TR/Agent2.cwhg in windows/system32/pngxf1ax.dll

HeikeLina · 30.09.2010, 14:40

hallo zusammen,

vielleicht kann mir hier jemand eine rat geben:

seit heute morgen meldet antivir(freeware) immer wieder ein trojanisches pferd unter c:\WINDOWS\system32\pngxf1ax.dll

der trojander wird als TR/Agent2.cwhg bezeichnet.

ich habe jetzt schon mehrmals sowohl "loschen" als auch "isolieren" versucht - doch die meldung kommt immer wieder.

dann habe ich folgende anleitung befolgt:
Hallo, lade dir das Tool AdAware, Spybot und CWShredder und scan damit
dein
PC. Vor dem Start aber unbedingt das update von AdAware, Spybot und
CWShredder laden. Anschließend starte dein Antivirenprogramm.
Danach lade dir HijackThis, stelle es in einen seperaten Ordner und starte
das Programm.

und hier das protokoll / kann mir bitte jemand helfen und sagen was ich jetzt weiter tun muss bzw. sollte?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Programme\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Alwil Software\Avast5\avastUI.exe
C:\Programme\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\ThreatFire\TFService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Google\Chrome\Application\chrome.exe
C:\Programme\Google\Chrome\Application\chrome.exe
C:\Programme\Google\Chrome\Application\chrome.exe
C:\Programme\Google\Chrome\Application\chrome.exe
C:\Dokumente und Einstellungen\Computer-2\Eigene Dateien\Downloads\Ad-Aware833Install.exe
C:\DOKUME~1\COMPUT~1\LOKALE~1\Temp\mia29.tmp\Ad-AwareInstall.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programme\Google\Chrome\Application\chrome.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://www.fujitsu-siemens.de/
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: XTTBPos00 - {7914D9F0-DD27-4260-9BC1-AE01834B77CA} - C:\Programme\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: T-Online Toolbar 2.0 - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Programme\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast5] "C:\Programme\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Ad-Watch Live!] C:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3107811599-90543219-2328601434-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.fujitsu-siemens.de
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1c9d48ddea10d86) (gupdate1c9d48ddea10d86) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Programme\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: ThreatFire - PC Tools - C:\Programme\ThreatFire\TFService.exe

--
End of file - 11861 bytes

edit: bin unter XP mit googlechrome unterwegs

VIELEN DANK!

Chris4You · 30.09.2010, 14:47

Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

chris

HeikeLina · 30.09.2010, 15:01

hallo und vielen dank fürs schnelle melden,

hier die logdatei vom malware.

das mit dem OTL hab ich jetzt nicht gemacht da dort steht das es für vista oder win7 ist und ich XP habe.....
ich starte auch mal den pc kurz neu...und bin gleich wieder online - DANK!

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4722

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.09.2010 16:01:13
mbam-log-2010-09-30 (16-01-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146460
Laufzeit: 4 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\xttb00001.ietoolbar (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dfb4667b-5304-4cd5-b494-2742acd99212} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7914d9f0-dd27-4260-9bc1-ae01834b77ca} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7914d9f0-dd27-4260-9bc1-ae01834b77ca} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7914d9f0-dd27-4260-9bc1-ae01834b77ca} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7914d9f0-dd27-4260-9bc1-ae01834b77ca} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xttb00001.ietoolbar.1 (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xttb00001.xttb00001 (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xttb00001.xttb00001.1 (Adware.ToolBar) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll (Adware.ToolBar) -> Quarantined and deleted successfully.

Chris4You · 30.09.2010, 15:09

Hi,

lass bitte OTL wie vorgeschlagen laufen, es gibt für Vista / Win7 zur spezielle Anweisungen für OTL...

chris

HeikeLina · 30.09.2010, 15:23

chris,

ich habe die zwei dateien, doch ich kann diese hier nicht einstellen (auch getrennt nicht), denn ich werde jedesmal aus dem programm geworfen.....?!?!?!

HeikeLina · 30.09.2010, 15:24

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 30.09.2010 16:15:34 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Dokumente und Einstellungen\Computer-2\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 100,00 Gb Total Space | 79,13 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive D: | 49,05 Gb Total Space | 48,92 Gb Free Space | 99,74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: COMPUTER2
Current User Name: Computer-2
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-3107811599-90543219-2328601434-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\scc.exe" = C:\Programme\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\scc.exe" = C:\Programme\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\IncrediMail\bin\ImApp.exe" = C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{089B1349-BA53-43B1-A2C9-DBF9A7F8FD30}" = MOTORRAD Tourenplaner 2008/2009
"{0A88ADDA-E297-4AB8-9540-016230895F62}" = MSN Toolbar
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{661F85B9-FB7F-4884-BFCB-09C71930BA8F}" = ArcSoft MediaImpression for Kodak
"{6BBDFBC5-44DC-49D1-B55E-88542A244BE6}" = iET Client
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F796D0-8F6C-45F8-86D6-085F7A36787B}" = Zusatzmodul GPS-Tourenplaner MTP09
"{8556B16D-AD7A-42A7-8A75-F7C532371031}" = Nero 7 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FCF2FC0-8268-11D4-A313-0006290D766E}" = Check Point VPN-1 SecureClient NGX R60 HFA1
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"FastStone Capture" = FastStone Capture 5.3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Licking Dog Screen Clean Screensaver" = Licking Dog Screen Clean Screensaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"The Panorama Factory" = Panorama Factory
"T-Online-Toolbar-2_is1" = T-Online Toolbar 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3107811599-90543219-2328601434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.11.2009 07:45:52 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x02bb0fc1.
 
Error - 05.11.2009 10:57:45 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x02b50f6e.
 
Error - 05.11.2009 10:57:49 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x02900fc6.
 
Error - 17.11.2009 06:04:18 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul wmp.dll, Version 9.0.0.4507, Fehleradresse 0x00149744.
 
Error - 17.11.2009 06:04:21 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 1431047872.
 
Error - 17.11.2009 11:17:00 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.11.2009 10:01:52 | Computer Name = COMPUTER2 | Source = ESENT | ID = 490
Description = svchost (1468) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 01.12.2009 06:00:26 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ent.exe, Version 10.0.0.2003, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 04.12.2009 05:40:16 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ent.exe, Version 10.0.0.2003, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 09.12.2009 08:19:49 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x02bb0fc1.
 
[ System Events ]
Error - 28.09.2010 06:56:29 | Computer Name = COMPUTER2 | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 1086 seconds ago, assumin-->
 
Error - 28.09.2010 06:56:29 | Computer Name = COMPUTER2 | Source = FW1 | ID = 1
Description = FW1: -->g clock change.
 
Error - 30.09.2010 10:05:03 | Computer Name = COMPUTER2 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 30.09.2010 10:05:18 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   agp440  amdagp  sisagp  viaagp
 
Error - 30.09.2010 10:06:38 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
 3. Parameter a71aa6b8, 4. Parameter 00000000.
 
Error - 30.09.2010 10:07:07 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
 3. Parameter a79966b8, 4. Parameter 00000000.
 
Error - 30.09.2010 10:07:24 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
 3. Parameter a72f36b8, 4. Parameter 00000000.
 
Error - 30.09.2010 10:07:29 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
 3. Parameter a7a556b8, 4. Parameter 00000000.
 
Error - 30.09.2010 10:07:57 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
 3. Parameter a7f8e6b8, 4. Parameter 00000000.
 
Error - 30.09.2010 10:07:58 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
 3. Parameter a831f6b8, 4. Parameter 00000000.
 
 
< End of report >

--- --- ---

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3107811599-90543219-2328601434-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\scc.exe" = C:\Programme\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\scc.exe" = C:\Programme\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\IncrediMail\bin\ImApp.exe" = C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{089B1349-BA53-43B1-A2C9-DBF9A7F8FD30}" = MOTORRAD Tourenplaner 2008/2009
"{0A88ADDA-E297-4AB8-9540-016230895F62}" = MSN Toolbar
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{661F85B9-FB7F-4884-BFCB-09C71930BA8F}" = ArcSoft MediaImpression for Kodak
"{6BBDFBC5-44DC-49D1-B55E-88542A244BE6}" = iET Client
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F796D0-8F6C-45F8-86D6-085F7A36787B}" = Zusatzmodul GPS-Tourenplaner MTP09
"{8556B16D-AD7A-42A7-8A75-F7C532371031}" = Nero 7 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FCF2FC0-8268-11D4-A313-0006290D766E}" = Check Point VPN-1 SecureClient NGX R60 HFA1
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"FastStone Capture" = FastStone Capture 5.3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Licking Dog Screen Clean Screensaver" = Licking Dog Screen Clean Screensaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"The Panorama Factory" = Panorama Factory
"T-Online-Toolbar-2_is1" = T-Online Toolbar 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zattoo4" = Zattoo4 4.0.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3107811599-90543219-2328601434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05.11.2009 07:45:52 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02bb0fc1.

Error - 05.11.2009 10:57:45 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02b50f6e.

Error - 05.11.2009 10:57:49 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02900fc6.

Error - 17.11.2009 06:04:18 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, fehlgeschlagenes
Modul wmp.dll, Version 9.0.0.4507, Fehleradresse 0x00149744.

Error - 17.11.2009 06:04:21 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 1431047872.

Error - 17.11.2009 11:17:00 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 29.11.2009 10:01:52 | Computer Name = COMPUTER2 | Source = ESENT | ID = 490
Description = svchost (1468) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 01.12.2009 06:00:26 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ent.exe, Version 10.0.0.2003, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 04.12.2009 05:40:16 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ent.exe, Version 10.0.0.2003, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 09.12.2009 08:19:49 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02bb0fc1.

[ System Events ]
Error - 28.09.2010 06:56:29 | Computer Name = COMPUTER2 | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 1086 seconds ago, assumin-->

Error - 28.09.2010 06:56:29 | Computer Name = COMPUTER2 | Source = FW1 | ID = 1
Description = FW1: -->g clock change.

Error - 30.09.2010 10:05:03 | Computer Name = COMPUTER2 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.

Error - 30.09.2010 10:05:18 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
agp440 amdagp sisagp viaagp

Error - 30.09.2010 10:06:38 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a71aa6b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:07 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a79966b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:24 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a72f36b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:29 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a7a556b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:57 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a7f8e6b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:58 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a831f6b8, 4. Parameter 00000000.

< End of report >

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3107811599-90543219-2328601434-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\scc.exe" = C:\Programme\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\scc.exe" = C:\Programme\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\IncrediMail\bin\ImApp.exe" = C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{089B1349-BA53-43B1-A2C9-DBF9A7F8FD30}" = MOTORRAD Tourenplaner 2008/2009
"{0A88ADDA-E297-4AB8-9540-016230895F62}" = MSN Toolbar
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{661F85B9-FB7F-4884-BFCB-09C71930BA8F}" = ArcSoft MediaImpression for Kodak
"{6BBDFBC5-44DC-49D1-B55E-88542A244BE6}" = iET Client
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F796D0-8F6C-45F8-86D6-085F7A36787B}" = Zusatzmodul GPS-Tourenplaner MTP09
"{8556B16D-AD7A-42A7-8A75-F7C532371031}" = Nero 7 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FCF2FC0-8268-11D4-A313-0006290D766E}" = Check Point VPN-1 SecureClient NGX R60 HFA1
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"FastStone Capture" = FastStone Capture 5.3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Licking Dog Screen Clean Screensaver" = Licking Dog Screen Clean Screensaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"The Panorama Factory" = Panorama Factory
"T-Online-Toolbar-2_is1" = T-Online Toolbar 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zattoo4" = Zattoo4 4.0.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3107811599-90543219-2328601434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05.11.2009 07:45:52 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02bb0fc1.

Error - 05.11.2009 10:57:45 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02b50f6e.

Error - 05.11.2009 10:57:49 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02900fc6.

Error - 17.11.2009 06:04:18 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, fehlgeschlagenes
Modul wmp.dll, Version 9.0.0.4507, Fehleradresse 0x00149744.

Error - 17.11.2009 06:04:21 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 1431047872.

Error - 17.11.2009 11:17:00 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 29.11.2009 10:01:52 | Computer Name = COMPUTER2 | Source = ESENT | ID = 490
Description = svchost (1468) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 01.12.2009 06:00:26 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ent.exe, Version 10.0.0.2003, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 04.12.2009 05:40:16 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ent.exe, Version 10.0.0.2003, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 09.12.2009 08:19:49 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02bb0fc1.

[ System Events ]
Error - 28.09.2010 06:56:29 | Computer Name = COMPUTER2 | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 1086 seconds ago, assumin-->

Error - 28.09.2010 06:56:29 | Computer Name = COMPUTER2 | Source = FW1 | ID = 1
Description = FW1: -->g clock change.

Error - 30.09.2010 10:05:03 | Computer Name = COMPUTER2 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.

Error - 30.09.2010 10:05:18 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
agp440 amdagp sisagp viaagp

Error - 30.09.2010 10:06:38 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a71aa6b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:07 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a79966b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:24 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a72f36b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:29 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a7a556b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:57 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a7f8e6b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:58 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a831f6b8, 4. Parameter 00000000.

< End of report >

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3107811599-90543219-2328601434-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\scc.exe" = C:\Programme\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\scc.exe" = C:\Programme\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Programme\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\IncrediMail\bin\ImApp.exe" = C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{089B1349-BA53-43B1-A2C9-DBF9A7F8FD30}" = MOTORRAD Tourenplaner 2008/2009
"{0A88ADDA-E297-4AB8-9540-016230895F62}" = MSN Toolbar
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{661F85B9-FB7F-4884-BFCB-09C71930BA8F}" = ArcSoft MediaImpression for Kodak
"{6BBDFBC5-44DC-49D1-B55E-88542A244BE6}" = iET Client
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F796D0-8F6C-45F8-86D6-085F7A36787B}" = Zusatzmodul GPS-Tourenplaner MTP09
"{8556B16D-AD7A-42A7-8A75-F7C532371031}" = Nero 7 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FCF2FC0-8268-11D4-A313-0006290D766E}" = Check Point VPN-1 SecureClient NGX R60 HFA1
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"FastStone Capture" = FastStone Capture 5.3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Licking Dog Screen Clean Screensaver" = Licking Dog Screen Clean Screensaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"The Panorama Factory" = Panorama Factory
"T-Online-Toolbar-2_is1" = T-Online Toolbar 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zattoo4" = Zattoo4 4.0.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3107811599-90543219-2328601434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05.11.2009 07:45:52 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02bb0fc1.

Error - 05.11.2009 10:57:45 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02b50f6e.

Error - 05.11.2009 10:57:49 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02900fc6.

Error - 17.11.2009 06:04:18 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, fehlgeschlagenes
Modul wmp.dll, Version 9.0.0.4507, Fehleradresse 0x00149744.

Error - 17.11.2009 06:04:21 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 1431047872.

Error - 17.11.2009 11:17:00 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 29.11.2009 10:01:52 | Computer Name = COMPUTER2 | Source = ESENT | ID = 490
Description = svchost (1468) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 01.12.2009 06:00:26 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ent.exe, Version 10.0.0.2003, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 04.12.2009 05:40:16 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ent.exe, Version 10.0.0.2003, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 09.12.2009 08:19:49 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02bb0fc1.

[ System Events ]
Error - 28.09.2010 06:56:29 | Computer Name = COMPUTER2 | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 1086 seconds ago, assumin-->

Error - 28.09.2010 06:56:29 | Computer Name = COMPUTER2 | Source = FW1 | ID = 1
Description = FW1: -->g clock change.

Error - 30.09.2010 10:05:03 | Computer Name = COMPUTER2 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.

Error - 30.09.2010 10:05:18 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
agp440 amdagp sisagp viaagp

Error - 30.09.2010 10:06:38 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a71aa6b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:07 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a79966b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:24 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a72f36b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:29 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a7a556b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:57 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a7f8e6b8, 4. Parameter 00000000.

Error - 30.09.2010 10:07:58 | Computer Name = COMPUTER2 | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 00000000,
3. Parameter a831f6b8, 4. Parameter 00000000.

< End of report >

Chris4You · 30.09.2010, 15:25

Hi,

Fileuplod:
File-Upload.net - Ihr kostenloser File Hoster!, hochladen und den Link (mit Löschlink) als "PrivateMail" an mich...

Pack die Dateien vorher ... mit 7zip oder izarc...
IZArc Free Download

chris

HeikeLina · 30.09.2010, 15:28

ohje, was hab ich jetzt hier veranstaltet....hat es jetzt doch immer wieder hochgeladen obwohl ich eine fehlermeldung bekommen habe oder ist es nicht das was du benötigst???

tut mir leid das es nicht so klappt!!!

Chris4You · 30.09.2010, 15:34

Hi,

es ist n-mal die extras, bitte wie vorgeschlagen vorgehen, dateien packen und senden (siehe vorangegangen post)...

chris

HeikeLina · 30.09.2010, 15:53

www.file-upload.net/download-2855810/ZIP.zip.html

sagst du mir bitte ob alles drin ist und es geklappt hat?

DANKE!

Chris4You · 30.09.2010, 16:22

Hi,

fast, fast...
Bitte "use save list" und "minimal output"...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris

HeikeLina · 30.09.2010, 16:30

hoffe es ist jetzt alles da....und richtig.

hxxp://www.file-upload.net/download-2855903/ARCHIV2.zip.html

HeikeLina · 30.09.2010, 16:32

ich bin kurz mal weg schau aber heute abend auf jedenfall nochmal rein...

und chris, danke für deine mühe und geduld!

HeikeLina · 30.09.2010, 17:48

hi chris,

waren bzw. sind die dateien jetzt die richtigen???

wär schön, wenn du mir kurz bescheid gibst, nachdem du sie mal anschauen konntest.....

grüsse
heike

Chris4You · 30.09.2010, 21:34

Hi,

Du hast ziemlich viel am Laufen... Threadfire, Avast, Avira, Spyboot etc....
Du solltest Spyboot und einen der scanner (Avast oder Avira) deinstallieren!

First of all, woher hast Du ad-aware-Installation, die ist im ersten OTL-Log "hängen" geblieben, im zweiten läuft AdAware, ohne das aber OTL die Files lokalisieren kann...
Ist der Fehler bzw. der Trojaner bei oder nach der Installation von AdAware aufgetaucht...
Lass die Datei wenn Sie wieder auftaucht nicht beseitigen sondern online prüfen (c:\windows\system32\pngxf1ax.dll)..

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen!
(nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\WINDOWS\System32\igfxCoIn_v4847.dll
C:\WINDOWS\System32\pngxf1ax.dll

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O33 - MountPoints2\{55b028b0-5a29-11dd-b12e-0019993590d6}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{55b028b0-5a29-11dd-b12e-0019993590d6}\Shell\configure\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{55b028b0-5a29-11dd-b12e-0019993590d6}\Shell\install\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{688f5433-26b6-11df-b297-545543445207}\Shell\AutoRun\command - "" = G:\MI.exe -- File not found
[2010.09.30 15:02:57 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~0
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys File not found

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = dword:0x00

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Sonst ist erst mal nichts zu finden....

chris

TR/Agent2.cwhg in windows/system32/pngxf1ax.dll

Log-Analyse und Auswertung: TR/Agent2.cwhg in windows/system32/pngxf1ax.dll