Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt

Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt


Plagegeister aller Art und deren Bekämpfung: Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.06.2012, 21:54   #1
Luumi
 
Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt - Standard

Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt


Hallo liebe Community,

Was bisher geschah

Bekam spontan gestern auf Win7/64 diese Meldung (sinngemäß) von den MSSE: "Bekannte Bedrohung erkannt und behoben - keine weitere Aktion nötig!" Im Anschluß waren ziemlich zügig Virenscanner, Firewall und

Defender aus und nicht mehr startbar - "Der Security Essentials-Dienst konnte nicht gestartet werden. Der angegebene Dienst ist kein installierter Dienst" - Fehlercode 0x80070424. Das MSSE-Symbol im

Systembereich der Taskleiste war verschwunden.

Da ich hier ein Dual-Boot-System betreibe, habe ich sofort auf WinXP gewechselt, und von dort, eben falls mit MSSE, über Nacht einen Vollscan laufen lassen. Dieser hat dann Sirefef.b, .w und .y gefunden,

konnte diese aber nicht bereinigen. Der Fortschrittsbalken der Bereinigung blieb auch nach drei Stunden auf ca. 75% hängen.

Nach Neustart und einiger Internetrecherche habe ich dann MWB installiert und laufen lassen (wieder auf Win7):

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.28.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lumi :: TATOOINE [Administrator]

Schutz: Deaktiviert

28.06.2012 19:42:39
mbam-log-2012-06-28 (19-42-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 270685
Laufzeit: 2 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\RECYCLER\S-1-5-21-606747145-854245398-725345543-1003\Dc3\n (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{a01b0227-0aa1-2245-0216-9b26727e72fd}\n (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{a01b0227-0aa1-2245-0216-9b26727e72fd}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\drivers\str.sys (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Das hat soweit funktioniert. Nach Neustart erscheint nun auch wieder das MSSE-Symbol im Systembereich der Taskleiste, der Dienst lässt sich mit der o.a. Fehlermeldung jedoch immer noch nicht starten.

Hatte nun etwas Angst auf eigene Faust weiter zu machen, bzw. dadurch weiteren Schaden anzurichten...habe also Defogger heruntergeladen, dieser hat Daemon Tools Lite deaktivert. Dann habe ich OTL laufen

lassen.

OTL.txt:


Code:
ATTFilter
OTL logfile created on: 28.06.2012 22:35:42 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = E:\Appz\Security
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 56,90% Memory free
8,01 Gb Paging File | 6,14 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): c:\pagefile.sys 16 16e:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,00 Gb Total Space | 6,72 Gb Free Space | 13,44% Space Free | Partition Type: NTFS
Drive D: | 29,99 Gb Total Space | 12,67 Gb Free Space | 42,26% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 883,72 Gb Free Space | 47,43% Space Free | Partition Type: NTFS
Drive F: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TATOOINE | User Name: Lumi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.28 18:57:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- E:\Appz\Security\OTL.com
PRC - [2012.06.16 15:35:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lumi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.03.25 05:17:22 | 002,784,768 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2010.09.09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 15:35:05 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt32.dll
MOD - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.16 15:35:05 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2011.03.25 05:17:22 | 002,784,768 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Disabled | Stopped] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.27 03:25:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  

Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.10.27 03:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG 

Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.06.19 16:36:14 | 000,028,584 | ---- | M] (DDMF) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DDMFaudio.sys -- (DDMF_Audio)
DRV:64bit: - [2011.04.11 15:07:26 | 000,049,152 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ffusb2audio.sys -- (ffusb2audio)
DRV:64bit: - [2011.04.01 19:37:09 | 000,025,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.03 19:39:48 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2010.09.07 22:42:00 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.06 13:48:54 | 000,021,968 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHARD64.sys -- (DRHARD64)
DRV:64bit: - [2010.03.05 15:22:32 | 000,051,200 | ---- | M] (Focusrite Audio Engineering Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ffusbaudio.sys -- (FFUsbAudio)
DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.26 15:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for 

Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.08.06 13:48:54 | 000,021,968 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHARD64.sys -- (DRHARD64)
DRV - [2009.12.02 13:51:08 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 7F 79 AF D6 68 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CE1227C9-3846-4E3B-BBF3-2D2E2562F830}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: Dcurrency@Dcurrency.fr:0.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 15:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.30 18:36:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 01:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.05.10 18:12:43 | 000,000,000 | ---D | M]
 
[2010.05.02 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lumi\AppData\Roaming\mozilla\Extensions
[2010.05.02 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lumi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.20 23:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lumi\AppData\Roaming\mozilla\Firefox\Profiles\jbkepgc0.default\extensions
[2010.05.02 18:57:03 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Lumi\AppData\Roaming\mozilla\Firefox\Profiles\jbkepgc0.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2012.05.22 07:01:28 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Lumi\AppData\Roaming\mozilla\Firefox\Profiles\jbkepgc0.default\extensions\foxyproxy@eric.h.jung
[2012.03.17 22:52:07 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Lumi\AppData\Roaming\mozilla\Firefox\Profiles\jbkepgc0.default\extensions\twitternotifier@naan.net
[2011.12.21 07:07:42 | 000,000,933 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\11-suche.xml
[2011.12.21 07:07:42 | 000,002,419 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\englische-ergebnisse.xml
[2011.12.21 07:07:42 | 000,010,525 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\gmx-suche.xml
[2011.02.14 00:32:34 | 000,012,703 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\imdb.xml
[2011.12.21 07:07:42 | 000,002,457 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\lastminute.xml
[2011.03.20 21:26:06 | 000,001,729 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\linguee-de-en.xml
[2011.07.03 00:59:43 | 000,005,335 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\thomann-de.xml
[2011.11.21 22:05:45 | 000,002,973 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\twitter-.xml
[2011.12.21 07:07:42 | 000,005,508 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\webde-suche.xml
[2012.06.07 22:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.20 23:32:34 | 000,377,145 | ---- | M] () (No name found) -- C:\USERS\LUMI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JBKEPGC0.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012.01.06 00:37:42 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\LUMI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JBKEPGC0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.07 21:42:56 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\LUMI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JBKEPGC0.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012.04.12 20:57:58 | 000,138,247 | ---- | M] () (No name found) -- C:\USERS\LUMI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JBKEPGC0.DEFAULT\EXTENSIONS\DCURRENCY@DCURRENCY.FR.XPI
[2012.06.16 15:35:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.05 21:40:22 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.03.27 00:48:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.27 00:48:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.03.27 00:48:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.27 00:48:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.27 00:48:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.27 00:48:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}

{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lumi\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lumi\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lumi\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: PACE Client Helper Plugin (Enabled) = C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Lumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.0_0\
CHR - Extension: YouTube = C:\Users\Lumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Lumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\Lumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Lumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.06.28 20:40:24 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Lumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lumi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59C49B5D-4FBA-442D-B251-8A7355D67AE1}: NameServer = 192.168.2.1,192.168.2.2
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.20 14:50:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{75abfc9b-6dac-11df-b2cf-0022152cbb2f}\Shell - "" = AutoRun
O33 - MountPoints2\{75abfc9b-6dac-11df-b2cf-0022152cbb2f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{891df0a4-bac0-11df-8ee5-0022152cbb2f}\Shell - "" = AutoRun
O33 - MountPoints2\{891df0a4-bac0-11df-8ee5-0022152cbb2f}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.28 19:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.28 19:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.27 20:48:25 | 000,005,936 | ---- | C] (SysInternals) -- C:\Windows\SysWow64\drivers\PROCEXP.SYS
[2012.06.24 10:21:43 | 000,000,000 | ---D | C] -- C:\Users\Lumi\Misc
[2012.06.23 00:57:11 | 000,000,000 | ---D | C] -- C:\Users\Lumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Superbrothers Sword & Sworcery EP
[2012.06.17 16:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pazera Free Audio Extractor
[2012.06.17 16:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pazera-software
[2012.06.16 00:10:09 | 000,028,672 | ---- | C] (P&E) -- C:\Windows\rtool.exe
[2012.06.15 18:49:18 | 000,000,000 | ---D | C] -- C:\Users\Lumi\AppData\Local\Macromedia
[2012.06.10 11:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2012.06.03 16:22:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.06.03 07:30:18 | 000,000,000 | ---D | C] -- C:\Users\Lumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LIMBO
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.28 21:55:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1368046289-1029592552-1251340151-1001UA.job
[2012.06.28 21:49:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.28 20:49:29 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 20:49:29 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 20:12:10 | 000,000,758 | ---- | M] () -- C:\Users\Lumi\Desktop\Security.lnk
[2012.06.28 20:10:39 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.28 20:10:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 20:10:13 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.28 20:09:17 | 000,000,188 | ---- | M] () -- C:\Users\Lumi\defogger_reenable
[2012.06.28 19:39:38 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.27 20:48:40 | 000,005,936 | ---- | M] (SysInternals) -- C:\Windows\SysWow64\drivers\PROCEXP.SYS
[2012.06.27 20:23:34 | 008,126,464 | ---- | M] () -- C:\Users\Lumi\NTUSER.bak
[2012.06.26 21:25:36 | 001,505,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.26 21:25:36 | 000,656,278 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.26 21:25:36 | 000,618,160 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.26 21:25:36 | 000,131,050 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.26 21:25:36 | 000,107,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.23 00:20:03 | 000,003,140 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.06.23 00:20:03 | 000,000,088 | RHS- | M] () -- C:\ProgramData\26F4DC224B.sys
[2012.06.17 16:57:40 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
[2012.06.17 16:57:40 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.06.17 16:57:40 | 000,000,087 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz
[2012.06.17 16:57:40 | 000,000,073 | ---- | M] () -- C:\Windows\SysWow64\ssprs.dll
[2012.06.14 20:00:21 | 002,981,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.10 12:55:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1368046289-1029592552-1251340151-1001Core.job
[2012.06.06 19:43:06 | 000,020,899 | ---- | M] () -- C:\Windows\COOL.INI
[2012.06.06 19:43:06 | 000,010,705 | ---- | M] () -- C:\Windows\coolcust.ini
[2012.06.06 19:43:06 | 000,000,000 | ---- | M] () -- C:\Windows\COOLSYS.INI
[2012.06.03 07:23:34 | 000,001,052 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.06.28 20:12:10 | 000,000,758 | ---- | C] () -- C:\Users\Lumi\Desktop\Security.lnk
[2012.06.28 20:09:17 | 000,000,188 | ---- | C] () -- C:\Users\Lumi\defogger_reenable
[2012.06.28 19:39:38 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.27 20:19:24 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{a01b0227-0aa1-2245-0216-9b26727e72fd}\U\80000000.@
[2012.06.27 20:19:23 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{a01b0227-0aa1-2245-0216-9b26727e72fd}\U\00000001.@
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.07 22:37:44 | 000,000,081 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MPluginConfiguration.xml
[2012.05.07 19:51:02 | 000,197,014 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MAnalyzerpresets.xml
[2012.05.07 19:51:02 | 000,013,964 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MFlangerpresets.xml
[2012.05.07 19:51:02 | 000,013,158 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MOscillatorpresets.xml
[2012.05.07 19:51:02 | 000,009,119 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MFreqShifterpresets.xml
[2012.05.07 19:51:02 | 000,007,130 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MEqualizerpresets.xml
[2012.05.07 19:51:02 | 000,006,687 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\menvelopepresets.xml
[2012.05.07 19:51:02 | 000,006,444 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MCompressorpresets.xml
[2012.05.07 19:51:02 | 000,005,622 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MNoiseGeneratorpresets.xml
[2012.05.07 19:51:02 | 000,005,138 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MWaveShaperpresets.xml
[2012.05.07 19:51:02 | 000,004,362 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MPhaserpresets.xml
[2012.05.07 19:51:02 | 000,003,771 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MRingModulatorpresets.xml
[2012.05.07 19:51:02 | 000,002,820 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MEqualizerAreasEditorpresets.xml
[2012.05.07 19:51:02 | 000,002,775 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MStereoExpanderpresets.xml
[2012.05.07 19:51:02 | 000,002,666 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MVibratopresets.xml
[2012.05.07 19:51:02 | 000,002,492 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml
[2012.05.07 19:51:02 | 000,002,366 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MTremolopresets.xml
[2012.05.07 19:51:02 | 000,001,907 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MAutopanpresets.xml
[2012.05.07 19:51:02 | 000,001,381 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MLimiterpresets.xml
[2012.05.07 19:51:02 | 000,001,235 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\mbasestyleconfigurationpresets.xml
[2012.05.07 19:51:02 | 000,001,011 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MValueToColor5presets.xml
[2012.03.22 23:08:24 | 000,000,032 | ---- | C] () -- C:\Windows\WDIRECT.INI
[2012.03.19 23:24:41 | 000,000,135 | ---- | C] () -- C:\Windows\coolacm.ini
[2012.03.16 21:38:59 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.03.16 21:38:59 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012.03.16 21:38:59 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012.03.16 21:38:59 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.03.16 21:38:59 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012.01.29 20:40:13 | 000,000,000 | ---- | C] () -- C:\Windows\COOLSYS.INI
[2012.01.29 20:40:12 | 000,010,705 | ---- | C] () -- C:\Windows\coolcust.ini
[2012.01.29 20:39:42 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2012.01.29 20:39:42 | 000,020,899 | ---- | C] () -- C:\Windows\COOL.INI
[2012.01.11 06:57:19 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a01b0227-0aa1-2245-0216-9b26727e72fd}\@
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.10.09 23:51:24 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.01.27 20:29:07 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.06 22:18:10 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.11.11 23:16:48 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.11.11 23:16:48 | 000,000,088 | RHS- | C] () -- C:\ProgramData\26F4DC224B.sys
[2010.10.11 06:26:30 | 016,371,712 | ---- | C] () -- C:\Windows\SysWow64\AbsynthIAC.dll
[2010.09.06 20:30:53 | 000,000,017 | ---- | C] () -- C:\Users\Lumi\AppData\Local\resmon.resmoncfg
[2010.08.21 23:29:18 | 000,000,086 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.06.28 19:00:51 | 000,000,010 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\secnxt3.cry
[2010.05.02 17:20:55 | 008,126,464 | ---- | C] () -- C:\Users\Lumi\NTUSER.bak
 
========== LOP Check ==========
 
[2010.09.25 09:52:53 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Applied Acoustics Systems
[2011.07.11 20:34:04 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2012.03.29 23:33:31 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Blue Cat Audio
[2010.11.07 12:14:07 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Broad Intelligence
[2012.01.20 17:18:15 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\bsnes
[2011.10.22 00:04:59 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Canon
[2012.05.29 21:25:10 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\com.beatport.BeatportDownloader
[2010.12.13 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Cytomic
[2010.09.07 22:45:27 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\DAEMON Tools Lite
[2012.04.09 16:24:57 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Daichi
[2012.06.26 22:37:36 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\DDMF
[2012.04.04 06:19:46 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\DDMF Effect Rack
[2011.12.31 13:22:04 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Diva.data
[2012.06.28 20:11:00 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Dropbox
[2010.05.03 21:52:51 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\FabFilter
[2011.01.01 15:14:24 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\fltk.org
[2010.05.16 17:03:40 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Flux
[2011.09.30 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Foxit Software
[2011.10.12 21:16:57 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Gaijin Ent
[2010.05.19 19:53:31 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\GHISLER
[2012.03.04 11:00:46 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\hdbADS
[2011.10.03 22:22:07 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\ICQ
[2012.05.07 19:51:41 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\MeldaProduction
[2010.05.03 20:04:28 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\MSPS
[2012.05.07 19:51:02 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\MTexturedStyles
[2011.11.19 17:18:24 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\OpenOffice.org
[2011.03.29 19:26:31 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\PACE Anti-Piracy
[2010.05.16 19:39:18 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Publish Providers
[2011.08.07 21:54:35 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\REAPER
[2011.12.05 23:07:34 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Samsung
[2010.05.03 21:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Smartelectronix
[2011.10.12 21:04:20 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Sony
[2011.01.11 22:16:10 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Sony Creative Software
[2011.11.01 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Steinberg
[2011.08.29 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\SynthFont
[2012.02.02 19:40:50 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\TeamViewer
[2011.11.01 12:18:24 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Thunderbird
[2012.06.23 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\uTorrent
[2010.05.22 21:30:20 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Voxengo
[2010.09.01 21:22:08 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\VST3 Presets
[2011.12.06 06:58:27 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Waves Audio
[2012.06.03 07:12:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1471 bytes -> C:\ProgramData\Microsoft:TlC2pVqPaFnE35xzi
@Alternate Data Stream - 1457 bytes -> C:\Users\Lumi\AppData\Local\Temp:wR1p5jqvxB4d3bF6vehcxKcF
@Alternate Data Stream - 1456 bytes -> C:\ProgramData\Microsoft:qMA4wNy73ZU6Ehn8QCt88O7
@Alternate Data Stream - 1441 bytes -> C:\ProgramData\Microsoft:3PZU1Y4XlPYYnChTLm246Y
@Alternate Data Stream - 1370 bytes -> C:\ProgramData\Microsoft:HdmMyNFSQM5izUlV0e7PpC3s3
@Alternate Data Stream - 1358 bytes -> C:\ProgramData\Microsoft:SlyhdB8WHZGQknqoMmnTD3B5
@Alternate Data Stream - 1346 bytes -> C:\ProgramData\Microsoft:spGrl8buMeou52R5TY4R6Jk8h
@Alternate Data Stream - 1338 bytes -> C:\ProgramData\Microsoft:FJbjD5KdWwOKawgctx5m6IBD
@Alternate Data Stream - 1333 bytes -> C:\ProgramData\Microsoft:8MzfAg7C7Bp9UtU01k5euy
@Alternate Data Stream - 1283 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:oBDZOF9Ykz3oQBfBaFUBZOnu
@Alternate Data Stream - 1274 bytes -> C:\ProgramData\Microsoft:qCUMv1DlPTM6PqFk55ktd42bYKQ
@Alternate Data Stream - 1270 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:1cJjnwiibRMrDv2yMEJ8ZBqL
@Alternate Data Stream - 1264 bytes -> C:\ProgramData\Microsoft:LwmJDHZEGPBCRMYEFFNAXR6D
@Alternate Data Stream - 1247 bytes -> C:\Users\Lumi\AppData\Local\Temp:ssab8Rpr7WS1vrWTeonaa
@Alternate Data Stream - 1240 bytes -> C:\Users\Lumi\AppData\Local\Temp:6vdBaciQ8YTZjUpvFsronTW
@Alternate Data Stream - 1221 bytes -> C:\ProgramData\Microsoft:qg7USTA0dcXswvVWKTqfhme
@Alternate Data Stream - 1201 bytes -> C:\ProgramData\Microsoft:zgHHxzZILxUdnWDquLhXXMPXx
@Alternate Data Stream - 1180 bytes -> C:\ProgramData\Microsoft:isAmXQAnQyg5shejhPBHOrq
@Alternate Data Stream - 1141 bytes -> C:\ProgramData\Microsoft:kkNcG8TgPGrc2SsNBxlyJCf

< End of report >

Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 28.06.2012 22:35:42 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = E:\Appz\Security
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 56,90% Memory free
8,01 Gb Paging File | 6,14 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): c:\pagefile.sys 16 16e:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,00 Gb Total Space | 6,72 Gb Free Space | 13,44% Space Free | Partition Type: NTFS
Drive D: | 29,99 Gb Total Space | 12,67 Gb Free Space | 42,26% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 883,72 Gb Free Space | 47,43% Space Free | Partition Type: NTFS
Drive F: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TATOOINE | User Name: Lumi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B0DAA1BD-65E9-4D1B-BBB5-850021C4D17F}" = Native Instruments Compilation Vol. 2
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B80954EE-5CA9-4202-BB8C-0DC3E332F47F}" = Native Instruments Kontakt 3
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D799CC16-F3B5-468D-AC67-6F77AAA98173}" = Native Instruments Komplete 6
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EB367D86-AC0E-41D1-93AE-6DE1A1C5C383}" = Native Instruments Kontakt 3 Factory Content
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"F08CF5BAFA651376713ABA6BE4395F7152EF8C85" = Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (04/11/2011 15.7.48.775)
"Focusrite USB 2.0 Audio Driver_is1" = Focusrite USB 2.0 Audio Driver 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Saffire USB 26_is1" = Scarlett MixControl 1.0
"WinRAR archiver" = WinRAR
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07C621A7-3284-4AD4-AFC8-7F41C475F056}" = Blue Cat's Gain Suite VST 3.0
"{0EB8339B-59A8-46e5-9D41-44458EBD7085}" = Blue Cat's Freeware Pack VST 2.0
"{16414746-4C9F-45F5-9D0B-1BB2F257710A}" = Blue Cat's Chorus VST 4.0
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44D94F3A-D38C-48DF-AEF7-4CD8B078F30F}" = Blue Cat's FreqAnalyst VST 2.0
"{4773CB4F-9783-4FD4-AE06-5E3CCA5CA4BE}" = Steinberg VST Classics 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}_is1" = Pazera Free Audio Extractor 1.4
"{697CE55E-469F-4FB7-9FB6-8CC4E50852B2}" = Blue Cat's Phaser VST 3.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80000001-C561-4E32-99EB-3C5AD3683A70}" = Waves Complete V8r11
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9660B18F-EC12-11DF-B006-0013D3D69929}" = Sound Forge Pro 10.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0C30E5-776F-4F62-B9E9-414018E0D9AD}" = Steinberg VST Classics 1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A048F6D6-BECE-D521-9BC9-B8806BFB118C}" = Beatport Downloader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AD5E66F6-AABE-4C99-B302-8C1545DD898F}" = Blue Cat's Flanger VST 3.0
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CEAAE942-E5CE-4F06-9424-AF7DB8BF3766}" = Devastor 1.2.0
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"{E074C49C-68D5-4949-ABB8-C712652A3FF8}" = Redoptor 1.2.0
"{E1F2A95F-9B52-4A43-9A17-0AEBFC5B2051}" = Flux_StereoTool
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F2D66909-5A27-4F0F-8E53-18BAE15178EC}" = Blue Cat's Triple EQ VST 4.0
"{F6294904-87F4-4574-8685-1B2239DF0041}" = Decimort 1.2.0
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Disk Catalog" = Advanced Disk Catalog
"Aliens versus Predator Classic 2000_is1" = Aliens versus Predator Classic 2000
"Antares Hyperprism v1.5.6 DX" = Antares Hyperprism v1.5.6 DX
"Audiograbber" = Audiograbber 1.83 SE 
"BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1" = BeatportDownloader
"Blue Tubes Effects Pack3.5" = Blue Tubes Effects Pack
"BugPack1" = Beta Bugs BugPack1 VST
"Camel Audio CamelCrusher" = Camel Audio CamelCrusher
"Camel Audio CamelPhat" = Camel Audio CamelPhat
"Camel Audio CamelSpace" = Camel Audio CamelSpace
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.beatport.BeatportDownloader" = Beatport Downloader
"Cool Edit Pro" = Cool Edit Pro v1.2 fixed
"Devil-Loc V1_is1" = SoundToys Devil-Loc V1
"Dr. Hardware 2010_is1" = Dr. Hardware 2010 10.5d
"Drumaxx" = Drumaxx
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"EasyBCD" = EasyBCD 1.7.2
"eLicenser Control" = eLicenser Control
"Everything" = Everything 1.2.1.371
"FabFilter Micro 1.00" = FabFilter Micro 1.00
"FabFilter One 3.15" = FabFilter One 3.15
"FabFilter Simplon 1.10" = FabFilter Simplon 1.10
"FabFilter Timeless 2.00" = FabFilter Timeless 2.00
"FabFilter Twin 2.10" = FabFilter Twin 2.10
"FabFilter Volcano 2.03" = FabFilter Volcano 2.03
"FormatFactory" = FormatFactory 2.30
"Foxit Reader" = Foxit Reader
"Geheimnis von Montezuma" = Geheimnis von Montezuma
"Grand Theft Auto" = Grand Theft Auto
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"IL Download Manager" = IL Download Manager
"impOSCar" = GForce - impOSCar
"InstallShield_{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"IsoBuster_is1" = IsoBuster 2.8.5
"iZotope Trash_is1" = iZotope Trash
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mastering Effects Bundle 2 for Sound Forge Pro_is1" = Mastering Effects Bundle 2 for Sound Forge Pro
"MeldaProduction MFreeEffectsBundle 6" = MeldaProduction MFreeEffectsBundle 6
"Mercury 1" = Mercury 1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Native Instruments Absynth 1.3" = Native Instruments Absynth 1.3
"Native Instruments Absynth 2" = Native Instruments Absynth 2
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Absynth v3.0.2" = Native Instruments Absynth v3.0.2
"Native Instruments Akoustik Piano" = Native Instruments Akoustik Piano
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Battery v2.1" = Native Instruments Battery v2.1
"Native Instruments Compilation Vol. 2" = Native Instruments Compilation Vol. 2
"Native Instruments FM7" = Native Instruments FM7
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 5" = Native Instruments Komplete 5
"Native Instruments Komplete 6" = Native Instruments Komplete 6
"Native Instruments Kontakt 2" = Native Instruments Kontakt 2
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Kontakt 3 Factory Content" = Native Instruments Kontakt 3 Factory Content
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments True Strike Tension" = Native Instruments True Strike Tension
"Native.Instruments.Kontakt.v2.0.2.007" = Native.Instruments.Kontakt.v2.0.2.007
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Predatohm VST2" = OhmForce Predatohm VST2
"REAPER" = REAPER
"ReaPlugs" = ReaPlugs
"rgcAudio Pentagon I v1.21" = rgcAudio Pentagon I v1.21
"SequoiaView" = SequoiaView
"SoniqWare-MT-1_is1" = SoniqWare MT-1 1.3.0
"SoniqWare-MT-1-Demo_is1" = SoniqWare MT-1 Demo 1.3.0
"Soulseek2" = SoulSeek 157 NS 13
"Speed Dial Utility" = Canon Kurzwahlprogramm
"Steinberg Cubase SX 3" = Steinberg Cubase SX 3
"String Studio VS-1" = String Studio VS-1 v1.1.3
"SVF2" = Beta Bugs SVF2 VST
"THJediReplacementSetup_is1" = Star Wars: Jedi Knight - Dark Forces 2
"Totalcmd" = Total Commander (Remove or Repair)
"Ultra Analog VA-1" = Ultra Analog VA-1 v1.1.4
"UltraISO_is1" = UltraISO Premium V9.52
"URS Everything EQ Bundle VST for Native License" = URS Everything EQ Bundle VST for Native License
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinMerge_is1" = WinMerge 2.12.4
"XILS 3 LIMITED_is1" = XILS 3 LIMITED
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Limbo" = LIMBO
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2011 19:30:42 | Computer Name = Tatooine | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 30.10.2011 19:33:52 | Computer Name = Tatooine | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\pyboo\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\pyboo\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 31.10.2011 01:12:50 | Computer Name = Tatooine | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2dc    Startzeit: 
01cc978b74908596    Endzeit: 82    Anwendungspfad: E:\c-ersatz\nfsu2\speed2.exe    Berichts-ID:
   
 
Error - 31.10.2011 15:39:22 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.2.637, 
Zeitstempel: 0x4c93cb68  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bb00  ID des fehlerhaften
 Prozesses: 0x974  Startzeit der fehlerhaften Anwendung: 0x01cc98040c862299  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 07b6d996-03f8-11e1-ad64-0022152cbb2f
 
Error - 31.10.2011 16:39:32 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.2.637, 
Zeitstempel: 0x4c93cb68  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bb00  ID des fehlerhaften
 Prozesses: 0xc08  Startzeit der fehlerhaften Anwendung: 0x01cc980cb03bae52  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 6f4e91a7-0400-11e1-ad64-0022152cbb2f
 
Error - 31.10.2011 17:09:41 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.2.637, 
Zeitstempel: 0x4c93cb68  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bb00  ID des fehlerhaften
 Prozesses: 0xacc  Startzeit der fehlerhaften Anwendung: 0x01cc9810a538271e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a5e16997-0404-11e1-a08f-0022152cbb2f
 
Error - 31.10.2011 17:56:11 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.2.637, 
Zeitstempel: 0x4c93cb68  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e887  ID des fehlerhaften
 Prozesses: 0x928  Startzeit der fehlerhaften Anwendung: 0x01cc9817df86ffe8  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 24cb6107-040b-11e1-a08f-0022152cbb2f
 
Error - 31.10.2011 18:09:11 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.2.637, 
Zeitstempel: 0x4c93cb68  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bb00  ID des fehlerhaften
 Prozesses: 0xcf4  Startzeit der fehlerhaften Anwendung: 0x01cc98183fef36b8  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: f59ba0cb-040c-11e1-a08f-0022152cbb2f
 
Error - 31.10.2011 19:21:24 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.3.651, 
Zeitstempel: 0x4d2ef8fc  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003bb00  ID des fehlerhaften
 Prozesses: 0x2cc  Startzeit der fehlerhaften Anwendung: 0x01cc982338543a03  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 0c0b2ea9-0417-11e1-a08f-0022152cbb2f
 
Error - 01.11.2011 06:11:10 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: AcLayers.DLL, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b700  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00076c72  ID des fehlerhaften
 Prozesses: 0xbfc  Startzeit der fehlerhaften Anwendung: 0x01cc987e93162392  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\explorer.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\AppPatch\AcLayers.DLL  Berichtskennung: d20fef19-0471-11e1-9d7a-0022152cbb2f
 
[ System Events ]
Error - 28.06.2012 14:10:47 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 28.06.2012 14:10:49 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 28.06.2012 14:10:50 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 28.06.2012 14:10:51 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 28.06.2012 14:10:52 | Computer Name = Tatooine | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 28.06.2012 14:10:52 | Computer Name = Tatooine | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 28.06.2012 14:11:38 | Computer Name = Tatooine | Source = DCOM | ID = 10016
Description = 
 
Error - 28.06.2012 14:39:59 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 28.06.2012 14:40:03 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 28.06.2012 14:40:04 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
 
< End of report >
Hoffe, dass das an Info erstmal ausreicht. Jedenfalls danke ich Euch schonmal im Voraus!

LG

Luumi

 

Themen zu Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt
0x8007042, 7-zip, 800000cb.@, adblock, administrator, adobe, adobe flash player, alternate, audiograbber, bho, canon, cubase, dateisystem, device driver, error, explorer, fehlermeldung, firefox, firefox 13.0.1, firewall, flash player, format, google earth, grand theft auto, heuristiks/extra, heuristiks/shuriken, install.exe, langs, logfile, mozilla, msvcrt, neustart, ntdll.dll, nvidia, nvidia update, object, plug-in, programme, registry, richtlinie, rundll, scan, searchscopes, security, sirefef.b, software, tan, taskleiste, total commander, usb, usb 2.0, version=1.0


« Google/rocketnews.com Problem | Malware/Trojaner - weißer Bildschirm »


Ähnliche Themen: Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt


  1. WIN7: Reveton .. schon wieder ! Booten usw. geht alles noch
    Log-Analyse und Auswertung - 03.09.2013 (15)
  2. TR/Sirefef.77312 gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (3)
  3. Cyber Polizei Österreich auf WIN7 bei anderem Account, OLT schon gelaufen
    Log-Analyse und Auswertung - 27.10.2012 (2)
  4. TR/Sirefef.16896 und TR/ATRAPS.Gen2 im Papierkorb-Verzeichnis (Win7 x64)
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (5)
  5. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  6. sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (37)
  7. Sirefef.xx trojaner gefunden
    Log-Analyse und Auswertung - 26.06.2012 (19)
  8. Sirefef.Ak/W/M & komische Sounds Win7 64
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  9. Sirefef und weitere auf Win7 64-bit
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (38)
  10. ScareUncrypt Teilerfolg
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (0)
  11. TR/Sirefef.BP.1 in C:\Windows\system32 Dateien gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (7)
  12. TR/sirefef.BP.1 auf meinem Firmenrechner gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (15)
  13. TR/Sirefef.BP.1 wird ständig von AntiVir gefunden.
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (1)
  14. Win7 HomePremium 64bit Trojan:Win64/Sirefef.K +.E +.D
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (53)
  15. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  16. Antivir xp 2008 teilerfolg
    Plagegeister aller Art und deren Bekämpfung - 20.07.2008 (3)
  17. Lofgile-Auswertung: Bisher nur Teilerfolge erzielt
    Log-Analyse und Auswertung - 18.02.2005 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt - Hallo liebe Community, Was bisher geschah Bekam spontan gestern auf Win7/64 diese Meldung (sinngemäß) von den MSSE: "Bekannte Bedrohung erkannt und behoben - keine weitere Aktion nötig!" Im Anschluß waren - Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt...
Archiv
Du betrachtest: Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55