Win7/64: Sirefef.b, .w und .y gefunden, Teilerfolg schon erzielt
Hallo liebe Community, Was bisher geschah
Bekam spontan gestern auf Win7/64 diese Meldung (sinngemäß) von den MSSE: "Bekannte Bedrohung erkannt und behoben - keine weitere Aktion nötig!" Im Anschluß waren ziemlich zügig Virenscanner, Firewall und
Defender aus und nicht mehr startbar - "Der Security Essentials-Dienst konnte nicht gestartet werden. Der angegebene Dienst ist kein installierter Dienst" - Fehlercode 0x80070424. Das MSSE-Symbol im
Systembereich der Taskleiste war verschwunden.
Da ich hier ein Dual-Boot-System betreibe, habe ich sofort auf WinXP gewechselt, und von dort, eben falls mit MSSE, über Nacht einen Vollscan laufen lassen. Dieser hat dann Sirefef.b, .w und .y gefunden,
konnte diese aber nicht bereinigen. Der Fortschrittsbalken der Bereinigung blieb auch nach drei Stunden auf ca. 75% hängen.
Nach Neustart und einiger Internetrecherche habe ich dann MWB installiert und laufen lassen (wieder auf Win7): Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.06.28.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lumi :: TATOOINE [Administrator]
Schutz: Deaktiviert
28.06.2012 19:42:39
mbam-log-2012-06-28 (19-42-39).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 270685
Laufzeit: 2 Minute(n), 53 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 5
C:\RECYCLER\S-1-5-21-606747145-854245398-725345543-1003\Dc3\n (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{a01b0227-0aa1-2245-0216-9b26727e72fd}\n (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{a01b0227-0aa1-2245-0216-9b26727e72fd}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\drivers\str.sys (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Das hat soweit funktioniert. Nach Neustart erscheint nun auch wieder das MSSE-Symbol im Systembereich der Taskleiste, der Dienst lässt sich mit der o.a. Fehlermeldung jedoch immer noch nicht starten.
Hatte nun etwas Angst auf eigene Faust weiter zu machen, bzw. dadurch weiteren Schaden anzurichten...habe also Defogger heruntergeladen, dieser hat Daemon Tools Lite deaktivert. Dann habe ich OTL laufen
lassen. OTL.txt: Code:
OTL logfile created on: 28.06.2012 22:35:42 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = E:\Appz\Security
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 56,90% Memory free
8,01 Gb Paging File | 6,14 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): c:\pagefile.sys 16 16e:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,00 Gb Total Space | 6,72 Gb Free Space | 13,44% Space Free | Partition Type: NTFS
Drive D: | 29,99 Gb Total Space | 12,67 Gb Free Space | 42,26% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 883,72 Gb Free Space | 47,43% Space Free | Partition Type: NTFS
Drive F: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TATOOINE | User Name: Lumi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.28 18:57:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- E:\Appz\Security\OTL.com
PRC - [2012.06.16 15:35:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lumi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.03.25 05:17:22 | 002,784,768 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2010.09.09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.16 15:35:05 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt32.dll
MOD - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.16 15:35:05 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2011.03.25 05:17:22 | 002,784,768 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Disabled | Stopped] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.27 03:25:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG
Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.10.27 03:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG
Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.06.19 16:36:14 | 000,028,584 | ---- | M] (DDMF) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DDMFaudio.sys -- (DDMF_Audio)
DRV:64bit: - [2011.04.11 15:07:26 | 000,049,152 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ffusb2audio.sys -- (ffusb2audio)
DRV:64bit: - [2011.04.01 19:37:09 | 000,025,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.03 19:39:48 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2010.09.07 22:42:00 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.06 13:48:54 | 000,021,968 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHARD64.sys -- (DRHARD64)
DRV:64bit: - [2010.03.05 15:22:32 | 000,051,200 | ---- | M] (Focusrite Audio Engineering Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ffusbaudio.sys -- (FFUsbAudio)
DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.26 15:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.08.06 13:48:54 | 000,021,968 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHARD64.sys -- (DRHARD64)
DRV - [2009.12.02 13:51:08 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 7F 79 AF D6 68 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CE1227C9-3846-4E3B-BBF3-2D2E2562F830}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: Dcurrency@Dcurrency.fr:0.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 15:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.30 18:36:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 01:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.05.10 18:12:43 | 000,000,000 | ---D | M]
[2010.05.02 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lumi\AppData\Roaming\mozilla\Extensions
[2010.05.02 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lumi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.20 23:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lumi\AppData\Roaming\mozilla\Firefox\Profiles\jbkepgc0.default\extensions
[2010.05.02 18:57:03 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Lumi\AppData\Roaming\mozilla\Firefox\Profiles\jbkepgc0.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2012.05.22 07:01:28 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Lumi\AppData\Roaming\mozilla\Firefox\Profiles\jbkepgc0.default\extensions\foxyproxy@eric.h.jung
[2012.03.17 22:52:07 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Lumi\AppData\Roaming\mozilla\Firefox\Profiles\jbkepgc0.default\extensions\twitternotifier@naan.net
[2011.12.21 07:07:42 | 000,000,933 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\11-suche.xml
[2011.12.21 07:07:42 | 000,002,419 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\englische-ergebnisse.xml
[2011.12.21 07:07:42 | 000,010,525 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\gmx-suche.xml
[2011.02.14 00:32:34 | 000,012,703 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\imdb.xml
[2011.12.21 07:07:42 | 000,002,457 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\lastminute.xml
[2011.03.20 21:26:06 | 000,001,729 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\linguee-de-en.xml
[2011.07.03 00:59:43 | 000,005,335 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\thomann-de.xml
[2011.11.21 22:05:45 | 000,002,973 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\twitter-.xml
[2011.12.21 07:07:42 | 000,005,508 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Mozilla\Firefox\Profiles\jbkepgc0.default\searchplugins\webde-suche.xml
[2012.06.07 22:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.20 23:32:34 | 000,377,145 | ---- | M] () (No name found) -- C:\USERS\LUMI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JBKEPGC0.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012.01.06 00:37:42 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\LUMI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JBKEPGC0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.07 21:42:56 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\LUMI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JBKEPGC0.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012.04.12 20:57:58 | 000,138,247 | ---- | M] () (No name found) -- C:\USERS\LUMI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JBKEPGC0.DEFAULT\EXTENSIONS\DCURRENCY@DCURRENCY.FR.XPI
[2012.06.16 15:35:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.05 21:40:22 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.03.27 00:48:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.27 00:48:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.03.27 00:48:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.27 00:48:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.27 00:48:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.27 00:48:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}
{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lumi\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lumi\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lumi\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: PACE Client Helper Plugin (Enabled) = C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Lumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.0_0\
CHR - Extension: YouTube = C:\Users\Lumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Lumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\Lumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Lumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.06.28 20:40:24 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Lumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lumi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59C49B5D-4FBA-442D-B251-8A7355D67AE1}: NameServer = 192.168.2.1,192.168.2.2
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.20 14:50:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{75abfc9b-6dac-11df-b2cf-0022152cbb2f}\Shell - "" = AutoRun
O33 - MountPoints2\{75abfc9b-6dac-11df-b2cf-0022152cbb2f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{891df0a4-bac0-11df-8ee5-0022152cbb2f}\Shell - "" = AutoRun
O33 - MountPoints2\{891df0a4-bac0-11df-8ee5-0022152cbb2f}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.06.28 19:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.28 19:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.27 20:48:25 | 000,005,936 | ---- | C] (SysInternals) -- C:\Windows\SysWow64\drivers\PROCEXP.SYS
[2012.06.24 10:21:43 | 000,000,000 | ---D | C] -- C:\Users\Lumi\Misc
[2012.06.23 00:57:11 | 000,000,000 | ---D | C] -- C:\Users\Lumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Superbrothers Sword & Sworcery EP
[2012.06.17 16:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pazera Free Audio Extractor
[2012.06.17 16:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pazera-software
[2012.06.16 00:10:09 | 000,028,672 | ---- | C] (P&E) -- C:\Windows\rtool.exe
[2012.06.15 18:49:18 | 000,000,000 | ---D | C] -- C:\Users\Lumi\AppData\Local\Macromedia
[2012.06.10 11:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2012.06.03 16:22:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.06.03 07:30:18 | 000,000,000 | ---D | C] -- C:\Users\Lumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LIMBO
========== Files - Modified Within 30 Days ==========
[2012.06.28 21:55:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1368046289-1029592552-1251340151-1001UA.job
[2012.06.28 21:49:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.28 20:49:29 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 20:49:29 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 20:12:10 | 000,000,758 | ---- | M] () -- C:\Users\Lumi\Desktop\Security.lnk
[2012.06.28 20:10:39 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.28 20:10:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 20:10:13 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.28 20:09:17 | 000,000,188 | ---- | M] () -- C:\Users\Lumi\defogger_reenable
[2012.06.28 19:39:38 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.27 20:48:40 | 000,005,936 | ---- | M] (SysInternals) -- C:\Windows\SysWow64\drivers\PROCEXP.SYS
[2012.06.27 20:23:34 | 008,126,464 | ---- | M] () -- C:\Users\Lumi\NTUSER.bak
[2012.06.26 21:25:36 | 001,505,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.26 21:25:36 | 000,656,278 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.26 21:25:36 | 000,618,160 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.26 21:25:36 | 000,131,050 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.26 21:25:36 | 000,107,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.23 00:20:03 | 000,003,140 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.06.23 00:20:03 | 000,000,088 | RHS- | M] () -- C:\ProgramData\26F4DC224B.sys
[2012.06.17 16:57:40 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
[2012.06.17 16:57:40 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.06.17 16:57:40 | 000,000,087 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz
[2012.06.17 16:57:40 | 000,000,073 | ---- | M] () -- C:\Windows\SysWow64\ssprs.dll
[2012.06.14 20:00:21 | 002,981,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.10 12:55:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1368046289-1029592552-1251340151-1001Core.job
[2012.06.06 19:43:06 | 000,020,899 | ---- | M] () -- C:\Windows\COOL.INI
[2012.06.06 19:43:06 | 000,010,705 | ---- | M] () -- C:\Windows\coolcust.ini
[2012.06.06 19:43:06 | 000,000,000 | ---- | M] () -- C:\Windows\COOLSYS.INI
[2012.06.03 07:23:34 | 000,001,052 | ---- | M] () -- C:\Users\Lumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
========== Files Created - No Company Name ==========
[2012.06.28 20:12:10 | 000,000,758 | ---- | C] () -- C:\Users\Lumi\Desktop\Security.lnk
[2012.06.28 20:09:17 | 000,000,188 | ---- | C] () -- C:\Users\Lumi\defogger_reenable
[2012.06.28 19:39:38 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.27 20:19:24 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{a01b0227-0aa1-2245-0216-9b26727e72fd}\U\80000000.@
[2012.06.27 20:19:23 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{a01b0227-0aa1-2245-0216-9b26727e72fd}\U\00000001.@
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.07 22:37:44 | 000,000,081 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MPluginConfiguration.xml
[2012.05.07 19:51:02 | 000,197,014 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MAnalyzerpresets.xml
[2012.05.07 19:51:02 | 000,013,964 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MFlangerpresets.xml
[2012.05.07 19:51:02 | 000,013,158 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MOscillatorpresets.xml
[2012.05.07 19:51:02 | 000,009,119 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MFreqShifterpresets.xml
[2012.05.07 19:51:02 | 000,007,130 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MEqualizerpresets.xml
[2012.05.07 19:51:02 | 000,006,687 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\menvelopepresets.xml
[2012.05.07 19:51:02 | 000,006,444 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MCompressorpresets.xml
[2012.05.07 19:51:02 | 000,005,622 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MNoiseGeneratorpresets.xml
[2012.05.07 19:51:02 | 000,005,138 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MWaveShaperpresets.xml
[2012.05.07 19:51:02 | 000,004,362 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MPhaserpresets.xml
[2012.05.07 19:51:02 | 000,003,771 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MRingModulatorpresets.xml
[2012.05.07 19:51:02 | 000,002,820 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MEqualizerAreasEditorpresets.xml
[2012.05.07 19:51:02 | 000,002,775 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MStereoExpanderpresets.xml
[2012.05.07 19:51:02 | 000,002,666 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MVibratopresets.xml
[2012.05.07 19:51:02 | 000,002,492 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml
[2012.05.07 19:51:02 | 000,002,366 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MTremolopresets.xml
[2012.05.07 19:51:02 | 000,001,907 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MAutopanpresets.xml
[2012.05.07 19:51:02 | 000,001,381 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MLimiterpresets.xml
[2012.05.07 19:51:02 | 000,001,235 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\mbasestyleconfigurationpresets.xml
[2012.05.07 19:51:02 | 000,001,011 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\MValueToColor5presets.xml
[2012.03.22 23:08:24 | 000,000,032 | ---- | C] () -- C:\Windows\WDIRECT.INI
[2012.03.19 23:24:41 | 000,000,135 | ---- | C] () -- C:\Windows\coolacm.ini
[2012.03.16 21:38:59 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.03.16 21:38:59 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012.03.16 21:38:59 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012.03.16 21:38:59 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.03.16 21:38:59 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012.01.29 20:40:13 | 000,000,000 | ---- | C] () -- C:\Windows\COOLSYS.INI
[2012.01.29 20:40:12 | 000,010,705 | ---- | C] () -- C:\Windows\coolcust.ini
[2012.01.29 20:39:42 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2012.01.29 20:39:42 | 000,020,899 | ---- | C] () -- C:\Windows\COOL.INI
[2012.01.11 06:57:19 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a01b0227-0aa1-2245-0216-9b26727e72fd}\@
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.10.09 23:51:24 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.01.27 20:29:07 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.06 22:18:10 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.11.11 23:16:48 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.11.11 23:16:48 | 000,000,088 | RHS- | C] () -- C:\ProgramData\26F4DC224B.sys
[2010.10.11 06:26:30 | 016,371,712 | ---- | C] () -- C:\Windows\SysWow64\AbsynthIAC.dll
[2010.09.06 20:30:53 | 000,000,017 | ---- | C] () -- C:\Users\Lumi\AppData\Local\resmon.resmoncfg
[2010.08.21 23:29:18 | 000,000,086 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.06.28 19:00:51 | 000,000,010 | ---- | C] () -- C:\Users\Lumi\AppData\Roaming\secnxt3.cry
[2010.05.02 17:20:55 | 008,126,464 | ---- | C] () -- C:\Users\Lumi\NTUSER.bak
========== LOP Check ==========
[2010.09.25 09:52:53 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Applied Acoustics Systems
[2011.07.11 20:34:04 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2012.03.29 23:33:31 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Blue Cat Audio
[2010.11.07 12:14:07 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Broad Intelligence
[2012.01.20 17:18:15 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\bsnes
[2011.10.22 00:04:59 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Canon
[2012.05.29 21:25:10 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\com.beatport.BeatportDownloader
[2010.12.13 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Cytomic
[2010.09.07 22:45:27 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\DAEMON Tools Lite
[2012.04.09 16:24:57 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Daichi
[2012.06.26 22:37:36 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\DDMF
[2012.04.04 06:19:46 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\DDMF Effect Rack
[2011.12.31 13:22:04 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Diva.data
[2012.06.28 20:11:00 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Dropbox
[2010.05.03 21:52:51 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\FabFilter
[2011.01.01 15:14:24 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\fltk.org
[2010.05.16 17:03:40 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Flux
[2011.09.30 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Foxit Software
[2011.10.12 21:16:57 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Gaijin Ent
[2010.05.19 19:53:31 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\GHISLER
[2012.03.04 11:00:46 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\hdbADS
[2011.10.03 22:22:07 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\ICQ
[2012.05.07 19:51:41 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\MeldaProduction
[2010.05.03 20:04:28 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\MSPS
[2012.05.07 19:51:02 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\MTexturedStyles
[2011.11.19 17:18:24 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\OpenOffice.org
[2011.03.29 19:26:31 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\PACE Anti-Piracy
[2010.05.16 19:39:18 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Publish Providers
[2011.08.07 21:54:35 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\REAPER
[2011.12.05 23:07:34 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Samsung
[2010.05.03 21:32:18 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Smartelectronix
[2011.10.12 21:04:20 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Sony
[2011.01.11 22:16:10 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Sony Creative Software
[2011.11.01 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Steinberg
[2011.08.29 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\SynthFont
[2012.02.02 19:40:50 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\TeamViewer
[2011.11.01 12:18:24 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Thunderbird
[2012.06.23 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\uTorrent
[2010.05.22 21:30:20 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Voxengo
[2010.09.01 21:22:08 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\VST3 Presets
[2011.12.06 06:58:27 | 000,000,000 | ---D | M] -- C:\Users\Lumi\AppData\Roaming\Waves Audio
[2012.06.03 07:12:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 1471 bytes -> C:\ProgramData\Microsoft:TlC2pVqPaFnE35xzi
@Alternate Data Stream - 1457 bytes -> C:\Users\Lumi\AppData\Local\Temp:wR1p5jqvxB4d3bF6vehcxKcF
@Alternate Data Stream - 1456 bytes -> C:\ProgramData\Microsoft:qMA4wNy73ZU6Ehn8QCt88O7
@Alternate Data Stream - 1441 bytes -> C:\ProgramData\Microsoft:3PZU1Y4XlPYYnChTLm246Y
@Alternate Data Stream - 1370 bytes -> C:\ProgramData\Microsoft:HdmMyNFSQM5izUlV0e7PpC3s3
@Alternate Data Stream - 1358 bytes -> C:\ProgramData\Microsoft:SlyhdB8WHZGQknqoMmnTD3B5
@Alternate Data Stream - 1346 bytes -> C:\ProgramData\Microsoft:spGrl8buMeou52R5TY4R6Jk8h
@Alternate Data Stream - 1338 bytes -> C:\ProgramData\Microsoft:FJbjD5KdWwOKawgctx5m6IBD
@Alternate Data Stream - 1333 bytes -> C:\ProgramData\Microsoft:8MzfAg7C7Bp9UtU01k5euy
@Alternate Data Stream - 1283 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:oBDZOF9Ykz3oQBfBaFUBZOnu
@Alternate Data Stream - 1274 bytes -> C:\ProgramData\Microsoft:qCUMv1DlPTM6PqFk55ktd42bYKQ
@Alternate Data Stream - 1270 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:1cJjnwiibRMrDv2yMEJ8ZBqL
@Alternate Data Stream - 1264 bytes -> C:\ProgramData\Microsoft:LwmJDHZEGPBCRMYEFFNAXR6D
@Alternate Data Stream - 1247 bytes -> C:\Users\Lumi\AppData\Local\Temp:ssab8Rpr7WS1vrWTeonaa
@Alternate Data Stream - 1240 bytes -> C:\Users\Lumi\AppData\Local\Temp:6vdBaciQ8YTZjUpvFsronTW
@Alternate Data Stream - 1221 bytes -> C:\ProgramData\Microsoft:qg7USTA0dcXswvVWKTqfhme
@Alternate Data Stream - 1201 bytes -> C:\ProgramData\Microsoft:zgHHxzZILxUdnWDquLhXXMPXx
@Alternate Data Stream - 1180 bytes -> C:\ProgramData\Microsoft:isAmXQAnQyg5shejhPBHOrq
@Alternate Data Stream - 1141 bytes -> C:\ProgramData\Microsoft:kkNcG8TgPGrc2SsNBxlyJCf
< End of report >
Extras.txt: Code:
OTL Extras logfile created on: 28.06.2012 22:35:42 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = E:\Appz\Security
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 56,90% Memory free
8,01 Gb Paging File | 6,14 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): c:\pagefile.sys 16 16e:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,00 Gb Total Space | 6,72 Gb Free Space | 13,44% Space Free | Partition Type: NTFS
Drive D: | 29,99 Gb Total Space | 12,67 Gb Free Space | 42,26% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 883,72 Gb Free Space | 47,43% Space Free | Partition Type: NTFS
Drive F: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TATOOINE | User Name: Lumi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B0DAA1BD-65E9-4D1B-BBB5-850021C4D17F}" = Native Instruments Compilation Vol. 2
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B80954EE-5CA9-4202-BB8C-0DC3E332F47F}" = Native Instruments Kontakt 3
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D799CC16-F3B5-468D-AC67-6F77AAA98173}" = Native Instruments Komplete 6
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EB367D86-AC0E-41D1-93AE-6DE1A1C5C383}" = Native Instruments Kontakt 3 Factory Content
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"F08CF5BAFA651376713ABA6BE4395F7152EF8C85" = Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (04/11/2011 15.7.48.775)
"Focusrite USB 2.0 Audio Driver_is1" = Focusrite USB 2.0 Audio Driver 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Saffire USB 26_is1" = Scarlett MixControl 1.0
"WinRAR archiver" = WinRAR
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07C621A7-3284-4AD4-AFC8-7F41C475F056}" = Blue Cat's Gain Suite VST 3.0
"{0EB8339B-59A8-46e5-9D41-44458EBD7085}" = Blue Cat's Freeware Pack VST 2.0
"{16414746-4C9F-45F5-9D0B-1BB2F257710A}" = Blue Cat's Chorus VST 4.0
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44D94F3A-D38C-48DF-AEF7-4CD8B078F30F}" = Blue Cat's FreqAnalyst VST 2.0
"{4773CB4F-9783-4FD4-AE06-5E3CCA5CA4BE}" = Steinberg VST Classics 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}_is1" = Pazera Free Audio Extractor 1.4
"{697CE55E-469F-4FB7-9FB6-8CC4E50852B2}" = Blue Cat's Phaser VST 3.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80000001-C561-4E32-99EB-3C5AD3683A70}" = Waves Complete V8r11
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9660B18F-EC12-11DF-B006-0013D3D69929}" = Sound Forge Pro 10.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0C30E5-776F-4F62-B9E9-414018E0D9AD}" = Steinberg VST Classics 1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A048F6D6-BECE-D521-9BC9-B8806BFB118C}" = Beatport Downloader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AD5E66F6-AABE-4C99-B302-8C1545DD898F}" = Blue Cat's Flanger VST 3.0
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CEAAE942-E5CE-4F06-9424-AF7DB8BF3766}" = Devastor 1.2.0
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"{E074C49C-68D5-4949-ABB8-C712652A3FF8}" = Redoptor 1.2.0
"{E1F2A95F-9B52-4A43-9A17-0AEBFC5B2051}" = Flux_StereoTool
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F2D66909-5A27-4F0F-8E53-18BAE15178EC}" = Blue Cat's Triple EQ VST 4.0
"{F6294904-87F4-4574-8685-1B2239DF0041}" = Decimort 1.2.0
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Disk Catalog" = Advanced Disk Catalog
"Aliens versus Predator Classic 2000_is1" = Aliens versus Predator Classic 2000
"Antares Hyperprism v1.5.6 DX" = Antares Hyperprism v1.5.6 DX
"Audiograbber" = Audiograbber 1.83 SE
"BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1" = BeatportDownloader
"Blue Tubes Effects Pack3.5" = Blue Tubes Effects Pack
"BugPack1" = Beta Bugs BugPack1 VST
"Camel Audio CamelCrusher" = Camel Audio CamelCrusher
"Camel Audio CamelPhat" = Camel Audio CamelPhat
"Camel Audio CamelSpace" = Camel Audio CamelSpace
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.beatport.BeatportDownloader" = Beatport Downloader
"Cool Edit Pro" = Cool Edit Pro v1.2 fixed
"Devil-Loc V1_is1" = SoundToys Devil-Loc V1
"Dr. Hardware 2010_is1" = Dr. Hardware 2010 10.5d
"Drumaxx" = Drumaxx
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"EasyBCD" = EasyBCD 1.7.2
"eLicenser Control" = eLicenser Control
"Everything" = Everything 1.2.1.371
"FabFilter Micro 1.00" = FabFilter Micro 1.00
"FabFilter One 3.15" = FabFilter One 3.15
"FabFilter Simplon 1.10" = FabFilter Simplon 1.10
"FabFilter Timeless 2.00" = FabFilter Timeless 2.00
"FabFilter Twin 2.10" = FabFilter Twin 2.10
"FabFilter Volcano 2.03" = FabFilter Volcano 2.03
"FormatFactory" = FormatFactory 2.30
"Foxit Reader" = Foxit Reader
"Geheimnis von Montezuma" = Geheimnis von Montezuma
"Grand Theft Auto" = Grand Theft Auto
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"IL Download Manager" = IL Download Manager
"impOSCar" = GForce - impOSCar
"InstallShield_{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"IsoBuster_is1" = IsoBuster 2.8.5
"iZotope Trash_is1" = iZotope Trash
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mastering Effects Bundle 2 for Sound Forge Pro_is1" = Mastering Effects Bundle 2 for Sound Forge Pro
"MeldaProduction MFreeEffectsBundle 6" = MeldaProduction MFreeEffectsBundle 6
"Mercury 1" = Mercury 1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Native Instruments Absynth 1.3" = Native Instruments Absynth 1.3
"Native Instruments Absynth 2" = Native Instruments Absynth 2
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Absynth v3.0.2" = Native Instruments Absynth v3.0.2
"Native Instruments Akoustik Piano" = Native Instruments Akoustik Piano
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Battery v2.1" = Native Instruments Battery v2.1
"Native Instruments Compilation Vol. 2" = Native Instruments Compilation Vol. 2
"Native Instruments FM7" = Native Instruments FM7
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 5" = Native Instruments Komplete 5
"Native Instruments Komplete 6" = Native Instruments Komplete 6
"Native Instruments Kontakt 2" = Native Instruments Kontakt 2
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Kontakt 3 Factory Content" = Native Instruments Kontakt 3 Factory Content
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments True Strike Tension" = Native Instruments True Strike Tension
"Native.Instruments.Kontakt.v2.0.2.007" = Native.Instruments.Kontakt.v2.0.2.007
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Predatohm VST2" = OhmForce Predatohm VST2
"REAPER" = REAPER
"ReaPlugs" = ReaPlugs
"rgcAudio Pentagon I v1.21" = rgcAudio Pentagon I v1.21
"SequoiaView" = SequoiaView
"SoniqWare-MT-1_is1" = SoniqWare MT-1 1.3.0
"SoniqWare-MT-1-Demo_is1" = SoniqWare MT-1 Demo 1.3.0
"Soulseek2" = SoulSeek 157 NS 13
"Speed Dial Utility" = Canon Kurzwahlprogramm
"Steinberg Cubase SX 3" = Steinberg Cubase SX 3
"String Studio VS-1" = String Studio VS-1 v1.1.3
"SVF2" = Beta Bugs SVF2 VST
"THJediReplacementSetup_is1" = Star Wars: Jedi Knight - Dark Forces 2
"Totalcmd" = Total Commander (Remove or Repair)
"Ultra Analog VA-1" = Ultra Analog VA-1 v1.1.4
"UltraISO_is1" = UltraISO Premium V9.52
"URS Everything EQ Bundle VST for Native License" = URS Everything EQ Bundle VST for Native License
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinMerge_is1" = WinMerge 2.12.4
"XILS 3 LIMITED_is1" = XILS 3 LIMITED
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Limbo" = LIMBO
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.10.2011 19:30:42 | Computer Name = Tatooine | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error - 30.10.2011 19:33:52 | Computer Name = Tatooine | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\pyboo\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\pyboo\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 31.10.2011 01:12:50 | Computer Name = Tatooine | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2dc Startzeit:
01cc978b74908596 Endzeit: 82 Anwendungspfad: E:\c-ersatz\nfsu2\speed2.exe Berichts-ID:
Error - 31.10.2011 15:39:22 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.2.637,
Zeitstempel: 0x4c93cb68 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bb00 ID des fehlerhaften
Prozesses: 0x974 Startzeit der fehlerhaften Anwendung: 0x01cc98040c862299 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 07b6d996-03f8-11e1-ad64-0022152cbb2f
Error - 31.10.2011 16:39:32 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.2.637,
Zeitstempel: 0x4c93cb68 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bb00 ID des fehlerhaften
Prozesses: 0xc08 Startzeit der fehlerhaften Anwendung: 0x01cc980cb03bae52 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 6f4e91a7-0400-11e1-ad64-0022152cbb2f
Error - 31.10.2011 17:09:41 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.2.637,
Zeitstempel: 0x4c93cb68 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bb00 ID des fehlerhaften
Prozesses: 0xacc Startzeit der fehlerhaften Anwendung: 0x01cc9810a538271e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: a5e16997-0404-11e1-a08f-0022152cbb2f
Error - 31.10.2011 17:56:11 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.2.637,
Zeitstempel: 0x4c93cb68 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e887 ID des fehlerhaften
Prozesses: 0x928 Startzeit der fehlerhaften Anwendung: 0x01cc9817df86ffe8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 24cb6107-040b-11e1-a08f-0022152cbb2f
Error - 31.10.2011 18:09:11 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.2.637,
Zeitstempel: 0x4c93cb68 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bb00 ID des fehlerhaften
Prozesses: 0xcf4 Startzeit der fehlerhaften Anwendung: 0x01cc98183fef36b8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: f59ba0cb-040c-11e1-a08f-0022152cbb2f
Error - 31.10.2011 19:21:24 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.3.651,
Zeitstempel: 0x4d2ef8fc Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bb00 ID des fehlerhaften
Prozesses: 0x2cc Startzeit der fehlerhaften Anwendung: 0x01cc982338543a03 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Steinberg\Cubase 5\Cubase5.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0c0b2ea9-0417-11e1-a08f-0022152cbb2f
Error - 01.11.2011 06:11:10 | Computer Name = Tatooine | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: AcLayers.DLL, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b700 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00076c72 ID des fehlerhaften
Prozesses: 0xbfc Startzeit der fehlerhaften Anwendung: 0x01cc987e93162392 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\AppPatch\AcLayers.DLL Berichtskennung: d20fef19-0471-11e1-9d7a-0022152cbb2f
[ System Events ]
Error - 28.06.2012 14:10:47 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 28.06.2012 14:10:49 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 28.06.2012 14:10:50 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 28.06.2012 14:10:51 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 28.06.2012 14:10:52 | Computer Name = Tatooine | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 28.06.2012 14:10:52 | Computer Name = Tatooine | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 28.06.2012 14:11:38 | Computer Name = Tatooine | Source = DCOM | ID = 10016
Description =
Error - 28.06.2012 14:39:59 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 28.06.2012 14:40:03 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 28.06.2012 14:40:04 | Computer Name = Tatooine | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
< End of report >
Hoffe, dass das an Info erstmal ausreicht. Jedenfalls danke ich Euch schonmal im Voraus!
LG
Luumi |
