Virus Computersperre eingefangen

freak666 · 01.08.2012, 19:22

Ich habe mir den Virus eingefangen der wegen angeblicher Raubkopien meinen PC gesperrt hat.
Habe nach der Anleitung hier bereits mit Malwarebytes gescannt, ohne Fund.

Habe jetzt noch einen weiteren Scan mit ESET gemacht und dabei wurden zwei Viren gefunden, hier die LOG Datei:

Code:

ATTFilter

# antistealth_checked=true
# utc_time=2012-08-01 05:15:46
# local_time=2012-08-01 07:15:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 10638238 10638238 0 0
# compatibility_mode=5893 16776573 100 94 76426 95472156 0 0
# compatibility_mode=8192 67108863 100 0 121 121 0 0
# scanned=8579
# found=0
# cleaned=0
# scan_time=381
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=818de44503d4134083d7e81e9f6bad9a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-01 06:06:49
# local_time=2012-08-01 08:06:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 10638734 10638734 0 0
# compatibility_mode=5893 16776573 100 94 76922 95472652 0 0
# compatibility_mode=8192 67108863 100 0 617 617 0 0
# scanned=99799
# found=2
# cleaned=0
# scan_time=2947
C:\Users\alex\AppData\Local\Temp\OYGxlSX.exe	Win32/LockScreen.ALJ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\734dcc0a-5acceb18	Java/Exploit.CVE-2012-0507.DI trojan (unable to clean)	00000000000000000000000000000000	I

wie soll ich weiter verfahren ?

t'john · 02.08.2012, 05:20

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Wähle Scanne Alle Benuzer

Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe

Unter Extra Registrierung, wähle bitte Benutze SafeList

Klicke nun auf Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread.

freak666 · 02.08.2012, 07:36

hier die LOG File

Code:

ATTFilter

OTL logfile created on: 02.08.2012 08:24:09 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\alex\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 57,17% Memory free
3,75 Gb Paging File | 2,55 Gb Available in Paging File | 68,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,33 Gb Total Space | 16,51 Gb Free Space | 43,06% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 280,28 Gb Free Space | 94,03% Space Free | Partition Type: NTFS
Drive F: | 14,95 Gb Total Space | 8,12 Gb Free Space | 54,32% Space Free | Partition Type: FAT32
 
Computer Name: ALEX-PC | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\alex\Desktop\OTL(2).exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\alex\AppData\Local\Apps\2.0\QGLWZ525.0NG\0KNX6YNZ.QP7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\bf659f9bb758ac14ed7a37bdfe965849\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Users\alex\AppData\Local\Apps\2.0\QGLWZ525.0NG\0KNX6YNZ.QP7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 2C E6 81 46 0F CD 01  [binary data]
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={C6C349C4-7E8A-477D-8410-1C650888B4FC}&mid=2dcbf475ba0647d0a4cdd15680222982-15d34239aa709f075857778244950cebf8cdd91d&lang=de&ds=od011&pr=sa&d=2012-04-11 19:30:38&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "BS Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 08:34:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.17 07:56:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.25 17:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 08:34:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.17 07:56:13 | 000,000,000 | ---D | M]
 
[2012.03.31 16:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Extensions
[2012.07.17 08:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\nnmi76dk.default\extensions
[2012.05.14 21:41:17 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\nnmi76dk.default\extensions\fb_add_on@avm.de
[2012.05.22 11:24:06 | 000,000,921 | ---- | M] () -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\nnmi76dk.default\searchplugins\conduit.xml
[2012.04.27 07:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.18 08:34:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.11 19:30:32 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1782905466-269194785-2140451480-1001..\Run: [AVMUSBFernanschluss] C:\Users\alex\AppData\Local\Apps\2.0\QGLWZ525.0NG\0KNX6YNZ.QP7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-1782905466-269194785-2140451480-1001..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OYGxlSX.exe.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F588668D-742D-4606-A512-9550DBE12A6B}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.02 08:22:27 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL(2).exe
[2012.08.02 07:51:53 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe.part
[2012.08.02 07:09:11 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{E16F60F3-303C-4C7E-9A70-480AA1590161}
[2012.08.02 06:47:21 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{5290A5D0-42E8-417C-AF24-E83321CCD443}
[2012.08.02 06:39:32 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{D1503DDB-B8AD-4920-9250-820298787214}
[2012.08.02 06:38:27 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{B5C85420-1088-43DB-A1D3-299B92EDDB4A}
[2012.08.02 06:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.08.02 06:31:19 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{E4BC12C4-D380-44B4-99D6-715D9E403ADD}
[2012.08.02 06:28:28 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{8C558348-9344-4576-9DCD-8C5A07B9E80D}
[2012.08.02 06:25:27 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{F83761C9-CAFE-43F3-B773-A27E7A82BB29}
[2012.08.01 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.01 18:45:21 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{CB5B22E6-0275-46D0-9686-BF38CCFCE7FF}
[2012.08.01 18:44:59 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{FDD825CB-4124-4F3F-AF7A-41259B3B6525}
[2012.08.01 18:40:11 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{2DED4C47-7128-415C-971A-FBB7B979E128}
[2012.08.01 18:39:54 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{474F24D5-71EB-4BA4-BC06-5AC3CB06C667}
[2012.08.01 08:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.01 08:22:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.01 08:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.01 06:20:15 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{60D4720C-9C96-45E3-8792-2C4448934B62}
[2012.08.01 06:20:04 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{14FC75E8-29FA-4C0C-B2DB-791AB19C532E}
[2012.08.01 06:16:57 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.08.01 06:11:44 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Windows Live
[2012.07.31 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Malwarebytes
[2012.07.31 16:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.31 06:15:37 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{48C298BB-A75E-419A-B768-2D557C479CF0}
[2012.07.31 06:15:24 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{4EA05772-F50C-495E-A954-AE31D92F8A57}
[2012.07.24 06:14:08 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{EAB1BFD9-E0E0-4A7D-A29B-CFB966DC4430}
[2012.07.24 06:13:57 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{EF0FC873-3153-4B04-9421-818A8B2CFB54}
[2012.07.21 12:57:17 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\elsterformular
[2012.07.21 12:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.07.21 12:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.07.21 12:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2012.07.20 06:49:20 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{CFF546D0-E436-49F9-BAA2-BF2C03300956}
[2012.07.20 06:49:10 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{C82F9580-BC47-4E33-89F4-85E76C53F937}
[2012.07.19 06:29:49 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{FFF3620E-2A5B-4E5C-BFC2-886C7664CE86}
[2012.07.19 06:29:35 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{9BEE1855-8958-4E45-89C9-7B1BD7C9DE81}
[2012.07.18 06:15:56 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{058F491E-4B27-482D-9C96-1375A334A588}
[2012.07.18 06:15:44 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{14DA7CB3-7416-4A3E-A479-997D67ECEA2F}
[2012.07.17 07:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.07.17 07:51:32 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Conduit
[2012.07.17 07:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012.07.17 07:45:38 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Real
[2012.07.17 07:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012.07.17 07:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\MasterSplitter
[2012.07.13 18:39:27 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Adobe
[2012.07.13 06:28:42 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{63BD2676-4476-4257-8202-A29725A44C39}
[2012.07.13 06:28:30 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{269D28C5-930B-425A-BB79-0535791BED97}
[2012.07.12 06:27:45 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Google
[2012.07.12 06:15:20 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{F526BADF-5CE0-4A1D-B4C0-48C8075CA1BC}
[2012.07.12 06:14:56 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\{94348980-A42F-4BD1-89FE-90C27EED6DE0}
[2012.07.11 18:38:04 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Macromedia
[2012.07.11 18:36:06 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Deployment
[2012.07.11 18:33:21 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\VirtualStore
[2012.07.11 09:37:18 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Thunderbird
[2012.07.11 09:35:58 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 08:27:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.02 08:22:30 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL(2).exe
[2012.08.02 07:52:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe.part
[2012.08.02 07:44:41 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 07:44:41 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 07:36:34 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.02 07:36:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 07:36:17 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.02 07:31:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.01 21:52:56 | 000,000,957 | ---- | M] () -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OYGxlSX.exe.lnk
[2012.08.01 08:22:47 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.01 06:12:12 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.01 06:12:12 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.01 06:12:12 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.01 06:12:12 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.31 16:23:36 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.07.27 06:31:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.27 06:31:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.21 12:56:36 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.07.17 07:51:46 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.08.02 06:57:16 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.08.01 08:22:47 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.01 07:57:10 | 000,000,957 | ---- | C] () -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OYGxlSX.exe.lnk
[2012.07.31 07:52:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.21 12:56:36 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.07.17 07:51:45 | 000,000,009 | ---- | C] () -- C:\END
[2012.04.02 18:25:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.03.31 20:06:36 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.03.31 20:05:52 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.31 20:05:52 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.03.31 19:55:29 | 000,001,014 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.03.31 19:55:29 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.03.31 19:55:29 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2012.03.31 17:32:36 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2012.03.31 17:32:33 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2012.03.31 17:32:33 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.03.31 17:30:12 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.03.31 14:18:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.31 14:18:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== LOP Check ==========
 
[2012.03.31 19:59:06 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\AVM
[2012.04.13 07:46:46 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\BSplayer Pro
[2012.07.21 12:57:21 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\elsterformular
[2012.06.07 11:51:02 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\MyPhoneExplorer
[2012.04.11 19:20:15 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\OpenCandy
[2012.04.04 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\OpenOffice.org
[2012.04.01 11:28:24 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\PC-FAX TX
[2012.04.11 19:20:21 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\pdfforge
[2012.03.31 16:32:06 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Thunderbird
[2012.08.02 07:40:01 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\XnView
[2012.06.19 06:02:00 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

und die zweite

Code:

ATTFilter

OTL Extras logfile created on: 02.08.2012 08:24:09 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\alex\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 57,17% Memory free
3,75 Gb Paging File | 2,55 Gb Available in Paging File | 68,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,33 Gb Total Space | 16,51 Gb Free Space | 43,06% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 280,28 Gb Free Space | 94,03% Space Free | Partition Type: NTFS
Drive F: | 14,95 Gb Total Space | 8,12 Gb Free Space | 54,32% Space Free | Partition Type: FAT32
 
Computer Name: ALEX-PC | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1782905466-269194785-2140451480-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0190A8C5-8DC7-426D-B9C7-E957D5FE184A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{05003D33-8145-4DC6-8955-D333F4B0D535}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0900B159-20F0-47CA-8145-D89D0CE45F0B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{09B90DE3-8C3E-4569-B04A-6E071EAE30F0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0F2C028D-0F9A-4FD4-8AC4-FA94B5F4E9F4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{1214817C-80C8-4E3F-BA47-4BD2DA219C48}" = rport=137 | protocol=17 | dir=out | app=system | 
"{24121E60-7A1A-4BBC-A2C0-B9A0288D116E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3569B127-FA6C-4CD5-BD0B-02301FA69D30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3833A07D-4E6C-4928-A578-E0B25264E99F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6B7E421A-B3A7-463C-ADFF-CF5A899D28AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{84C630B5-FF36-4235-A019-C148575645E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8AF84717-AEC3-4605-ACD3-6799A849D274}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C6F8A26-789E-45C1-B092-668D5C0289AD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8DA6EEF1-A5FD-4DBD-AB04-CA5148D125E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{97403165-C729-49F6-BEE1-A1940A11C41A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{99515A60-C4E1-442C-BD4C-5841390005F1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9EA4F10F-5DC3-43A6-AB5F-0ECD74CE069C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A6572DE1-2079-4F54-8420-E398BF533727}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A90AD2F0-E7BE-4494-857F-037A6E07364C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C72271F3-6A91-455F-BA49-900D9E1EF672}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D7370CD7-F9C6-4238-BF23-AA33CD350EE6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D945A5A6-2B95-4A0F-898A-925743385006}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E22201AF-7F5E-4A75-9CC7-96D76F2F01B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ECBFC93C-B58E-49D4-917C-1CCBB45EDA3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEC2EFA7-8C00-4271-849A-07F06614E609}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C389B8D-6D81-48C7-904F-819E18BA009A}" = protocol=6 | dir=out | app=system | 
"{19D0F163-BFE9-4612-9F62-0185A76682C4}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\apps\2.0\qglwz525.0ng\0knx6ynz.qp7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{24505011-47E4-4AAB-B60B-D72DB92250FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{289B5757-4B46-4B5A-81C2-E7E68597C9E3}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\apps\2.0\qglwz525.0ng\0knx6ynz.qp7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{30ACAA91-96C4-461B-B1B0-AFB0031DE534}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{53D8AAF6-57F5-42A5-B6C6-CAEC5CF21B94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54BB4579-E07A-4ED0-AC2C-5B9F35922B86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{76F66672-2320-4B39-827C-3D4B591D6FF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{77708068-8E58-445B-936B-F288AC938A8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7C62690C-BC9F-444B-B922-136F3709F70F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{7DBE62A5-C7BB-4DE6-BE8E-1B4EF35A972F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{82265E77-9A1E-4F24-8239-54ECA2FFBA93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FB9347B-E63D-4AF5-9FC4-960C59061B3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A6FCC321-FE0E-4084-A091-D479617AF328}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2E4357B-E39E-45EA-A7BE-1A9A6DB12B23}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C1556E5F-3F72-4D30-A86E-74CF76216781}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C358135C-FA6A-4992-BFAB-3DA2DB03771E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F61216E8-0537-4504-9B1F-2738275103DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F78B02AC-0608-4AD9-8E3B-8228710E4E6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{19A520B4-5E5F-4A9B-89F4-C032B3EDE94B}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{3853A6D8-CC4B-4554-B257-D70339358E71}C:\users\alex\appdata\local\apps\2.0\qglwz525.0ng\0knx6ynz.qp7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\apps\2.0\qglwz525.0ng\0knx6ynz.qp7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"UDP Query User{44F91E64-B931-40DA-8989-97F846E4AEFE}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{77DDF897-DDDF-4739-BAEB-A6D63AB73CB3}C:\users\alex\appdata\local\apps\2.0\qglwz525.0ng\0knx6ynz.qp7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\apps\2.0\qglwz525.0ng\0knx6ynz.qp7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5CA86DBC-3F01-09AF-C67C-99557DB3E1F5}" = ATI Catalyst Install Manager
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BSPlayerf" = BS.Player FREE
"CDex" = CDex - Open Source Digital Audio CD Extractor
"ElsterFormular" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.98.8
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1782905466-269194785-2140451480-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.07.2012 10:21:00 | Computer Name = alex-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
 nicht initialisiert werden.  Details: Could not query the status of the EventSystem
 service.  System Error: Der Computer wird heruntergefahren.  .
 
Error - 31.07.2012 10:40:51 | Computer Name = alex-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 31.07.2012 10:56:56 | Computer Name = alex-PC | Source = VSS | ID = 8194
Description = 
 
Error - 01.08.2012 00:14:17 | Computer Name = alex-PC | Source = VSS | ID = 8194
Description = 
 
Error - 01.08.2012 02:24:13 | Computer Name = alex-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 01.08.2012 15:50:56 | Computer Name = alex-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
 nicht initialisiert werden.  Details: Could not query the status of the EventSystem
 service.  System Error: Der Computer wird heruntergefahren.  .
 
Error - 02.08.2012 00:35:09 | Computer Name = alex-PC | Source = VSS | ID = 8194
Description = 
 
Error - 02.08.2012 00:56:03 | Computer Name = alex-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren
 werden.
 
Error - 02.08.2012 00:59:29 | Computer Name = alex-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wlmail.exe, Version: 15.4.3555.308,
 Zeitstempel: 0x4f59707e  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e2111c0  Ausnahmecode: 0xc06d007e  Fehleroffset: 0x0000d36f  ID des fehlerhaften
 Prozesses: 0x1384  Startzeit der fehlerhaften Anwendung: 0x01cd706b9879e3f1  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Live\Mail\wlmail.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: d68827e9-dc5e-11e1-ba4d-001fc6c6c071
 
Error - 02.08.2012 01:00:04 | Computer Name = alex-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wlmail.exe, Version: 15.4.3555.308,
 Zeitstempel: 0x4f59707e  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e2111c0  Ausnahmecode: 0xc06d007e  Fehleroffset: 0x0000d36f  ID des fehlerhaften
 Prozesses: 0x146c  Startzeit der fehlerhaften Anwendung: 0x01cd706bad850243  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Live\Mail\wlmail.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: eb8d79c4-dc5e-11e1-ba4d-001fc6c6c071
 
Error - 02.08.2012 01:30:33 | Computer Name = alex-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren
 werden.
 
Error - 02.08.2012 01:34:49 | Computer Name = alex-PC | Source = Windows Search Service | ID = 1019
Description = 
 
[ System Events ]
Error - 01.08.2012 15:55:49 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.08.2012 15:55:49 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.08.2012 15:55:49 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.08.2012 15:55:51 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.08.2012 15:56:01 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.08.2012 15:56:01 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.08.2012 15:56:01 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.08.2012 15:57:25 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.08.2012 15:57:25 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.08.2012 15:57:25 | Computer Name = alex-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

t'john · 02.08.2012, 12:46

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found 
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} 
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C6C349C4-7E8A-477D-8410-1C650888B4FC}&mid=2dcbf475ba0647d0a4cdd15680222982-15d34239aa709f075857778244950cebf8cdd91d&lang=de&ds=od011&pr=sa&d=2012-04-11 19:30:38&v=10.2.0.3&sap=dsp&q={searchTerms} 
IE - HKU\S-1-5-21-1782905466-269194785-2140451480-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" 
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.selectedEngine: "BS Player Customized Web Search" 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/ig?hl=de" 
FF - user.js - File not found 
O4 - HKU\S-1-5-21-1782905466-269194785-2140451480-1001..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - Startup: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OYGxlSX.exe.lnk = File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 

[2012.08.01 21:52:56 | 000,000,957 | ---- | M] () -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OYGxlSX.exe.lnk 
[2012.07.31 16:23:36 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad 
[2012.05.22 11:24:06 | 000,000,921 | ---- | M] () -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\nnmi76dk.default\searchplugins\conduit.xml 
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml 
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml 
[2012.04.11 19:30:32 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml 
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml 
[2012.07.17 07:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit 
[2012.07.17 07:51:32 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Conduit 
[2012.07.17 07:51:46 | 000,000,009 | ---- | M] () -- C:\END 
[2012.08.02 08:27:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.02 07:36:34 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 

[2012.08.02 07:31:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

freak666 · 02.08.2012, 18:13

hab ich so gemacht, hier die LOG

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1782905466-269194785-2140451480-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
HKEY_USERS\S-1-5-21-1782905466-269194785-2140451480-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1782905466-269194785-2140451480-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1782905466-269194785-2140451480-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
HKU\S-1-5-21-1782905466-269194785-2140451480-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "BS Player Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "BS Player Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.google.de/ig?hl=de" removed from browser.startup.homepage
Registry value HKEY_USERS\S-1-5-21-1782905466-269194785-2140451480-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OYGxlSX.exe.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OYGxlSX.exe.lnk not found.
C:\ProgramData\ras_0oed.pad moved successfully.
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\nnmi76dk.default\searchplugins\conduit.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Users\alex\AppData\Local\Conduit folder moved successfully.
C:\END moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\alex\Desktop\cmd.bat deleted successfully.
C:\Users\alex\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: alex
->Temp folder emptied: 30101268 bytes
->Temporary Internet Files folder emptied: 103187133 bytes
->Java cache emptied: 13062009 bytes
->FireFox cache emptied: 91034562 bytes
->Google Chrome cache emptied: 6576483 bytes
->Flash cache emptied: 506 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 201539503 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 425,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: alex
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08022012_190613

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2009.07.14 03:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) C:\Windows\System32\mctadmin.exe : MD5=BBA1A5B86134F496B926DDAF247DB871

Registry entries deleted on Reboot...

t'john · 03.08.2012, 13:57

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

t'john · 24.08.2012, 23:23

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Virus Computersperre eingefangen

Log-Analyse und Auswertung: Virus Computersperre eingefangen