:38:52 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Opera
[2013.04.05 21:32:29 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\PC Suite
[2013.04.30 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\r2 Studios
[2013.04.13 05:11:30 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\streamripper
[2013.04.13 09:51:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\streamWriter
[2013.04.05 02:30:59 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Thunderbird
[2013.05.07 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\TS3Client
[2013.04.05 02:42:18 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\TuneUp Software
[2013.05.09 00:20:54 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\uTorrent
[2013.05.05 08:06:04 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\X-Chat 2
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Und zum Schluss noch das gmer File:
GMER Logfile:
Code:
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-09 02:05:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD10EAVS-00D7B0 rev.01.01A01 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\PornStar\AppData\Local\Temp\fgldakog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\ESET Smart Security\x86\ekrn.exe[1592] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                0000000076b687b1 4 bytes [C2, 04, 00, 00]
.text  C:\Program Files\ESET Smart Security\x86\ekrn.exe[1592] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                      0000000076a81465 2 bytes [A8, 76]
.text  C:\Program Files\ESET Smart Security\x86\ekrn.exe[1592] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                    0000000076a814bb 2 bytes [A8, 76]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 322                                                                                  0000000073e01a22 2 bytes [E0, 73]
.text  C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 496                                                                                  0000000073e01ad0 2 bytes [E0, 73]
.text  C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 552                                                                                  0000000073e01b08 2 bytes [E0, 73]
.text  C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 730                                                                                  0000000073e01bba 2 bytes [E0, 73]
.text  C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 762                                                                                  0000000073e01bda 2 bytes [E0, 73]
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                  0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                      0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                    0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                  0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                                                0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                              0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                      000007fefe489aa5 3 bytes [65, 65, 06]
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                              000007feff113b44 6 bytes {JMP QWORD [RIP+0xfc4ec]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                              000007feff12b704 6 bytes {JMP QWORD [RIP+0xc492c]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                              0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                              0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                              0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                          0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                  000007fefe489aa5 3 bytes [65, 65, 06]
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                        0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                          0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                        0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                        0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                                                    0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                  0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                            000007fefe489aa5 3 bytes CALL 5b000038
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                            0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                              0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                            0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                                                        0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefe489aa5 3 bytes [65, 65, 06]
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\msi.dll!MsiSetInternalUI                                                                                                          000007fefa185cd0 6 bytes {JMP QWORD [RIP+0x37a360]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\msi.dll!MsiInstallProductA                                                                                                        000007fefa200f20 6 bytes JMP 2bf108
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\msi.dll!MsiInstallProductW                                                                                                        000007fefa20faa8 6 bytes JMP 0
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA                                                                                                    000007fef92e7b34 6 bytes {JMP QWORD [RIP+0xa84fc]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                                                    000007fef92f03c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                                                                  000007fefea43030 6 bytes JMP 532d720
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WS2_32.dll!connect + 1                                                                                                            000007fefea445c1 5 bytes {JMP QWORD [RIP+0x24ba70]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WS2_32.dll!listen                                                                                                                  000007fefea48290 6 bytes JMP ca5e0
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                      0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                        0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                      0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                                  0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                          000007fefe489aa5 3 bytes [65, 65, 06]
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                                            000007fefea43030 6 bytes {JMP QWORD [RIP+0x1dd000]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\WS2_32.dll!connect + 1                                                                                      000007fefea445c1 5 bytes {JMP QWORD [RIP+0x19ba70]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\WS2_32.dll!listen                                                                                            000007fefea48290 6 bytes JMP 1000c
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                    000000007780fc00 3 bytes JMP 7184000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                                000000007780fc04 2 bytes JMP 7184000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                        000000007780fd44 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                    000000007780fd48 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                      0000000077810094 3 bytes JMP 7181000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                  0000000077810098 2 bytes JMP 7181000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                    00000000778101a4 3 bytes JMP 718a000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                                00000000778101a8 2 bytes JMP 718a000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                  0000000077810a24 3 bytes JMP 7187000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                              0000000077810a28 2 bytes JMP 7187000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                0000000077811900 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                            0000000077811904 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                        00000000772c2c91 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                    0000000076c79679 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                    0000000076c812a5 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                    0000000076c83baa 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                    0000000076c8612e 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendInput                                                                        0000000076c9ff4a 3 bytes JMP 719f000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                                    0000000076c9ff4e 2 bytes JMP 719f000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!mouse_event                                                                      0000000076cd027b 6 bytes JMP 71a5000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!keybd_event                                                                      0000000076cd02bf 6 bytes JMP 71a2000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                0000000076e1712c 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                0000000076e33158 6 bytes JMP 7190000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                              000000007780fc00 3 bytes JMP 718a000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                          000000007780fc04 2 bytes JMP 718a000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                  000000007780fd44 3 bytes JMP 7184000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                              000000007780fd48 2 bytes JMP 7184000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                0000000077810094 3 bytes JMP 7187000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                            0000000077810098 2 bytes JMP 7187000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                              00000000778101a4 3 bytes JMP 7190000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                          00000000778101a8 2 bytes JMP 7190000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                            0000000077810a24 3 bytes JMP 718d000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                        0000000077810a28 2 bytes JMP 718d000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                          0000000077811900 3 bytes JMP 7181000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                      0000000077811904 2 bytes JMP 7181000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                  00000000772c2c91 4 bytes CALL 71af0000
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendMessageW                                                              0000000076c79679 6 bytes JMP 719f000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!PostMessageW                                                              0000000076c812a5 6 bytes JMP 7199000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!PostMessageA                                                              0000000076c83baa 6 bytes JMP 719c000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendMessageA                                                              0000000076c8612e 6 bytes JMP 71a2000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendInput                                                                  0000000076c9ff4a 3 bytes JMP 71a5000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                              0000000076c9ff4e 2 bytes JMP 71a5000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!mouse_event                                                                0000000076cd027b 6 bytes JMP 71ab000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!keybd_event                                                                0000000076cd02bf 6 bytes JMP 71a8000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                          0000000076e1712c 6 bytes JMP 7193000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                          0000000076e33158 6 bytes JMP 7196000a

---- User IAT/EAT - GMER 2.1 ----

IAT    C:\Windows\system32\svchost.exe[576] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress]                                                                            [7fefb992960] c:\windows\system32\uxtuneup.dll
IAT    C:\Windows\system32\svchost.exe[576] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile]                                                                                  [7fefb992840] c:\windows\system32\uxtuneup.dll
IAT    C:\Windows\system32\svchost.exe[576] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress]                                                                                  [7fefb992960] c:\windows\system32\uxtuneup.dll
IAT    C:\Windows\system32\svchost.exe[576] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile]                                                                                        [7fefb992840] c:\windows\system32\uxtuneup.dll
IAT    C:\Windows\Explorer.EXE[2436] @ C:\Windows\Explorer.EXE[USER32.dll!LoadImageW]                                                                                                      [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll
IAT    C:\Windows\Explorer.EXE[2436] @ C:\Windows\system32\DUI70.dll[USER32.dll!LoadImageW]                                                                                                [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll
IAT    C:\Windows\Explorer.EXE[2436] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!LoadImageW]  [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [340:2576]                                                                                                                                          000007fef9970ea8
Thread  C:\Windows\system32\svchost.exe [340:2580]                                                                                                                                          000007fef9969db0
Thread  C:\Windows\system32\svchost.exe [340:2600]                                                                                                                                          000007fef996aa10
Thread  C:\Windows\system32\svchost.exe [340:2604]                                                                                                                                          000007fef9971c94
Thread  C:\Windows\system32\svchost.exe [340:516]                                                                                                                                            000007fef504d3c8
Thread  C:\Windows\system32\svchost.exe [340:1920]                                                                                                                                          000007fef504d3c8
Thread  C:\Windows\system32\svchost.exe [340:1856]                                                                                                                                          000007fef504d3c8
Thread  C:\Windows\system32\svchost.exe [340:1248]                                                                                                                                          000007fef504d3c8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2304:3008]                                                                                                                      000007fefc802a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2304:3200]                                                                                                                      000007fefa735124
Thread  C:\Windows\System32\svchost.exe [3788:2268]                                                                                                                                          000007fef3e99688

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                  C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                  0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                  0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                              0x9D 0xF9 0x69 0x16 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                        0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                      0x48 0x79 0x60 0x88 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                0x48 0x93 0x57 0x8A ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                      C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                      0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                      0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                  0x9D 0xF9 0x69 0x16 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                            0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                          0x48 0x79 0x60 0x88 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                    0x48 0x93 0x57 0x8A ...

---- EOF - GMER 2.1 ----
--- --- ---

Ich hoffe das jetzt alles bei sammen ist.

Grüße

DH! 09.05.2013 01:14
Ne war abgelenkt grad, konnte nix machen.

So, also des weiteren ist mir aufgefallen, das ständig obwohl ich es immer wieder ändere, die Option versteckte Ordner anzeigen & versteckte System Dateien anzeigen sich immer wieder von selbst aktiviert irgendwie.
Was ist da los?? o.O


Hier die Logs:

Bei Defogger kam keine Fehlermeldung, hier ist trotzdem das Log File.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:37 on 09/05/2013 (PornStar)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


Bei OLT wurde irgendwie nur die OLT.txt erstellt und nicht die Extra.txt.

Hier das File:
OTL Logfile:
Code:
OTL logfile created on: 09.05.2013 01:53:03 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\PornStar\Desktop\Trojaner-Board.de Tools
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,11% Memory free
8,00 Gb Paging File | 6,46 Gb Available in Paging File | 80,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 41,29 Gb Free Space | 42,32% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 70,11 Gb Free Space | 8,41% Space Free | Partition Type: NTFS
 
Computer Name: PORNSTAR-PC | User Name: PornStar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.09 00:42:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\OTL.exe
PRC - [2013.03.28 19:02:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2013.03.28 19:02:50 | 003,363,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
PRC - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Programme\ESET Smart Security\x86\ekrn.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2004.06.24 17:16:39 | 000,045,056 | ---- | M] (RichiStudios) -- C:\Program Files (x86)\Shutdown\service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.04.24 18:52:06 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.01.28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.13 04:21:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.28 19:02:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013.03.27 04:16:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2013.03.15 18:31:48 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013.03.15 18:31:28 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.01.28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.12.19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004.06.24 17:16:39 | 000,045,056 | ---- | M] (RichiStudios) [Auto | Running] -- C:\Program Files (x86)\Shutdown\service.exe -- (RSShutdown)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.24 19:19:22 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013.04.24 19:19:22 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.04.24 17:48:16 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.14 12:21:06 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013.02.14 12:21:04 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.01.10 09:25:22 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013.01.10 09:25:22 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013.01.10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.11.09 15:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.11.09 15:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.11.09 15:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.11.09 15:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.10.17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013.03.28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2013.03.28 19:03:02 | 000,017,384 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2013.03.15 18:31:40 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012.11.16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2012.04.30 18:45:00 | 000,044,688 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=4E5800248C66E588
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VLC Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013.04.05 00:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:30:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET Smart Security\Mozilla Thunderbird [2013.04.05 00:12:59 | 000,000,000 | ---D | M]
 
[2013.04.30 19:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PornStar\AppData\Roaming\mozilla\Extensions
[2013.04.22 03:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PornStar\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.04.11 17:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\PornStar\AppData\Roaming\mozilla\firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi
 
O1 HOSTS File: ([2013.05.07 02:25:16 | 000,000,982 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2CCA15A-119E-4C9F-9DED-7974F45C209B}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O27:64bit: - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hd-apkhandler.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hd-runapp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hd-startlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\quickstart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sbase.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\scalc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sdraw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\simpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\smath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\soffice.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sptdinst-x64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\swriter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\thunderbird.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hd-apkhandler.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hd-runapp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hd-startlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\quickstart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sbase.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\scalc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sdraw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\simpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\smath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\soffice.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sptdinst-x64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\swriter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\thunderbird.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.04 12:25:12 | 000,000,025 | -H-- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.09 01:38:10 | 000,029,984 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2013.05.09 01:38:09 | 000,037,664 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2013.05.09 00:49:19 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Desktop\Trojaner-Board.de Tools
[2013.05.08 06:30:58 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Media Player Classic
[2013.05.07 22:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.05.07 22:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2013.05.07 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2013.05.07 18:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.05.07 18:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013.05.07 18:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\LicenseProxy
[2013.05.07 03:48:43 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\FLT
[2013.05.07 03:48:36 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\My Games
[2013.05.07 02:47:50 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Anti-Malware
[2013.05.07 02:14:52 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Malwarebytes
[2013.05.07 02:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.07 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.07 02:14:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.07 02:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.06 19:04:08 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2013.05.06 19:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2013.05.06 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Android
[2013.05.06 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Android
[2013.05.05 21:26:44 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\DVDVideoSoft
[2013.05.05 21:25:45 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.05 21:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.05.05 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoft
[2013.05.05 21:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.05.05 21:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.05.05 20:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Recorder Pro
[2013.05.05 20:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audio Recorder Pro
[2013.05.05 17:45:54 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\Vidalia
[2013.05.05 10:59:36 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\gtk-2.0
[2013.05.05 08:26:50 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\tor
[2013.05.05 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\HexChat
[2013.05.05 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Downloads
[2013.05.05 08:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
[2013.05.05 08:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\HexChat
[2013.05.05 06:58:25 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\X-Chat 2
[2013.05.03 04:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shutdown
[2013.04.30 22:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jDownloader
[2013.04.30 22:36:06 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jDownloader
[2013.04.30 21:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.04.30 20:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.04.30 20:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.04.30 20:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.04.30 20:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.04.30 20:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.04.30 20:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.30 20:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.04.30 20:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.04.30 20:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.04.30 20:44:35 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.04.30 20:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.04.30 20:41:09 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Xion
[2013.04.30 20:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xion
[2013.04.30 20:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xion
[2013.04.30 19:15:12 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.30 19:01:15 | 000,000,000 | ---D | C] -- C:\Steam
[2013.04.30 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.30 18:49:08 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\IN-MEDIAKG
[2013.04.30 18:48:57 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\mresreg
[2013.04.30 18:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IntelligentShutdown
[2013.04.30 18:48:23 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intelligent Shutdown
[2013.04.30 18:15:32 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\Mozilla
[2013.04.30 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Carbon
[2013.04.30 06:55:49 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\StarCraft II
[2013.04.30 06:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013.04.30 06:53:39 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Blizzard Entertainment
[2013.04.30 06:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013.04.30 06:52:59 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Battle.net
[2013.04.30 01:49:46 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\Warframe
[2013.04.25 00:10:16 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.04.25 00:10:16 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.04.25 00:10:15 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.04.25 00:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.04.24 23:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.04.24 18:52:50 | 000,514,048 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.04.24 18:52:06 | 000,238,080 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.04.24 18:50:44 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.04.24 18:50:30 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.04.24 18:36:28 | 000,069,632 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.97.100.dll
[2013.04.23 15:53:13 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\OpenOffice.org
[2013.04.23 15:50:41 | 000,000,000 | --SD | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.04.23 15:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.04.22 03:49:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.04.22 03:49:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.04.22 03:49:17 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Babylon
[2013.04.22 03:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.04.22 03:48:45 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\PutLockerDownloader
[2013.04.21 11:28:53 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\GoforFiles
[2013.04.13 05:18:04 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\streamWriter
[2013.04.13 05:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamWriter
[2013.04.13 05:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamWriter
[2013.04.13 05:11:30 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\streamripper
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 01:54:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.09 01:50:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 01:50:23 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.09 01:44:49 | 000,000,704 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_014446.reg
[2013.05.09 01:43:23 | 000,011,620 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_014321.reg
[2013.05.09 00:46:27 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 00:46:27 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 00:37:33 | 000,000,594 | ---- | M] () -- C:\Users\PornStar\defogger_reenable
[2013.05.09 00:26:39 | 000,000,748 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_002636.reg
[2013.05.09 00:21:17 | 000,008,546 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_002114.reg
[2013.05.09 00:00:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.09 00:00:21 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.09 00:00:21 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.09 00:00:21 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.09 00:00:21 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.07 18:00:14 | 000,059,558 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130507_180011.reg
[2013.05.07 02:18:17 | 000,000,033 | ---- | M] () -- C:\Users\PornStar\AppData\Roaming\mbam.context.scan
[2013.05.05 18:22:21 | 000,001,200 | ---- | M] () -- C:\Users\PornStar\Desktop\Tor Browser.lnk
[2013.05.05 14:01:02 | 000,001,886 | ---- | M] () -- C:\Users\PornStar\Desktop\TOR.exe.lnk
[2013.05.05 12:39:07 | 000,000,218 | ---- | M] () -- C:\Users\PornStar\AppData\Local\recently-used.xbel
[2013.05.05 08:48:39 | 000,000,816 | ---- | M] () -- C:\Users\PornStar\Desktop\HexChat.lnk
[2013.05.03 01:53:14 | 000,000,705 | ---- | M] () -- C:\Users\PornStar\AppData\Roaming\MPQEditor.ini
[2013.04.24 18:59:08 | 000,245,936 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2013.04.24 18:59:08 | 000,245,936 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2013.04.24 18:52:50 | 000,514,048 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.04.24 18:52:06 | 000,238,080 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.04.24 18:50:44 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.04.24 18:50:30 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.04.24 18:36:28 | 000,069,632 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_8.97.100.dll
[2013.04.24 18:13:06 | 002,818,784 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.04.24 18:05:56 | 002,852,480 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.04.24 13:14:06 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2013.04.23 22:00:10 | 000,298,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.23 15:53:21 | 000,001,237 | -H-- | M] () -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.09 01:44:47 | 000,000,704 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_014446.reg
[2013.05.09 01:43:22 | 000,011,620 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_014321.reg
[2013.05.09 00:37:17 | 000,000,594 | ---- | C] () -- C:\Users\PornStar\defogger_reenable
[2013.05.09 00:26:38 | 000,000,748 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_002636.reg
[2013.05.09 00:21:15 | 000,008,546 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_002114.reg
[2013.05.07 18:00:13 | 000,059,558 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130507_180011.reg
[2013.05.07 02:18:17 | 000,000,033 | ---- | C] () -- C:\Users\PornStar\AppData\Roaming\mbam.context.scan
[2013.05.05 18:22:21 | 000,001,200 | ---- | C] () -- C:\Users\PornStar\Desktop\Tor Browser.lnk
[2013.05.05 12:39:07 | 000,000,218 | ---- | C] () -- C:\Users\PornStar\AppData\Local\recently-used.xbel
[2013.05.05 08:48:39 | 000,000,816 | ---- | C] () -- C:\Users\PornStar\Desktop\HexChat.lnk
[2013.05.05 08:30:34 | 000,001,886 | ---- | C] () -- C:\Users\PornStar\Desktop\TOR.exe.lnk
[2013.04.30 19:15:12 | 000,000,600 | ---- | C] () -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam.lnk
[2013.04.30 07:04:58 | 000,000,705 | ---- | C] () -- C:\Users\PornStar\AppData\Roaming\MPQEditor.ini
[2013.04.25 00:10:14 | 000,002,203 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.04.24 18:59:08 | 000,245,936 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2013.04.24 18:59:08 | 000,245,936 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2013.04.24 18:13:06 | 002,818,784 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.04.24 18:05:56 | 002,852,480 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.04.24 13:14:06 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2013.04.23 15:53:21 | 000,001,237 | -H-- | C] () -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.04.05 01:31:43 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.04.04 21:46:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.16 22:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.11.16 22:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 032,043,008 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 030,744,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.22 03:49:17 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Babylon
[2013.04.30 06:53:12 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Battle.net
[2013.04.30 14:57:18 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Carbon
[2013.04.06 16:18:38 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013.05.07 17:59:48 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\DAEMON Tools Lite
[2013.05.05 21:36:50 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoft
[2013.05.05 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.04.05 00:14:55 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\ESET
[2013.04.21 11:29:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\GoforFiles
[2013.05.07 10:24:45 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\HexChat
[2013.04.30 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\IN-MEDIAKG
[2013.04.05 02:23:03 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\IrfanView
[2013.04.30 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\mresreg
[2013.04.23 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\OpenOffice.org
[2013.04.30 18:38:52 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Opera
[2013.04.05 21:32:29 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\PC Suite
[2013.04.30 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\r2 Studios
[2013.04.13 05:11:30 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\streamripper
[2013.04.13 09:51:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\streamWriter
[2013.04.05 02:30:59 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Thunderbird
[2013.05.07 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\TS3Client
[2013.04.05 02:42:18 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\TuneUp Software
[2013.05.09 00:20:54 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\uTorrent
[2013.05.05 08:06:04 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\X-Chat 2
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Und zum Schluss noch das gmer File:

GMER Logfile:
Code:
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-09 02:05:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD10EAVS-00D7B0 rev.01.01A01 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\PornStar\AppData\Local\Temp\fgldakog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\ESET Smart Security\x86\ekrn.exe[1592] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                0000000076b687b1 4 bytes [C2, 04, 00, 00]
.text  C:\Program Files\ESET Smart Security\x86\ekrn.exe[1592] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                      0000000076a81465 2 bytes [A8, 76]
.text  C:\Program Files\ESET Smart Security\x86\ekrn.exe[1592] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                    0000000076a814bb 2 bytes [A8, 76]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 322                                                                                  0000000073e01a22 2 bytes [E0, 73]
.text  C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 496                                                                                  0000000073e01ad0 2 bytes [E0, 73]
.text  C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 552                                                                                  0000000073e01b08 2 bytes [E0, 73]
.text  C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 730                                                                                  0000000073e01bba 2 bytes [E0, 73]
.text  C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 762                                                                                  0000000073e01bda 2 bytes [E0, 73]
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                  0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                      0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                    0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                  0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                                                0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                              0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                      000007fefe489aa5 3 bytes [65, 65, 06]
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                              000007feff113b44 6 bytes {JMP QWORD [RIP+0xfc4ec]}
.text  C:\Windows\system32\taskhost.exe[2120] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                              000007feff12b704 6 bytes {JMP QWORD [RIP+0xc492c]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                              0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                              0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                              0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                          0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text  C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                  000007fefe489aa5 3 bytes [65, 65, 06]
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                        0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                          0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                        0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                        0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                                                    0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                  0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text  C:\Windows\system32\Dwm.exe[2400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                            000007fefe489aa5 3 bytes CALL 5b000038
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                            0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                              0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                            0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                                                        0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefe489aa5 3 bytes [65, 65, 06]
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\msi.dll!MsiSetInternalUI                                                                                                          000007fefa185cd0 6 bytes {JMP QWORD [RIP+0x37a360]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\msi.dll!MsiInstallProductA                                                                                                        000007fefa200f20 6 bytes JMP 2bf108
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\msi.dll!MsiInstallProductW                                                                                                        000007fefa20faa8 6 bytes JMP 0
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA                                                                                                    000007fef92e7b34 6 bytes {JMP QWORD [RIP+0xa84fc]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                                                    000007fef92f03c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                                                                  000007fefea43030 6 bytes JMP 532d720
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WS2_32.dll!connect + 1                                                                                                            000007fefea445c1 5 bytes {JMP QWORD [RIP+0x24ba70]}
.text  C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WS2_32.dll!listen                                                                                                                  000007fefea48290 6 bytes JMP ca5e0
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                      0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                        0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                      0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                                  0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                          000007fefe489aa5 3 bytes [65, 65, 06]
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                                            000007fefea43030 6 bytes {JMP QWORD [RIP+0x1dd000]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\WS2_32.dll!connect + 1                                                                                      000007fefea445c1 5 bytes {JMP QWORD [RIP+0x19ba70]}
.text  C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\WS2_32.dll!listen                                                                                            000007fefea48290 6 bytes JMP 1000c
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                    000000007780fc00 3 bytes JMP 7184000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                                000000007780fc04 2 bytes JMP 7184000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                        000000007780fd44 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                    000000007780fd48 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                      0000000077810094 3 bytes JMP 7181000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                  0000000077810098 2 bytes JMP 7181000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                    00000000778101a4 3 bytes JMP 718a000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                                00000000778101a8 2 bytes JMP 718a000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                  0000000077810a24 3 bytes JMP 7187000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                              0000000077810a28 2 bytes JMP 7187000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                0000000077811900 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                            0000000077811904 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                        00000000772c2c91 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                    0000000076c79679 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                    0000000076c812a5 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                    0000000076c83baa 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                    0000000076c8612e 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendInput                                                                        0000000076c9ff4a 3 bytes JMP 719f000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                                    0000000076c9ff4e 2 bytes JMP 719f000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!mouse_event                                                                      0000000076cd027b 6 bytes JMP 71a5000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!keybd_event                                                                      0000000076cd02bf 6 bytes JMP 71a2000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                0000000076e1712c 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                0000000076e33158 6 bytes JMP 7190000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                              000000007780fc00 3 bytes JMP 718a000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                          000000007780fc04 2 bytes JMP 718a000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                  000000007780fd44 3 bytes JMP 7184000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                              000000007780fd48 2 bytes JMP 7184000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                0000000077810094 3 bytes JMP 7187000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                            0000000077810098 2 bytes JMP 7187000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                              00000000778101a4 3 bytes JMP 7190000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                          00000000778101a8 2 bytes JMP 7190000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                            0000000077810a24 3 bytes JMP 718d000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                        0000000077810a28 2 bytes JMP 718d000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                          0000000077811900 3 bytes JMP 7181000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                      0000000077811904 2 bytes JMP 7181000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                  00000000772c2c91 4 bytes CALL 71af0000
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendMessageW                                                              0000000076c79679 6 bytes JMP 719f000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!PostMessageW                                                              0000000076c812a5 6 bytes JMP 7199000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!PostMessageA                                                              0000000076c83baa 6 bytes JMP 719c000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendMessageA                                                              0000000076c8612e 6 bytes JMP 71a2000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendInput                                                                  0000000076c9ff4a 3 bytes JMP 71a5000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                              0000000076c9ff4e 2 bytes JMP 71a5000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!mouse_event                                                                0000000076cd027b 6 bytes JMP 71ab000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!keybd_event                                                                0000000076cd02bf 6 bytes JMP 71a8000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                          0000000076e1712c 6 bytes JMP 7193000a
.text  C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                          0000000076e33158 6 bytes JMP 7196000a

---- User IAT/EAT - GMER 2.1 ----

IAT    C:\Windows\system32\svchost.exe[576] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress]                                                                            [7fefb992960] c:\windows\system32\uxtuneup.dll
IAT    C:\Windows\system32\svchost.exe[576] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile]                                                                                  [7fefb992840] c:\windows\system32\uxtuneup.dll
IAT    C:\Windows\system32\svchost.exe[576] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress]                                                                                  [7fefb992960] c:\windows\system32\uxtuneup.dll
IAT    C:\Windows\system32\svchost.exe[576] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile]                                                                                        [7fefb992840] c:\windows\system32\uxtuneup.dll
IAT    C:\Windows\Explorer.EXE[2436] @ C:\Windows\Explorer.EXE[USER32.dll!LoadImageW]                                                                                                      [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll
IAT    C:\Windows\Explorer.EXE[2436] @ C:\Windows\system32\DUI70.dll[USER32.dll!LoadImageW]                                                                                                [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll
IAT    C:\Windows\Explorer.EXE[2436] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!LoadImageW]  [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [340:2576]                                                                                                                                          000007fef9970ea8
Thread  C:\Windows\system32\svchost.exe [340:2580]                                                                                                                                          000007fef9969db0
Thread  C:\Windows\system32\svchost.exe [340:2600]                                                                                                                                          000007fef996aa10
Thread  C:\Windows\system32\svchost.exe [340:2604]                                                                                                                                          000007fef9971c94
Thread  C:\Windows\system32\svchost.exe [340:516]                                                                                                                                            000007fef504d3c8
Thread  C:\Windows\system32\svchost.exe [340:1920]                                                                                                                                          000007fef504d3c8
Thread  C:\Windows\system32\svchost.exe [340:1856]                                                                                                                                          000007fef504d3c8
Thread  C:\Windows\system32\svchost.exe [340:1248]                                                                                                                                          000007fef504d3c8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2304:3008]                                                                                                                      000007fefc802a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2304:3200]                                                                                                                      000007fefa735124
Thread  C:\Windows\System32\svchost.exe [3788:2268]                                                                                                                                          000007fef3e99688

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                  C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                  0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                  0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                              0x9D 0xF9 0x69 0x16 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                        0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                      0x48 0x79 0x60 0x88 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                0x48 0x93 0x57 0x8A ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                      C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                      0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                      0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                  0x9D 0xF9 0x69 0x16 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                            0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                          0x48 0x79 0x60 0x88 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                    0x48 0x93 0x57 0x8A ...

---- EOF - GMER 2.1 ----
--- --- ---


Ich hoffe das jetzt alles bei sammen ist.

Grüße

?? Doppelpost ??

Beim ersten versuch zu posten wurde mir trotz das ich länger nichts gepostet habe die Meldung: Sie können nur alle 40 Sekunden posten, warten sie. Oder so ähnlich ausgegeben.

Hab gewartet und dann doppelpost lol.
Sry ich weiss nicht was hier vor sich geht.
Wie kann man das löschen?

?? Doppelpost ??

Beim ersten versuch zu posten wurde mir trotz das ich länger nichts gepostet habe die Meldung: Sie können nur alle 40 Sekunden posten, warten sie. Oder so ähnlich ausgegeben.

Hab gewartet und dann doppelpost lol.
Sry ich weiss nicht was hier vor sich geht.
Wie kann man das löschen?

cosinus 09.05.2013 01:28
Das Log von ESET fehlt noch

Zitat:
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

DH! 09.05.2013 01:34
Keine Ahnung ob ich das brauche, aber ist kein Uni Rechner oder irgendwas.

Wie kann ich das Log File von Eset denn finden?

Edit

Also im Ordner von Eset ist kein Log File, habe gesehen es ist auch nicht aktiviert gewesen sowas im Log File zu saven.
Da gibt es in der Firewall von Eset so eine Einstellung.

cosinus 09.05.2013 16:43
Wir haben nicht zu jedem der 1000 Virenscanner die es auf dem Markt gibt eine bebilderte Anleitung...schau einfach mal im Hauptmenü des Scanners nach, da muss es eine Option geben um an die Ereignisse und Protokolle zu kommen.

Von ESET haben wir nur eine Anleitung des Online-Scanners.

DH! 12.05.2013 14:41
Ich habe mich da wohl vertan, das war doch was anderes, welche log datei brauchst du denn?

Es gibt erkannte Bedrohungen, Ereignisse, Prüfen des Computers, HIPS, Personal Firewall.

Ach was mir grade noch einfällt, es ist ein Bischen her jetzt aber ESET hatte mal ne Meldung ausgegeben, das ein Covert-Channel-Exploid entdeckt wurde, und hat ne Ip Adresse angezeigt. Hab danach gegoogelt aber nichts gefunden, vllt neuer virus?
Hab mich dann dadrum nicht mer gekümmert..

MfG

cosinus 12.05.2013 21:03
Naja, ich brauche die Infos über die erkannten schadhaften Dateien. Müsste unter Bedrohungen bzw. Ereignisse zu sehen sein.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131