spyhunter 4 entfernen

friedrich23 · 24.01.2013, 17:03

hey. ich habe mir spyhunter 4 eingefangen:

malwarebytes anti malware scan:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.24.07

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
friedrich :: COMPUTER [limited]

Protection: Enabled

24.01.2013 15:35:34
mbam-log-2013-01-24 (15-35-34).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386756
Time elapsed: 48 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Delete on reboot.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Data: hxxp://searchfunmoods.com/?f=2&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827 -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL scan:

Code:

ATTFilter

OTL logfile created on: 24.01.2013 16:24:50 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\olotu\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 56,40% Memory free
6,73 Gb Paging File | 5,24 Gb Available in Paging File | 77,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 15,99 Gb Free Space | 16,37% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 185,82 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 101,81 Gb Free Space | 82,13% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.24 16:24:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\friedrich\Downloads\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.14 19:40:44 | 000,093,184 | ---- | M] () -- C:\Windows\System32\GFilterSvc.exe
PRC - [2012.11.14 19:40:42 | 000,067,584 | ---- | M] () -- C:\Windows\System32\MUILbnguageCleanup.exe
PRC - [2012.10.16 08:48:00 | 002,360,864 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.08 19:21:22 | 000,766,400 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012.01.13 19:48:07 | 000,040,960 | ---- | M] () -- C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.08.07 18:38:18 | 000,109,056 | ---- | M] (none) -- C:\Users\root\AppData\Local\Temp\Rar$EX01.516\WLAN Optimizer.exe
PRC - [2009.01.27 15:24:00 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.15 23:51:58 | 000,109,104 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008.05.15 23:51:54 | 000,150,064 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2008.05.15 23:51:54 | 000,055,856 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\hqtray.exe
PRC - [2008.05.15 23:51:40 | 000,072,240 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-tray.exe
PRC - [2008.05.15 23:51:34 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 08:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.19 08:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.04.10 20:24:26 | 000,143,360 | ---- | M] () -- C:\Programme\Vista Anti-Lag\val.exe
PRC - [2007.03.23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007.03.07 11:05:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2006.10.22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005.11.11 14:07:00 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\soundman.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.11 15:23:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2013.01.11 15:23:01 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2013.01.11 15:22:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2013.01.11 15:20:36 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2013.01.11 15:20:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2010.08.09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.05.15 23:51:50 | 000,080,432 | ---- | M] () -- C:\Programme\VMware\VMware Workstation\zlib1.dll
MOD - [2008.05.15 23:51:38 | 000,970,288 | ---- | M] () -- C:\Programme\VMware\VMware Workstation\libxml2.dll
MOD - [2007.04.10 20:24:26 | 000,143,360 | ---- | M] () -- C:\Programme\Vista Anti-Lag\val.exe
MOD - [2002.05.14 18:22:34 | 000,122,880 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.14 19:40:44 | 000,093,184 | ---- | M] () [Auto | Running] -- C:\Windows\System32\GFilterSvc.exe -- (GFilterSvc)
SRV - [2012.11.14 19:40:42 | 000,067,584 | ---- | M] () [Auto | Running] -- C:\Windows\System32\MUILbnguageCleanup.exe -- (snmpurap)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.16 08:48:00 | 002,360,864 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
SRV - [2012.10.11 02:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.08 19:21:22 | 000,766,400 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012.10.05 16:08:42 | 000,109,064 | ---- | M] (Wajam) [On_Demand | Stopped] -- C:\Programme\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.08 09:06:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012.01.13 19:48:07 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.01.12 09:07:32 | 000,695,640 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe -- (McAfee ScanAndRepair Svc)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.05.15 23:51:58 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008.05.15 23:51:54 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2008.05.15 23:51:34 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.30 16:23:02 | 000,186,928 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007.03.23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007.03.07 11:05:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.06.22 12:01:30 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2011.05.06 16:57:08 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.02.03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2008.05.15 23:52:18 | 000,926,000 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2008.05.15 23:52:18 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2008.05.15 23:52:18 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008.05.15 23:52:16 | 000,025,136 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008.05.15 23:51:36 | 000,015,920 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2008.05.15 23:51:08 | 000,030,768 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2008.05.15 23:51:08 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008.05.15 23:51:08 | 000,016,816 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008.01.23 09:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007.11.30 16:22:16 | 000,019,248 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007.03.23 09:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2007.03.12 10:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2007.02.08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2007.02.08 14:45:00 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ActionReplayDS.sys -- (ActionReplayDS)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.07.10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2006.03.24 17:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04)
DRV - [2005.11.24 12:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)
DRV - [2005.11.22 14:44:00 | 003,804,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcxwdm.sys -- (ALCXWDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - SOFTWARE\Classes\CLSID\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - SOFTWARE\Classes\CLSID\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4212_1&babsrc=SP_clro&mntrId=e484c610000000000000001839049e5c
IE - HKCU\..\SearchScopes\{1B231CAF-15B3-410B-A229-06AED74DEBBA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{646A2449-9FB6-4A5A-9B7F-1E9B10B6FFDF}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432373336343736&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
IE - HKCU\..\SearchScopes\{CAC910EF-195B-4308-9526-8B732AE6ADFF}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D457F1DB-75B6-4A4D-B50B-7CF3AEF24BAB}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D97D2AB5-930D-4C48-89DE-ADCA98769C3D}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{DFE9012D-09B6-4947-B07E-4EF158F7822F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.8.1.300
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q="
 
FF - user.js..browser.search.defaultenginename: "Google"
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.10 18:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.15 20:07:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.27 16:07:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.10.17 12:41:08 | 000,000,000 | ---D | M]
 
[2010.05.14 17:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions
[2012.11.14 19:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions
[2011.04.07 15:54:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.13 19:47:19 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2012.02.10 14:38:40 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.10.17 12:41:10 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\crossriderapp5060@crossrider.com
[2012.02.10 14:38:12 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@babylon.com
[2012.10.17 12:41:34 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@claro.com
[2012.11.14 19:40:34 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com
[2012.10.17 12:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode
[2012.10.13 18:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012.11.15 16:51:42 | 000,002,273 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\bingp.xml
[2012.11.14 19:40:34 | 000,000,781 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\Funmoods.xml
[2012.12.13 15:49:20 | 000,003,576 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\Google.xml
[2012.01.13 19:48:10 | 000,002,077 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{9573D3C0-1EF0-4E34-A57D-69E97F8AC325}.xml
[2012.01.13 19:48:10 | 000,001,870 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{A46C1975-777F-4326-8C76-0CD708A49FEC}.xml
[2012.01.13 19:48:10 | 000,002,188 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{F4D0AF56-E566-4B71-A1D8-C2D229AFAD50}.xml
[2012.12.10 18:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.17 12:41:08 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012.10.11 02:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.12.19 12:14:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.12 09:07:32 | 000,183,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMcAfeeSRPlgn.dll
[2012.10.17 12:41:24 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 02:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: McAfeeScanAndRepair (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npMcAfeeSRPlgn.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - Extension: YouTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: ProxTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\chakodcglgpacmjpjfaoopegbglbollk\1.1.35_0\
CHR - Extension: Google-Suche = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DealPly = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Wajam = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Skype Click to Call = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Settings Protector = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: Google Mail = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2011.01.20 17:41:54 | 000,000,820 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Programme\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ProxTube) - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\root\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaz0.dll File not found
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Programme\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaz0.dll File not found
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Programme\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Program Files\Eazel-DE\tbEaz0.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [EADM] "C:\Programme\Electronic Arts\EADM\EADMUI\EADMUI.exe" File not found
O4 - HKCU..\Run: [iPhone Explorer Launcher] C:\Program Files\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7805E72A-2147-4619-B327-4D3EF8AB535A}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81EFCBE7-A49E-41E7-B7EF-FB55075F8ABF}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86A4A234-5EDE-444B-AB27-44A014E3F19F}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9E527F-645B-4E88-B8F9-253BAAE1B016}: NameServer = 213.191.74.18,213.191.74.19
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a401363f-dbf2-11dd-931b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{a401363f-dbf2-11dd-931b-005056c00008}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d11fe830-8295-11dd-9c03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d11fe830-8295-11dd-9c03-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f189f69d-e62d-11dd-81ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f189f69d-e62d-11dd-81ca-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.24 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.23 19:24:57 | 000,000,000 | ---D | C] -- C:\WZShutdown
[2013.01.17 16:09:47 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Malwarebytes
[2013.01.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.17 16:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.17 16:09:37 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.17 16:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.16 20:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.01.15 20:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeScanAndRepair
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2013.01.15 17:22:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.24 16:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.24 16:02:02 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 16:02:02 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 15:14:46 | 000,000,000 | ---- | M] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | M] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.24 14:14:37 | 000,636,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.24 14:14:37 | 000,594,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.24 14:14:37 | 000,128,380 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.24 14:14:37 | 000,106,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.24 14:13:49 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.24 14:08:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.17 18:07:13 | 480,098,425 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.17 16:09:39 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.16 19:18:59 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.16 19:18:47 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 19:10:00 | 000,399,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 18:01:50 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2013.01.09 18:01:49 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.24 15:14:46 | 000,000,000 | ---- | C] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | C] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.17 16:09:39 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 17:21:34 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013.01.15 17:21:34 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013.01.15 17:21:34 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013.01.11 15:03:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.01.11 15:03:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013.01.11 15:03:38 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.11.14 19:40:44 | 000,093,184 | ---- | C] () -- C:\Windows\System32\GFilterSvc.exe
[2012.11.14 19:40:42 | 000,067,584 | ---- | C] () -- C:\Windows\System32\MUILbnguageCleanup.exe
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.04.02 15:58:18 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012.01.13 20:39:22 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd
[2009.10.14 13:13:49 | 000,005,632 | ---- | C] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.14 16:27:33 | 000,002,032 | ---- | C] () -- C:\Users\root\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.09.05 16:15:12 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Atari
[2012.02.10 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Babylon
[2012.10.17 12:40:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Broad Intelligence
[2012.01.13 19:48:09 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DesktopIconForAmazon
[2009.01.03 18:01:54 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Leadertech
[2008.09.14 19:56:30 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\MAGIX
[2012.01.13 19:48:07 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\OCS
[2012.01.13 19:48:10 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Opera
[2012.01.14 19:19:41 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Pokemon Online
[2012.04.27 18:59:36 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\PunkBuster
[2011.12.22 16:09:51 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Software4u
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

die EXTRAS.txt datei wurde aus irgendeinem grund nicht generiert, sry.

gmer scan:

Code:

ATTFilter

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-24 16:47:51
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502IJ rev.1AA01113 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\root\AppData\Local\Temp\kwddqpoc.sys


---- System - GMER 2.0 ----

SSDT                                                                      \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys                                            ZwCreateSection [0xA1ACF700]

---- Kernel code sections - GMER 2.0 ----

.text                                                                     ntoskrnl.exe!KeInsertQueue + 405                                                                              8307F9CC 4 Bytes  [00, F7, AC, A1]
.sfrelocÿÿÿÿsfsync04unknown last section [0x83ACA000, 0xBC6, 0x40000040]  C:\Windows\System32\drivers\sfsync04.sys                                                                      unknown last section [0x83ACA000, 0xBC6, 0x40000040]
.reloc                                                                    C:\Windows\system32\drivers\acedrv11.sys                                                                      section is executable [0xA192F480, 0x306DD, 0xE0000060]

---- User code sections - GMER 2.0 ----

?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[780] C:\Windows\system32\ntdll.dll         time/date stamp mismatch; 
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[780] ntdll.dll!NtProtectVirtualMemory      76FB85D8 5 Bytes  JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[780] C:\Windows\system32\kernel32.dll      time/date stamp mismatch; unknown module: wmdrmsdk.dll
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[780] user32.dll!GetAppCompatFlags2 + 880   76E76390 4 Bytes  [4D, 27, 8B, 69]
?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3332] C:\Windows\system32\ntdll.dll        time/date stamp mismatch; 
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3332] ntdll.dll!NtProtectVirtualMemory     76FB85D8 5 Bytes  JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3332] C:\Windows\system32\kernel32.dll     time/date stamp mismatch; unknown module: wmdrmsdk.dll
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3332] user32.dll!GetAppCompatFlags2 + 880  76E76390 4 Bytes  [4D, 27, 8B, 69]

---- EOF - GMER 2.0 ----

bitte helft mir. hab gehört der virus soll echt gefährlich sein

spyhunter 4 entfernen

Plagegeister aller Art und deren Bekämpfung: spyhunter 4 entfernen

spyhunter 4 entfernen

Ähnliche Themen: spyhunter 4 entfernen