Ne war abgelenkt grad, konnte nix machen.
So, also des weiteren ist mir aufgefallen, das ständig obwohl ich es immer wieder ändere, die Option versteckte Ordner anzeigen & versteckte System Dateien anzeigen sich immer wieder von selbst aktiviert irgendwie.
Was ist da los?? o.O
Hier die Logs:
Bei Defogger kam keine Fehlermeldung, hier ist trotzdem das Log File.
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:37 on 09/05/2013 (PornStar)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Bei OLT wurde irgendwie nur die OLT.txt erstellt und nicht die Extra.txt.
Hier das File:
OTL Logfile: Code:
OTL logfile created on: 09.05.2013 01:53:03 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PornStar\Desktop\Trojaner-Board.de Tools
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,11% Memory free
8,00 Gb Paging File | 6,46 Gb Available in Paging File | 80,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 41,29 Gb Free Space | 42,32% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 70,11 Gb Free Space | 8,41% Space Free | Partition Type: NTFS
Computer Name: PORNSTAR-PC | User Name: PornStar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.09 00:42:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\OTL.exe
PRC - [2013.03.28 19:02:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2013.03.28 19:02:50 | 003,363,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
PRC - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Programme\ESET Smart Security\x86\ekrn.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2004.06.24 17:16:39 | 000,045,056 | ---- | M] (RichiStudios) -- C:\Program Files (x86)\Shutdown\service.exe
========== Modules (No Company Name) ==========
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.04.24 18:52:06 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.01.28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.13 04:21:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.28 19:02:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013.03.27 04:16:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2013.03.15 18:31:48 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013.03.15 18:31:28 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.01.28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.12.19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004.06.24 17:16:39 | 000,045,056 | ---- | M] (RichiStudios) [Auto | Running] -- C:\Program Files (x86)\Shutdown\service.exe -- (RSShutdown)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.04.24 19:19:22 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013.04.24 19:19:22 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.04.24 17:48:16 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.14 12:21:06 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013.02.14 12:21:04 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.01.10 09:25:22 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013.01.10 09:25:22 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013.01.10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.11.09 15:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.11.09 15:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.11.09 15:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.11.09 15:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.10.17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013.03.28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2013.03.28 19:03:02 | 000,017,384 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2013.03.15 18:31:40 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012.11.16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2012.04.30 18:45:00 | 000,044,688 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=4E5800248C66E588
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VLC Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013.04.05 00:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:30:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET Smart Security\Mozilla Thunderbird [2013.04.05 00:12:59 | 000,000,000 | ---D | M]
[2013.04.30 19:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PornStar\AppData\Roaming\mozilla\Extensions
[2013.04.22 03:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PornStar\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.04.11 17:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\PornStar\AppData\Roaming\mozilla\firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi
O1 HOSTS File: ([2013.05.07 02:25:16 | 000,000,982 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2CCA15A-119E-4C9F-9DED-7974F45C209B}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O27:64bit: - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hd-apkhandler.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hd-runapp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hd-startlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\quickstart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sbase.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\scalc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sdraw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\simpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\smath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\soffice.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sptdinst-x64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\swriter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\thunderbird.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hd-apkhandler.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hd-runapp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hd-startlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nokiasuite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\quickstart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sbase.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\scalc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sdraw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\simpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\smath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\soffice.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sptdinst-x64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\swriter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\thunderbird.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.04 12:25:12 | 000,000,025 | -H-- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.09 01:38:10 | 000,029,984 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2013.05.09 01:38:09 | 000,037,664 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2013.05.09 00:49:19 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Desktop\Trojaner-Board.de Tools
[2013.05.08 06:30:58 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Media Player Classic
[2013.05.07 22:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.05.07 22:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2013.05.07 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2013.05.07 18:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.05.07 18:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013.05.07 18:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\LicenseProxy
[2013.05.07 03:48:43 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\FLT
[2013.05.07 03:48:36 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\My Games
[2013.05.07 02:47:50 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Anti-Malware
[2013.05.07 02:14:52 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Malwarebytes
[2013.05.07 02:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.07 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.07 02:14:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.07 02:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.06 19:04:08 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2013.05.06 19:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2013.05.06 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Android
[2013.05.06 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Android
[2013.05.05 21:26:44 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\DVDVideoSoft
[2013.05.05 21:25:45 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.05 21:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.05.05 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoft
[2013.05.05 21:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.05.05 21:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.05.05 20:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Recorder Pro
[2013.05.05 20:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audio Recorder Pro
[2013.05.05 17:45:54 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\Vidalia
[2013.05.05 10:59:36 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\gtk-2.0
[2013.05.05 08:26:50 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\tor
[2013.05.05 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\HexChat
[2013.05.05 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Downloads
[2013.05.05 08:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
[2013.05.05 08:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\HexChat
[2013.05.05 06:58:25 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\X-Chat 2
[2013.05.03 04:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shutdown
[2013.04.30 22:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jDownloader
[2013.04.30 22:36:06 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jDownloader
[2013.04.30 21:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.04.30 20:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.04.30 20:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.04.30 20:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.04.30 20:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.04.30 20:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.04.30 20:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.30 20:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.04.30 20:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.04.30 20:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.04.30 20:44:35 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.04.30 20:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.04.30 20:41:09 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\Xion
[2013.04.30 20:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xion
[2013.04.30 20:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xion
[2013.04.30 19:15:12 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.30 19:01:15 | 000,000,000 | ---D | C] -- C:\Steam
[2013.04.30 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.30 18:49:08 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\IN-MEDIAKG
[2013.04.30 18:48:57 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\mresreg
[2013.04.30 18:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IntelligentShutdown
[2013.04.30 18:48:23 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intelligent Shutdown
[2013.04.30 18:15:32 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\Mozilla
[2013.04.30 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Carbon
[2013.04.30 06:55:49 | 000,000,000 | ---D | C] -- C:\Users\PornStar\Documents\StarCraft II
[2013.04.30 06:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013.04.30 06:53:39 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Blizzard Entertainment
[2013.04.30 06:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013.04.30 06:52:59 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Battle.net
[2013.04.30 01:49:46 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\Warframe
[2013.04.25 00:10:16 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.04.25 00:10:16 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.04.25 00:10:15 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.04.25 00:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.04.24 23:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.04.24 18:52:50 | 000,514,048 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.04.24 18:52:06 | 000,238,080 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.04.24 18:50:44 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.04.24 18:50:30 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.04.24 18:36:28 | 000,069,632 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.97.100.dll
[2013.04.23 15:53:13 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\OpenOffice.org
[2013.04.23 15:50:41 | 000,000,000 | --SD | C] -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.04.23 15:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.04.22 03:49:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.04.22 03:49:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.04.22 03:49:17 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\Babylon
[2013.04.22 03:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.04.22 03:48:45 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Local\PutLockerDownloader
[2013.04.21 11:28:53 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\GoforFiles
[2013.04.13 05:18:04 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\streamWriter
[2013.04.13 05:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamWriter
[2013.04.13 05:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamWriter
[2013.04.13 05:11:30 | 000,000,000 | ---D | C] -- C:\Users\PornStar\AppData\Roaming\streamripper
========== Files - Modified Within 30 Days ==========
[2013.05.09 01:54:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.09 01:50:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 01:50:23 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.09 01:44:49 | 000,000,704 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_014446.reg
[2013.05.09 01:43:23 | 000,011,620 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_014321.reg
[2013.05.09 00:46:27 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 00:46:27 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 00:37:33 | 000,000,594 | ---- | M] () -- C:\Users\PornStar\defogger_reenable
[2013.05.09 00:26:39 | 000,000,748 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_002636.reg
[2013.05.09 00:21:17 | 000,008,546 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130509_002114.reg
[2013.05.09 00:00:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.09 00:00:21 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.09 00:00:21 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.09 00:00:21 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.09 00:00:21 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.07 18:00:14 | 000,059,558 | ---- | M] () -- C:\Users\PornStar\Documents\cc_20130507_180011.reg
[2013.05.07 02:18:17 | 000,000,033 | ---- | M] () -- C:\Users\PornStar\AppData\Roaming\mbam.context.scan
[2013.05.05 18:22:21 | 000,001,200 | ---- | M] () -- C:\Users\PornStar\Desktop\Tor Browser.lnk
[2013.05.05 14:01:02 | 000,001,886 | ---- | M] () -- C:\Users\PornStar\Desktop\TOR.exe.lnk
[2013.05.05 12:39:07 | 000,000,218 | ---- | M] () -- C:\Users\PornStar\AppData\Local\recently-used.xbel
[2013.05.05 08:48:39 | 000,000,816 | ---- | M] () -- C:\Users\PornStar\Desktop\HexChat.lnk
[2013.05.03 01:53:14 | 000,000,705 | ---- | M] () -- C:\Users\PornStar\AppData\Roaming\MPQEditor.ini
[2013.04.24 18:59:08 | 000,245,936 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2013.04.24 18:59:08 | 000,245,936 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2013.04.24 18:52:50 | 000,514,048 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.04.24 18:52:06 | 000,238,080 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.04.24 18:50:44 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.04.24 18:50:30 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.04.24 18:36:28 | 000,069,632 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_8.97.100.dll
[2013.04.24 18:13:06 | 002,818,784 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.04.24 18:05:56 | 002,852,480 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.04.24 13:14:06 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2013.04.23 22:00:10 | 000,298,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.23 15:53:21 | 000,001,237 | -H-- | M] () -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
========== Files Created - No Company Name ==========
[2013.05.09 01:44:47 | 000,000,704 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_014446.reg
[2013.05.09 01:43:22 | 000,011,620 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_014321.reg
[2013.05.09 00:37:17 | 000,000,594 | ---- | C] () -- C:\Users\PornStar\defogger_reenable
[2013.05.09 00:26:38 | 000,000,748 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_002636.reg
[2013.05.09 00:21:15 | 000,008,546 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130509_002114.reg
[2013.05.07 18:00:13 | 000,059,558 | ---- | C] () -- C:\Users\PornStar\Documents\cc_20130507_180011.reg
[2013.05.07 02:18:17 | 000,000,033 | ---- | C] () -- C:\Users\PornStar\AppData\Roaming\mbam.context.scan
[2013.05.05 18:22:21 | 000,001,200 | ---- | C] () -- C:\Users\PornStar\Desktop\Tor Browser.lnk
[2013.05.05 12:39:07 | 000,000,218 | ---- | C] () -- C:\Users\PornStar\AppData\Local\recently-used.xbel
[2013.05.05 08:48:39 | 000,000,816 | ---- | C] () -- C:\Users\PornStar\Desktop\HexChat.lnk
[2013.05.05 08:30:34 | 000,001,886 | ---- | C] () -- C:\Users\PornStar\Desktop\TOR.exe.lnk
[2013.04.30 19:15:12 | 000,000,600 | ---- | C] () -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam.lnk
[2013.04.30 07:04:58 | 000,000,705 | ---- | C] () -- C:\Users\PornStar\AppData\Roaming\MPQEditor.ini
[2013.04.25 00:10:14 | 000,002,203 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.04.24 18:59:08 | 000,245,936 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2013.04.24 18:59:08 | 000,245,936 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2013.04.24 18:13:06 | 002,818,784 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.04.24 18:05:56 | 002,852,480 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.04.24 13:14:06 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2013.04.23 15:53:21 | 000,001,237 | -H-- | C] () -- C:\Users\PornStar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.04.05 01:31:43 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.04.04 21:46:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.16 22:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.11.16 22:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 032,043,008 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 030,744,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.04.22 03:49:17 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Babylon
[2013.04.30 06:53:12 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Battle.net
[2013.04.30 14:57:18 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Carbon
[2013.04.06 16:18:38 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013.05.07 17:59:48 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\DAEMON Tools Lite
[2013.05.05 21:36:50 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoft
[2013.05.05 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.04.05 00:14:55 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\ESET
[2013.04.21 11:29:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\GoforFiles
[2013.05.07 10:24:45 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\HexChat
[2013.04.30 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\IN-MEDIAKG
[2013.04.05 02:23:03 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\IrfanView
[2013.04.30 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\mresreg
[2013.04.23 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\OpenOffice.org
[2013.04.30 18:38:52 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Opera
[2013.04.05 21:32:29 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\PC Suite
[2013.04.30 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\r2 Studios
[2013.04.13 05:11:30 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\streamripper
[2013.04.13 09:51:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\streamWriter
[2013.04.05 02:30:59 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\Thunderbird
[2013.05.07 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\TS3Client
[2013.04.05 02:42:18 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\TuneUp Software
[2013.05.09 00:20:54 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\uTorrent
[2013.05.05 08:06:04 | 000,000,000 | ---D | M] -- C:\Users\PornStar\AppData\Roaming\X-Chat 2
========== Purity Check ==========
< End of report >
--- --- ---
Und zum Schluss noch das gmer File:
GMER Logfile: Code:
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-09 02:05:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD10EAVS-00D7B0 rev.01.01A01 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\PornStar\AppData\Local\Temp\fgldakog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\ESET Smart Security\x86\ekrn.exe[1592] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076b687b1 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET Smart Security\x86\ekrn.exe[1592] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files\ESET Smart Security\x86\ekrn.exe[1592] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 322 0000000073e01a22 2 bytes [E0, 73]
.text C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 496 0000000073e01ad0 2 bytes [E0, 73]
.text C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 552 0000000073e01b08 2 bytes [E0, 73]
.text C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 730 0000000073e01bba 2 bytes [E0, 73]
.text C:\Program Files (x86)\Shutdown\service.exe[1700] C:\Windows\SysWow64\WSOCK32.dll!setsockopt + 762 0000000073e01bda 2 bytes [E0, 73]
.text C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text C:\Windows\system32\taskhost.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text C:\Windows\system32\taskhost.exe[2120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe489aa5 3 bytes [65, 65, 06]
.text C:\Windows\system32\taskhost.exe[2120] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff113b44 6 bytes {JMP QWORD [RIP+0xfc4ec]}
.text C:\Windows\system32\taskhost.exe[2120] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff12b704 6 bytes {JMP QWORD [RIP+0xc492c]}
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[2140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe489aa5 3 bytes [65, 65, 06]
.text C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text C:\Windows\system32\Dwm.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text C:\Windows\system32\Dwm.exe[2400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe489aa5 3 bytes CALL 5b000038
.text C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text C:\Windows\Explorer.EXE[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text C:\Windows\Explorer.EXE[2436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe489aa5 3 bytes [65, 65, 06]
.text C:\Windows\Explorer.EXE[2436] C:\Windows\system32\msi.dll!MsiSetInternalUI 000007fefa185cd0 6 bytes {JMP QWORD [RIP+0x37a360]}
.text C:\Windows\Explorer.EXE[2436] C:\Windows\system32\msi.dll!MsiInstallProductA 000007fefa200f20 6 bytes JMP 2bf108
.text C:\Windows\Explorer.EXE[2436] C:\Windows\system32\msi.dll!MsiInstallProductW 000007fefa20faa8 6 bytes JMP 0
.text C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef92e7b34 6 bytes {JMP QWORD [RIP+0xa84fc]}
.text C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef92f03c0 6 bytes {JMP QWORD [RIP+0x7fc70]}
.text C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefea43030 6 bytes JMP 532d720
.text C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefea445c1 5 bytes {JMP QWORD [RIP+0x24ba70]}
.text C:\Windows\Explorer.EXE[2436] C:\Windows\system32\WS2_32.dll!listen 000007fefea48290 6 bytes JMP ca5e0
.text C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077661570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077661640 6 bytes {JMP QWORD [RIP+0x8b1e9f0]}
.text C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077661860 6 bytes {JMP QWORD [RIP+0x8afe7d0]}
.text C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077661910 6 bytes {JMP QWORD [RIP+0x8a9e720]}
.text C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077661ea0 6 bytes {JMP QWORD [RIP+0x8abe190]}
.text C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077662840 6 bytes {JMP QWORD [RIP+0x8b3d7f0]}
.text C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe489aa5 3 bytes [65, 65, 06]
.text C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefea43030 6 bytes {JMP QWORD [RIP+0x1dd000]}
.text C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefea445c1 5 bytes {JMP QWORD [RIP+0x19ba70]}
.text C:\Program Files\ESET Smart Security\egui.exe[2912] C:\Windows\system32\WS2_32.dll!listen 000007fefea48290 6 bytes JMP 1000c
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007780fc00 3 bytes JMP 7184000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007780fc04 2 bytes JMP 7184000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007780fd44 3 bytes JMP 717e000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007780fd48 2 bytes JMP 717e000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077810094 3 bytes JMP 7181000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077810098 2 bytes JMP 7181000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000778101a4 3 bytes JMP 718a000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000778101a8 2 bytes JMP 718a000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077810a24 3 bytes JMP 7187000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077810a28 2 bytes JMP 7187000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077811900 3 bytes JMP 717b000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077811904 2 bytes JMP 717b000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000772c2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c79679 6 bytes JMP 7199000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c812a5 6 bytes JMP 7193000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c83baa 6 bytes JMP 7196000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c8612e 6 bytes JMP 719c000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c9ff4a 3 bytes JMP 719f000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c9ff4e 2 bytes JMP 719f000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076cd027b 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076cd02bf 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076e1712c 6 bytes JMP 718d000a
.text C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe[2112] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076e33158 6 bytes JMP 7190000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007780fc00 3 bytes JMP 718a000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007780fc04 2 bytes JMP 718a000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007780fd44 3 bytes JMP 7184000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007780fd48 2 bytes JMP 7184000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077810094 3 bytes JMP 7187000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077810098 2 bytes JMP 7187000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000778101a4 3 bytes JMP 7190000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000778101a8 2 bytes JMP 7190000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077810a24 3 bytes JMP 718d000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077810a28 2 bytes JMP 718d000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077811900 3 bytes JMP 7181000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077811904 2 bytes JMP 7181000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000772c2c91 4 bytes CALL 71af0000
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076c79679 6 bytes JMP 719f000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076c812a5 6 bytes JMP 7199000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076c83baa 6 bytes JMP 719c000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076c8612e 6 bytes JMP 71a2000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendInput 0000000076c9ff4a 3 bytes JMP 71a5000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076c9ff4e 2 bytes JMP 71a5000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076cd027b 6 bytes JMP 71ab000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076cd02bf 6 bytes JMP 71a8000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076e1712c 6 bytes JMP 7193000a
.text C:\Users\PornStar\Desktop\Trojaner-Board.de Tools\gmer_2.1.19163.exe[3996] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076e33158 6 bytes JMP 7196000a
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\system32\svchost.exe[576] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [7fefb992960] c:\windows\system32\uxtuneup.dll
IAT C:\Windows\system32\svchost.exe[576] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [7fefb992840] c:\windows\system32\uxtuneup.dll
IAT C:\Windows\system32\svchost.exe[576] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefb992960] c:\windows\system32\uxtuneup.dll
IAT C:\Windows\system32\svchost.exe[576] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile] [7fefb992840] c:\windows\system32\uxtuneup.dll
IAT C:\Windows\Explorer.EXE[2436] @ C:\Windows\Explorer.EXE[USER32.dll!LoadImageW] [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll
IAT C:\Windows\Explorer.EXE[2436] @ C:\Windows\system32\DUI70.dll[USER32.dll!LoadImageW] [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll
IAT C:\Windows\Explorer.EXE[2436] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!LoadImageW] [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [340:2576] 000007fef9970ea8
Thread C:\Windows\system32\svchost.exe [340:2580] 000007fef9969db0
Thread C:\Windows\system32\svchost.exe [340:2600] 000007fef996aa10
Thread C:\Windows\system32\svchost.exe [340:2604] 000007fef9971c94
Thread C:\Windows\system32\svchost.exe [340:516] 000007fef504d3c8
Thread C:\Windows\system32\svchost.exe [340:1920] 000007fef504d3c8
Thread C:\Windows\system32\svchost.exe [340:1856] 000007fef504d3c8
Thread C:\Windows\system32\svchost.exe [340:1248] 000007fef504d3c8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2304:3008] 000007fefc802a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2304:3200] 000007fefa735124
Thread C:\Windows\System32\svchost.exe [3788:2268] 000007fef3e99688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9D 0xF9 0x69 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x48 0x79 0x60 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x48 0x93 0x57 0x8A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9D 0xF9 0x69 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x48 0x79 0x60 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x48 0x93 0x57 0x8A ...
---- EOF - GMER 2.1 ----
--- --- ---
Ich hoffe das jetzt alles bei sammen ist.
Grüße
?? Doppelpost ??
Beim ersten versuch zu posten wurde mir trotz das ich länger nichts gepostet habe die Meldung: Sie können nur alle 40 Sekunden posten, warten sie. Oder so ähnlich ausgegeben.
Hab gewartet und dann doppelpost lol.
Sry ich weiss nicht was hier vor sich geht.
Wie kann man das löschen?
?? Doppelpost ??
Beim ersten versuch zu posten wurde mir trotz das ich länger nichts gepostet habe die Meldung: Sie können nur alle 40 Sekunden posten, warten sie. Oder so ähnlich ausgegeben.
Hab gewartet und dann doppelpost lol.
Sry ich weiss nicht was hier vor sich geht.
Wie kann man das löschen? |
Lesestoff: