Trojaner-Board - GVU oder BKA Virusbefall

Hallo!

Mich hat gestern 17.9.13 ca. 9.00 eine Variante dieses Schädlings befallen.
Erwischt hat es mich beim Googeln über Themen die sich mit Programmierung von Java und Flash befassen. Hab aber keine Programme installiert! Das heißt natürlich nur, nicht bewußt.

Betriebssystem: Windows Server 2008R2 SP1

Zuerst kurz etwas zu den Festplatten in meinem Rechner:
Befallen wurde eine 2TB große Platte (4-fach Raid).
Erst danach hab ich eine weitere Festpatte angesteckt (80GB), die ebenfalls ein Windows Server 2008R2 System enthält (noch ohne SP1), um damit den Rechner booten zu können und Zugriff auf die Files der großen Platte zu bekommen.

Aus der Sichtweise der nun zusätzlich angesteckten Festplatte (mit anderer Windows-Installation), unterteilt sich die befallene Platte in folgende Partitionen:
D: 100MB ... Systempartition
E: 24GB ... Auslagerungsdatei
F: 500GB ... Startpartion
G: Rest ... diverse Dateien (keine Programme die hier installiert sind)

Diese Aufteilung zeigt also die befallene Platte aus Sicht einer unbeteiligten Platte mit anderer Windows-Installation.

Ich muss vielleicht erwähnen, dass diese 80GB Platte vor längerer Zeit ebenfalls von einem Trojaner befallen war. Der ließ sich aber leicht entfernen.
Ich verwende diese Platte eben normalerweise nur um unsichere Sachen zu testen, bevor ich sie wieder abstecke um dann mit meinem eigentlichen Hauptsystem auf der großen Platte hochzufahren.

Noch etwas Wichtiges:
Es geht mir weniger darum den Schädling wieder los zu werden, sondern vielmehr darum die verschlüsselten Files zu retten.
Hab nämlich sowieso vor danach sicherheitshalber ein Backup mit der Grundinstallation von Windows drüber zu spielen.
Es ist aber so, dass der Verlust der verschlüsselten Files äußerst schmerzlich wäre, da in dem Fall wochenlange Arbeit verloren wäre.
Es handelt sich primär aber nur um eher kleinere Textfiles (Programmierung).

Nun dazu was der Schädling angerichtet hat:
Die befallenen Files wurden umbenannt. Der alte Filename blieb zwar erhalten, aber jedes File trägt nun die Endung .html.
Befallen wurden grob geschätzt mehr als 50% aller persönlichen Files (also mehrere 100, wenn nicht sogar 1000).
Beispiel:
vorher: Image.gif
nachher: Image.gif.html

Jedes File ist genau um 220 Bytes größer als vorher.
Im Binär-Editor zeigt sich der Grund dafür:
Der ursprüngliche Inhalt der Files wurde offenbar nicht nur verschlüsselt sondern zusätzlich auch als HTML-Kommentar in eine Webseite eingebaut.
Sieht im Binäreditor so aus:

Zitat:

<html xmlns='hxxp://www.w3.org/1999/xhtml'><head><meta http-equiv='refresh' content='0; url=hxxp://mblpcblock.in/i.php?uid={77CEB260-E181-8827-A976-EA2F7E227455}' /><title>Index</title></head><body></body></html>

Das am Beginn und Ende der Datei angehängte HTML entspricht ganz genau den 220 Bytes.

Hab bereits mit dem Editor bei einigen Files (von denen ich zusätzlich die nicht verschlüsselte Version besitze) den HTML-Part entfernt und danach mit einigen Tools versucht das File zu entschlüsseln. Leider haben alle bisher versuchten Tools versagt - konnten keinen passenden Schlüssel generieren.

Versucht hab ich es mit:
Avira-RansomFileUnlocker-1.0.1
Rannoh Decryptor
DecryptHelper-0.5.3
Matsnu1 Decryptor 1.0.2.4

Selbstverständlich hab ich auch die Anleitung hier im Board befolgt und mit den dort aufgezählten Tools Logs gemacht.
Leider stürtzt gmer_2.1.19163.exe aber jedes Mal nach wenigen Minuten ab (APPCRASH) - keine Ahnung wieso.
Hier die anderen Logs:

OTL.Txt:
OTL Logfile:

Code:

OTL logfile created on: 18.05.2013 09:39:07 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lack\Desktop

64bit- Server Enterprise Edition (full installation) (Version = 6.1.7600) - Type = NTServer

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 6,60 Gb Available Physical Memory | 82,54% Memory free

16,00 Gb Paging File | 14,31 Gb Available in Paging File | 89,48% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 39,99 Gb Total Space | 2,51 Gb Free Space | 6,28% Space Free | Partition Type: NTFS

Drive D: | 94,10 Mb Total Space | 65,94 Mb Free Space | 70,08% Space Free | Partition Type: NTFS

Drive E: | 23,91 Gb Total Space | 15,82 Gb Free Space | 66,17% Space Free | Partition Type: NTFS

Drive F: | 500,00 Gb Total Space | 261,80 Gb Free Space | 52,36% Space Free | Partition Type: NTFS

Drive G: | 1339,04 Gb Total Space | 920,05 Gb Free Space | 68,71% Space Free | Partition Type: NTFS

Drive I: | 34,53 Gb Total Space | 4,26 Gb Free Space | 12,33% Space Free | Partition Type: NTFS

 

Computer Name: PC | User Name: Lack | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.05.18 09:30:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lack\Desktop\OTL.exe

PRC - [2013.05.17 21:02:42 | 000,813,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe

PRC - [2012.08.14 18:35:41 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

PRC - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () -- C:\Users\Lack\AppData\LocalLow\WOT\IE\WOTUpdater.exe

PRC - [2011.11.15 19:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe

PRC - [2011.11.15 19:20:26 | 000,078,192 | ---- | M] (Dyn, Inc.) -- C:\Program Files (x86)\Dyn Updater\DynTray.exe

PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.04.14 00:48:37 | 000,197,024 | ---- | M] () -- C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll

MOD - [2012.01.12 12:23:34 | 000,223,232 | ---- | M] () -- C:\Users\Lack\AppData\LocalLow\WOT\IE\sqlite3.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2012.06.11 19:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.07.14 03:41:53 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)

SRV:64bit: - [2009.07.14 03:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009.07.14 03:39:31 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)

SRV:64bit: - [2009.07.14 03:39:31 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rqs.exe -- (rqs)

SRV:64bit: - [2009.07.14 03:39:22 | 000,039,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nfssvc.exe -- (NfsService)

SRV:64bit: - [2009.07.14 03:39:21 | 000,065,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nfsclnt.exe -- (NfsClnt)

SRV - [2012.06.06 19:57:46 | 003,293,552 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)

SRV - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Lack\AppData\LocalLow\WOT\IE\WOTUpdater.exe -- (WOTUpdater)

SRV - [2011.11.15 19:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe -- (Dyn Updater)

SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.03.11 16:12:42 | 000,316,744 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe -- (GatewayAgentService)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)

SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2009.07.14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)

SRV - [2009.03.30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)

SRV - [2009.03.30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)

SRV - [2008.07.10 05:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012.06.11 18:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011.06.26 02:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)

DRV:64bit: - [2011.06.26 02:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)

DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 03:45:45 | 000,096,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv)

DRV:64bit: - [2009.07.14 01:42:54 | 000,121,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)

DRV:64bit: - [2009.07.14 01:42:47 | 000,181,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)

DRV:64bit: - [2009.07.14 01:25:34 | 000,738,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nfssvr.sys -- (NfsServer)

DRV:64bit: - [2009.07.14 01:24:45 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rpcxdr.sys -- (RpcXdr)

DRV:64bit: - [2009.07.14 01:24:45 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\portmap.sys -- (Portmap)

DRV:64bit: - [2009.07.14 01:24:44 | 000,031,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\msnfsflt.sys -- (msnfsflt)

DRV:64bit: - [2009.07.14 01:24:23 | 000,262,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\nfsrdr.sys -- (NfsRdr)

DRV:64bit: - [2009.06.10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)

DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.06.10 22:35:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2007.04.23 16:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mgmt.sys -- (s115mgmt)

DRV:64bit: - [2007.04.23 16:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115obex.sys -- (s115obex)

DRV:64bit: - [2007.04.23 16:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdm.sys -- (s115mdm)

DRV:64bit: - [2007.04.23 16:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdfl.sys -- (s115mdfl)

DRV:64bit: - [2007.04.23 16:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115bus.sys -- (s115bus)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009.07.14 01:14:26 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrxdav.sys -- (MRxDAV)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

 

 

 
 ========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: WOT = C:\Users\Lack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphjeokkkbngjpiofnfpnafjeofjomfb\2.11.7_0\

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (WOT) - {9E571C81-21E7-496B-9E6B-127E60263022} - C:\Users\Lack\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [AdobeBridge] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.202.138.3 195.202.128.3 62.40.128.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{527CD2EB-F18B-4450-B811-2831FCB0E455}: DhcpNameServer = 195.202.138.3 195.202.128.3 62.40.128.2

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (OODBS)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.05.18 09:30:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lack\Desktop\OTL.exe

[2013.05.18 08:53:34 | 000,000,000 | ---D | C] -- C:\Users\Lack\AppData\Roaming\Microsoft FxCop

[2013.05.17 15:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013.05.17 10:43:10 | 000,000,000 | ---D | C] -- C:\Users\Lack\Desktop\verschlüsselt

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.05.18 09:36:43 | 000,000,239 | ---- | M] () -- C:\Users\Lack\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.url

[2013.05.18 09:33:42 | 000,000,000 | ---- | M] () -- C:\Users\Lack\defogger_reenable

[2013.05.18 09:31:05 | 000,377,856 | ---- | M] () -- C:\Users\Lack\Desktop\gmer_2.1.19163.exe

[2013.05.18 09:30:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lack\Desktop\OTL.exe

[2013.05.18 09:29:54 | 000,050,477 | ---- | M] () -- C:\Users\Lack\Desktop\Defogger.exe

[2013.05.18 08:49:14 | 001,930,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.05.18 08:49:14 | 000,813,122 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.05.18 08:49:14 | 000,754,716 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.05.18 08:49:14 | 000,196,324 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.05.18 08:49:14 | 000,165,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.05.18 08:46:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.05.18 08:44:59 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.05.18 08:43:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.05.18 08:43:35 | 000,066,352 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor

[2013.05.18 05:01:25 | 000,009,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.05.18 05:01:24 | 000,009,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.05.17 10:34:42 | 000,149,694 | ---- | M] () -- C:\Users\Lack\Desktop\DecryptHelper-0.5.3.exe

[2013.05.17 09:26:24 | 000,036,236 | ---- | M] () -- C:\Users\Lack\Desktop\class_upgrade_product.php.html

[2013.05.17 09:25:49 | 000,003,084 | ---- | M] () -- C:\Users\Lack\Desktop\ajax_userweather.php.html

[2013.05.17 09:25:41 | 000,000,245 | ---- | M] () -- C:\Users\Lack\Desktop\php.php.html

 
 ========== Files Created - No Company Name ==========

 

[2013.05.18 09:35:46 | 000,000,239 | ---- | C] () -- C:\Users\Lack\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.url

[2013.05.18 09:33:42 | 000,000,000 | ---- | C] () -- C:\Users\Lack\defogger_reenable

[2013.05.18 09:31:04 | 000,377,856 | ---- | C] () -- C:\Users\Lack\Desktop\gmer_2.1.19163.exe

[2013.05.18 09:29:54 | 000,050,477 | ---- | C] () -- C:\Users\Lack\Desktop\Defogger.exe

[2013.05.18 00:06:46 | 000,000,245 | ---- | C] () -- C:\Users\Lack\Desktop\php.php.html

[2013.05.17 10:37:10 | 000,036,236 | ---- | C] () -- C:\Users\Lack\Desktop\class_upgrade_product.php.html

[2013.05.17 10:34:42 | 000,149,694 | ---- | C] () -- C:\Users\Lack\Desktop\DecryptHelper-0.5.3.exe

[2013.05.17 10:24:16 | 000,003,084 | ---- | C] () -- C:\Users\Lack\Desktop\ajax_userweather.php.html

[2012.11.08 10:26:48 | 000,000,055 | ---- | C] () -- C:\Windows\wininit.ini

[2012.11.08 09:59:37 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll

[2012.09.26 03:53:00 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2012.08.13 09:36:31 | 001,815,162 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.08.12 18:03:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012.08.12 17:52:57 | 000,001,272 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:58:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.09.26 03:39:34 | 000,000,000 | ---D | M] -- C:\Users\Lack\AppData\Roaming\4Free

[2012.12.10 10:57:11 | 000,000,000 | ---D | M] -- C:\Users\Lack\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012.09.25 19:21:59 | 000,000,000 | ---D | M] -- C:\Users\Lack\AppData\Roaming\DVDVideoSoft

[2012.08.12 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Lack\AppData\Roaming\GHISLER

[2012.10.03 12:49:38 | 000,000,000 | ---D | M] -- C:\Users\Lack\AppData\Roaming\Jcx.Software

[2012.11.08 10:32:08 | 000,000,000 | ---D | M] -- C:\Users\Lack\AppData\Roaming\MyPhoneExplorer

[2012.09.25 18:44:40 | 000,000,000 | ---D | M] -- C:\Users\Lack\AppData\Roaming\Replay Media Catcher 4

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:BCC69EC7

 

< End of report >

--- --- ---

[/QUOTE]

Extras.Txt:
OTL Logfile:

Code:

OTL Extras logfile created on: 18.05.2013 09:39:07 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lack\Desktop

64bit- Server Enterprise Edition (full installation) (Version = 6.1.7600) - Type = NTServer

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 6,60 Gb Available Physical Memory | 82,54% Memory free

16,00 Gb Paging File | 14,31 Gb Available in Paging File | 89,48% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 39,99 Gb Total Space | 2,51 Gb Free Space | 6,28% Space Free | Partition Type: NTFS

Drive D: | 94,10 Mb Total Space | 65,94 Mb Free Space | 70,08% Space Free | Partition Type: NTFS

Drive E: | 23,91 Gb Total Space | 15,82 Gb Free Space | 66,17% Space Free | Partition Type: NTFS

Drive F: | 500,00 Gb Total Space | 261,80 Gb Free Space | 52,36% Space Free | Partition Type: NTFS

Drive G: | 1339,04 Gb Total Space | 920,05 Gb Free Space | 68,71% Space Free | Partition Type: NTFS

Drive I: | 34,53 Gb Total Space | 4,26 Gb Free Space | 12,33% Space Free | Partition Type: NTFS

 

Computer Name: PC | User Name: Lack | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 1

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0156A6A5-8D6E-4E6A-A0E8-3AB033BCF96C}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\remrras.exe | 

"{0260D4DD-B9A1-4193-B3DB-54B6E6ED334F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 

"{07F33A09-7CFE-4B14-9F43-EDF0A13DAF48}" = lport=rpc | protocol=6 | dir=in | svc=comsysapp | app=%systemroot%\system32\dllhost.exe | 

"{08EEA6E3-DE8B-402D-B5DF-5CF9C5114C60}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{0A386BAD-6A36-4436-AB9A-24B2E4718636}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{0F7A892B-049B-41E7-B442-E9D03B37A889}" = lport=5358 | protocol=6 | dir=in | app=system | 

"{13575A79-F105-4547-9AC7-217A1E31D1B1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{1461E077-7A3A-4FB4-945D-25AE5D33E5AB}" = rport=3702 | protocol=17 | dir=out | svc=peerdistsvc | app=%systemroot%\system32\svchost.exe | 

"{1624EBBC-CC23-4C27-ABDC-C53AD7804873}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{1A2E0EE5-FBC0-4A45-B9FD-AB37C1089923}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{23C7872A-9018-48D9-A6EC-1799546A0EA4}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe | 

"{2FB87D91-5FF8-48A5-A2DB-518CB49590F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 

"{309087C7-475D-40B0-BEBE-BC6D0A70014C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{3E83FF0D-4A66-4524-8742-3B4069E7C86E}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe | 

"{42305A89-94F5-4862-87F5-3C4889902F74}" = rport=5357 | protocol=6 | dir=out | app=system | 

"{4ABF2321-75D6-4E22-8F5B-EE025065F33D}" = lport=5358 | protocol=6 | dir=in | app=system | 

"{4B707EB3-82C4-4499-8F3D-C73FCDD1D932}" = lport=443 | protocol=6 | dir=in | app=system | 

"{4F0A4AD9-15DE-4002-BFDB-E093EF424A06}" = lport=445 | protocol=6 | dir=in | app=system | 

"{4FA01DB2-C3EF-4E23-985B-C2753BA71CA1}" = rport=137 | protocol=17 | dir=out | app=system | 

"{576E3519-4742-4562-B8C5-9C5AC2F1720F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 

"{63248D35-EA16-4418-9072-7FEE6EB9AFB3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 

"{669E0F1F-D26A-4B5C-B197-D2F2ACCE4342}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{69A7694C-CD22-40B6-A21A-25E07C28EBA9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{6E75F8C6-088B-416B-B3C0-85672F2458CB}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{715A2A39-96E1-4C85-93E4-980A7EF07E91}" = rport=5357 | protocol=6 | dir=out | app=system | 

"{726C2AA5-D0A3-4E0A-8426-C191F454523D}" = lport=443 | protocol=6 | dir=out | app=system | 

"{764AC4F9-8D6C-45C2-9395-7090D27BD44F}" = rport=137 | protocol=17 | dir=out | app=system | 

"{76BE738A-74CD-4BE9-BCEC-FD089EB59485}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{777C93D9-35C2-4AB5-8BD2-01EE8B32193D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 

"{7E4D2A15-8715-4C1B-A077-EDFA7D4496B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{87871263-FCDB-4038-BB3C-79AC12651E31}" = lport=445 | protocol=6 | dir=in | app=system | 

"{87C60FED-60B9-4284-B39A-348FFA3FA805}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{8B8DFB2E-DCDE-414B-A412-9E6DFABF33A8}" = lport=5357 | protocol=6 | dir=in | app=system | 

"{8CCA7728-CD61-459A-9596-F67783929675}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 

"{8CF63580-572F-4114-B784-42034886C311}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{8EC382D3-4550-4CA6-B67A-13B5989C2E66}" = rport=138 | protocol=17 | dir=out | app=system | 

"{98440A02-6294-4920-B598-8B82A682B0EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{9E11525F-595B-4BFB-BCEC-CC423B5394F2}" = lport=445 | protocol=6 | dir=in | app=system | 

"{A221A824-6824-466E-81C2-37E81A699BF1}" = lport=137 | protocol=17 | dir=in | app=system | 

"{A3C3034E-76C9-4C32-B7C7-3998FC80480D}" = lport=3389 | protocol=6 | dir=in | app=system | 

"{A62E8418-F9B5-4DFB-909A-4E65B4220051}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{AEBB74CD-41B2-4F57-9234-EA2C4ACC7E38}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{B0BF911A-6472-43DE-A233-58BAAB7654DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 

"{B2BABE04-C7BB-4DCE-BD11-B63433E0AB5E}" = rport=80 | protocol=6 | dir=out | app=system | 

"{C22A6804-AD3F-4EEA-9B93-6B63A2F9B24B}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe | 

"{D011C37B-0D70-4E6D-89FC-87F4330092C8}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=%systemroot%\system32\svchost.exe | 

"{D259B4D4-1995-4AF7-A733-74A13ED6E6F6}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 

"{D4B76FEF-6506-4904-9D1C-03797AA122DF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{D8FFA01B-C142-49C1-8180-CC9B2D8C5454}" = lport=137 | protocol=17 | dir=in | app=system | 

"{D9553111-6AC9-410B-8A72-8992644BF363}" = lport=rpc | protocol=6 | dir=in | svc=* | app=%systemroot%\system32\svchost.exe | 

"{D9AB7CDD-661A-4D32-B0DE-BE12FB05A9FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{DA48F17F-3665-4E61-95DD-5B209AFC0A09}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{E0056B63-C0D1-4CEB-B7D8-E6A3645B61A5}" = lport=3702 | protocol=17 | dir=in | svc=peerdistsvc | app=%systemroot%\system32\svchost.exe | 

"{E1FF9938-A5C8-4182-A01F-38EA6BBADC58}" = lport=5357 | protocol=6 | dir=in | app=system | 

"{E222091E-270C-4543-A70F-B3D17FD92365}" = rport=443 | protocol=6 | dir=out | app=system | 

"{E31E9145-6007-461F-B3F6-619D373B0583}" = lport=138 | protocol=17 | dir=in | app=system | 

"{E560079E-3F8C-422E-BB23-7DE6519033F7}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 

"{E7407DA7-CD39-4CDD-BEEF-93ED5D3D80E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{E9D2C162-8198-46EE-8824-58E87292FC91}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe | 

"{EB69B403-13CB-411A-94F1-DB8119727546}" = lport=138 | protocol=17 | dir=in | app=system | 

"{F1CB0DD8-DEEB-4647-8B14-E7961CC0EC38}" = lport=445 | protocol=6 | dir=in | app=system | 

"{F2846005-2E99-43C1-9B5C-227DB483D136}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe | 

"{F310CA80-DF59-425D-A50A-1B8ECBC20009}" = rport=5358 | protocol=6 | dir=out | app=system | 

"{F3AE516F-544D-4EFC-BACF-8D562DC30C04}" = lport=80 | protocol=6 | dir=in | app=system | 

"{F91F7F9C-03E5-4BA9-82E4-759995A1F425}" = rport=138 | protocol=17 | dir=out | app=system | 

"{FC474C50-1A66-467D-ADC3-CD57270B59CB}" = rport=5358 | protocol=6 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{11EE41EC-7645-457E-90C6-478EEC2DF5B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{187B8F5F-100F-4CB2-8F64-9EDAF192E78D}" = protocol=17 | dir=out | svc=nfsclnt | app=%systemroot%\system32\nfsclnt.exe | 

"{3AA98D63-BF77-4D71-944D-86BBE4B8E25A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{4222511B-47AD-47F3-88C6-44001D6F1975}" = protocol=6 | dir=out | app=system | 

"{48B43251-95A7-4066-AA39-354B523F279D}" = protocol=17 | dir=in | app=c:\program files (x86)\jcx.software\vs.php\2010\vsphp_dbg.exe | 

"{4D747214-78A1-4829-9F30-3320749410FF}" = protocol=6 | dir=out | app=%systemroot%\system32\msdtc.exe | 

"{78DC0703-AC26-4524-B35B-6B8CAB92C533}" = protocol=6 | dir=in | app=c:\program files (x86)\jcx.software\vs.php\2010\vsphp_dbg.exe | 

"{7D1BEEC2-5407-42FF-A63C-CAF38728917F}" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd64.exe | 

"{8A0EE226-9475-44C7-A26C-94DD6769C3D4}" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | 

"{8B56F2DE-8144-4355-8EDC-9FF68143019A}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 

"{9AFDB13E-5CBE-44EC-8095-4DEE4E9AC1F1}" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd64.exe | 

"{AB681846-44CC-4EA4-871C-2EF1D97CA3ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{C16ED19C-28C0-4090-883C-C348817B7F9C}" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | 

"{C719FA6B-D6D3-410C-824C-C5A9ECAC8E2C}" = protocol=6 | dir=in | app=%systemroot%\system32\msdtc.exe | 

"{C9B94CB2-6EFF-40CB-A312-7E2D37893D7E}" = protocol=6 | dir=out | app=system | 

"{D5503745-60B2-4B8C-8341-A2C3B469307B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{D8B85E03-7DDE-474B-87FE-199F42A7B828}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 

"{E25C164F-2127-4EBF-BB8D-C49894127FD7}" = protocol=6 | dir=out | svc=nfsclnt | app=%systemroot%\system32\nfsclnt.exe | 

"{FC60B249-95D7-425E-8BB4-A26D83025E3E}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe | 

"TCP Query User{420AE67E-A417-4AFA-8D3C-9C61B0AD192E}C:\program files (x86)\jcx.software\vs.php\2010\vsphp_dbg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jcx.software\vs.php\2010\vsphp_dbg.exe | 

"UDP Query User{40FCC7E4-D8B1-40B8-82F4-6D7A68C3123B}C:\program files (x86)\jcx.software\vs.php\2010\vsphp_dbg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jcx.software\vs.php\2010\vsphp_dbg.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files

"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared

"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager

"{0D432429-C79C-462D-ABD8-4D82B83A954B}" = Microsoft SQL Server System CLR Types (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de

"{192B2AE5-B168-4669-BB22-B29456863AD8}" = O&O Defrag Server

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)

"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer

"{2A6823CE-23A8-35B3-8342-162A973CDD5B}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU

"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program

"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services

"{458707CD-9D7A-477F-B925-02242A29673B}" = Microsoft Web Platform Installer 4.5

"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client 

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files

"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English

"{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}" = Microsoft SQL Server 2008 R2 Management Objects (x64)

"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 

"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de

"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver

"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64

"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client

"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - DEU

"{8C327061-E39D-4696-84A8-E84533ADDD7D}" = ActivePerl 5.16.3 Build 1603 (64-bit)

"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU

"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU

"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared

"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)

"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)

"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1

"{E851486F-1FE2-44F0-85ED-F969088A68EE}" = PHP Manager 1.2 for IIS 7

"{EB675D0A-2C95-405B-BEE8-B42A65D23E11}" = IIS-URL-Rewrite-Modul 2

"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)

"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU

"Totalcmd64" = Total Commander 64-bit (Remove or Repair)

"VueScan" = VueScan

"WinRAR archiver" = WinRAR 4.20 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86

"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser

"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{7061301A-0D44-432F-859D-AF705DA2C81F}_is1" = 4Free Video Converter 2

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6

"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52

"{919E5477-D20B-4F64-AE8B-8199469F7817}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework

"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{B001BC87-1A45-3656-AD07-213ED52F13E2}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{B1F7AB4B-25B1-46B1-A3A0-FD652C3D62BE}" = Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types

"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU

"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects

"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0

"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack

"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F1AA9D7F-2576-4407-A939-99E89E276B0C}" = VS.Php 3.0 for Visual Studio 2010

"{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}" = FontLab Studio 5

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"DynUpdater" = Dyn Updater

"ESET Online Scanner" = ESET Online Scanner v3

"FormatFactory" = FormatFactory 2.96

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.17.903

"Google Chrome" = Google Chrome

"Messenger Plus!" = Messenger Plus! 5

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack

"MPE" = MyPhoneExplorer

"Replay Media Catcher 4" = Replay Media Catcher 4 (4.3.2)

"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812

"WinLiveSuite" = Windows Live Essentials

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 26.12.2012 11:13:33 | Computer Name = PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Lack\Desktop\SoftonicDownloader_fuer_free-video-to-mp3-converter.exe".

Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche

Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In

Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Komponente

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

 

Error - 26.12.2012 11:18:44 | Computer Name = PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Lack\Desktop\SoftonicDownloader_fuer_free-video-to-mp3-converter.exe".

Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche

Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In

Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Komponente

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

 

Error - 14.04.2013 10:03:58 | Computer Name = PC | Source = Distributed Link Tracking Client | ID = 12503

Description = 

 

Error - 17.04.2013 05:34:13 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: WOT.dll_unloaded, Version:

0.0.0.0, Zeitstempel: 0x4f0eb4a7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x10030cf8

ID

des fehlerhaften Prozesses: 0xf60 Startzeit der fehlerhaften Anwendung: 0x01ce3b499902d671

Pfad

der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Pfad

des fehlerhaften Moduls: WOT.dll Berichtskennung: f651d06a-a741-11e2-8b8c-00e07da812e6

 

Error - 17.04.2013 05:34:16 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: WOT.dll_unloaded, Version:

0.0.0.0, Zeitstempel: 0x4f0eb4a7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1000ad75

ID

des fehlerhaften Prozesses: 0xf60 Startzeit der fehlerhaften Anwendung: 0x01ce3b499902d671

Pfad

der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Pfad

des fehlerhaften Moduls: WOT.dll Berichtskennung: f80c905d-a741-11e2-8b8c-00e07da812e6

 

Error - 17.05.2013 08:42:02 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bda8a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b126b ID des fehlerhaften

Prozesses: 0x1530 Startzeit der fehlerhaften Anwendung: 0x01ce52f836efad0c Pfad der

fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad

des fehlerhaften Moduls: C:\Windows\SysWOW64\mshtml.dll Berichtskennung: 2bc653a9-beef-11e2-a270-00e07da812e6

 

Error - 17.05.2013 08:42:26 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bda8a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b126b ID des fehlerhaften

Prozesses: 0xef0 Startzeit der fehlerhaften Anwendung: 0x01ce52fbf2501824 Pfad der

fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad

des fehlerhaften Moduls: C:\Windows\SysWOW64\mshtml.dll Berichtskennung: 3a4554f4-beef-11e2-a270-00e07da812e6

 

Error - 17.05.2013 16:49:18 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bda8a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b126b ID des fehlerhaften

Prozesses: 0x1bb8 Startzeit der fehlerhaften Anwendung: 0x01ce533ac15cfe62 Pfad der

fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad

des fehlerhaften Moduls: C:\Windows\SysWOW64\mshtml.dll Berichtskennung: 3dc4a05d-bf33-11e2-a270-00e07da812e6

 

Error - 17.05.2013 16:52:36 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bda8a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b126b ID des fehlerhaften

Prozesses: 0x1898 Startzeit der fehlerhaften Anwendung: 0x01ce53400226259a Pfad der

fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad

des fehlerhaften Moduls: C:\Windows\SysWOW64\mshtml.dll Berichtskennung: b3b2ed10-bf33-11e2-a270-00e07da812e6

 

Error - 17.05.2013 16:53:12 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16385,

Zeitstempel: 0x4a5bda8a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b126b ID des fehlerhaften

Prozesses: 0x24f0 Startzeit der fehlerhaften Anwendung: 0x01ce534077240751 Pfad der

fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad

des fehlerhaften Moduls: C:\Windows\SysWOW64\mshtml.dll Berichtskennung: c947c6ec-bf33-11e2-a270-00e07da812e6

 

[ System Events ]

Error - 14.04.2013 11:50:48 | Computer Name = PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

cdrom

 

Error - 14.04.2013 11:52:52 | Computer Name = PC | Source = RemoteAccess | ID = 20106

Description = Die Schnittstelle "Intern" kann nicht zu dem Router-Manager für das

Protokoll IPV6 hinzugefügt werden. Fehler: Falscher Parameter. 

 

Error - 17.04.2013 04:46:26 | Computer Name = PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

cdrom

 

Error - 17.04.2013 04:48:31 | Computer Name = PC | Source = RemoteAccess | ID = 20106

Description = Die Schnittstelle "Intern" kann nicht zu dem Router-Manager für das

Protokoll IPV6 hinzugefügt werden. Fehler: Falscher Parameter. 

 

Error - 01.05.2013 08:32:09 | Computer Name = PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

cdrom

 

Error - 01.05.2013 08:34:13 | Computer Name = PC | Source = RemoteAccess | ID = 20106

Description = Die Schnittstelle "Intern" kann nicht zu dem Router-Manager für das

Protokoll IPV6 hinzugefügt werden. Fehler: Falscher Parameter. 

 

Error - 17.05.2013 03:40:40 | Computer Name = PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

cdrom

 

Error - 17.05.2013 03:42:44 | Computer Name = PC | Source = RemoteAccess | ID = 20106

Description = Die Schnittstelle "Intern" kann nicht zu dem Router-Manager für das

Protokoll IPV6 hinzugefügt werden. Fehler: Falscher Parameter. 

 

Error - 18.05.2013 02:45:07 | Computer Name = PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

cdrom

 

Error - 18.05.2013 02:47:11 | Computer Name = PC | Source = RemoteAccess | ID = 20106

Description = Die Schnittstelle "Intern" kann nicht zu dem Router-Manager für das

Protokoll IPV6 hinzugefügt werden. Fehler: Falscher Parameter. 

 

 

< End of report >

--- --- ---

[/QUOTE]