Ich habe dasselbe Problem:

Zitat:

Hallo,

Ich habe seit gestern Abend einen Virus auf meinem Computer, der Desktop komplett schwarz gemacht, alle Ordner die auf dem Desktop waren versteckt oder entfernt hat und die auch die Dateien der Schnellstartleiste versteckt hat.
Wenn ich meinen Rechner starte kommt unzählige male diese Fehlermeldung

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\00004509. The file is corrupted or unreadable. This may be caused by a PC hardware problem.

Die Zahl hinter "\\System32\\" variiert bei den Fehlermeldungen immer.

Ordner lassen sich nicht oder nur langsam öffnen und dann werden sie meistens als Leer angezeigt.

bitte um Hilfe.

Hier die Logs:

OTL logfile created on: 12.11.2011 20:03:37 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lucas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 41,18% Memory free
8,00 Gb Paging File | 5,29 Gb Available in Paging File | 66,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 328,08 Gb Free Space | 70,46% Space Free | Partition Type: NTFS
Drive D: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: LUCAS-PC | User Name: Lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lucas\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\9SrQQbeTkFJrsC.exe ()
PRC - C:\ProgramData\LEnXuYtOREFxPor.exe ()
PRC - C:\Program Files (x86)\Heroes of Newerth\hon.exe (S2 Games)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\9SrQQbeTkFJrsC.exe ()
MOD - C:\ProgramData\LEnXuYtOREFxPor.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files (x86)\Heroes of Newerth\k2.dll ()
MOD - c:\Program Files (x86)\Heroes of Newerth\vid_d3d9.dll ()
MOD - c:\Program Files (x86)\Heroes of Newerth\game\game_shared.dll ()
MOD - c:\Program Files (x86)\Heroes of Newerth\game\cgame.dll ()
MOD - C:\Program Files (x86)\Heroes of Newerth\StmOCX.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Heroes of Newerth\zlibwapi.dll ()
MOD - C:\Program Files (x86)\Heroes of Newerth\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (lxec_device) -- C:\Windows\SysNative\lxeccoms.exe ( )
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe (SiSoftware)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Electronics Inc)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=38b68776000000000000001fc6fbd0d0&tlver=1.4.19.19&affID=17160
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=38b68776000000000000001fc6fbd0d0&tlver=1.4.19.19&affID=17160
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 32 F6 27 64 5D CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {05b075bb-d9bc-3c8e-c25c-a69264dc18ab}:4.6.7.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: ich@maltegoetz.de:1.2.4
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=38b68776000000000000001fc6fbd0d0&tlver=1.4.19.19&instlRef=sst&affID=17160&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.12 17:02:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.12 17:02:35 | 000,000,000 | ---D | M]

[2010.09.26 11:45:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\Extensions
[2011.11.12 19:45:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\7hau3zol.default\extensions
[2011.11.12 17:02:19 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\7hau3zol.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.12 17:02:19 | 000,000,000 | -H-D | M] (Easy YouTube Video Downloader) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\7hau3zol.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011.11.12 17:02:19 | 000,000,000 | -H-D | M] (ProxTube) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\7hau3zol.default\extensions\ich@maltegoetz.de
[2010.06.08 10:29:10 | 000,000,927 | -H-- | M] () -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\7hau3zol.default\searchplugins\conduit.xml
[2011.09.14 20:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.19 10:30:35 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\mozilla firefox\extensions\{05b075bb-d9bc-3c8e-c25c-a69264dc18ab}
[2011.10.20 18:36:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.14 20:17:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.07.31 17:04:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.31 17:04:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.05 00:22:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.14 16:53:28 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.03.05 00:22:51 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.05 00:22:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.05 00:22:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.05 00:22:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [LEnXuYtOREFxPor.exe] C:\ProgramData\LEnXuYtOREFxPor.exe ()
O4 - HKCU..\Run: [rJkidNSDHNQGC.exe] C:\ProgramData\rJkidNSDHNQGC.exe (Recover Inc)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lucas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lucas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2132E2A-03AB-4FF9-A28D-7E3DFF01BA1A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE7D07EE-1BA4-46B1-836A-6B5AD7225F67}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.25 05:16:57 | 000,000,046 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5a1acbf4-e99b-11df-a006-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5a1acbf4-e99b-11df-a006-806e6f6e6963}\Shell\AutoRun\command - "" = J:\launcher.exe
O33 - MountPoints2\{64dd2237-c94e-11df-93c5-002522386863}\Shell - "" = AutoRun
O33 - MountPoints2\{64dd2237-c94e-11df-93c5-002522386863}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{64dd223c-c94e-11df-93c5-002522386863}\Shell - "" = AutoRun
O33 - MountPoints2\{64dd223c-c94e-11df-93c5-002522386863}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{9db6c8c1-c94b-11df-af81-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9db6c8c1-c94b-11df-af81-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2010.05.25 05:16:57 | 002,505,256 | ---- | M] ()
O33 - MountPoints2\{c2ac3440-3866-11e0-9563-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c2ac3440-3866-11e0-9563-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Borderlands-u-GOTY_sr_efgis.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.12 16:18:11 | 000,000,000 | -H-D | C] -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.11.12 15:50:17 | 000,494,592 | -HS- | C] (Recover Inc) -- C:\ProgramData\rJkidNSDHNQGC.exe
[2011.10.30 12:10:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.10.30 12:08:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.10.27 16:26:17 | 000,000,000 | -H-D | C] -- C:\Users\Lucas\Desktop\z8fr
[2011.10.20 18:36:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.12 19:16:57 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.12 19:16:57 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.12 19:06:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.12 19:06:32 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.12 16:26:09 | 000,000,440 | -H-- | M] () -- C:\ProgramData\9SrQQbeTkFJrsC
[2011.11.12 16:25:17 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~9SrQQbeTkFJrsC
[2011.11.12 16:25:17 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~9SrQQbeTkFJrsCr
[2011.11.12 16:18:11 | 000,000,657 | -H-- | M] () -- C:\Users\Lucas\Desktop\System Restore.lnk
[2011.11.12 16:18:03 | 000,338,704 | -H-- | M] () -- C:\ProgramData\9SrQQbeTkFJrsC.exe
[2011.11.12 15:48:16 | 000,425,744 | -HS- | M] () -- C:\ProgramData\LEnXuYtOREFxPor.exe
[2011.11.12 15:46:38 | 000,494,592 | -HS- | M] (Recover Inc) -- C:\ProgramData\rJkidNSDHNQGC.exe
[2011.11.11 15:44:13 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.11 15:44:13 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.11 15:44:13 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.11 15:44:13 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.11 15:44:13 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.10 15:28:38 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.30 12:23:36 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011.10.30 12:23:36 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011.10.25 15:16:46 | 000,001,558 | -H-- | M] () -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.10.23 19:04:19 | 000,183,823 | -H-- | M] () -- C:\Users\Lucas\Desktop\Klimastatisik.jpg
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.12 16:18:11 | 000,000,657 | -H-- | C] () -- C:\Users\Lucas\Desktop\System Restore.lnk
[2011.11.12 16:18:11 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~9SrQQbeTkFJrsC
[2011.11.12 16:18:11 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~9SrQQbeTkFJrsCr
[2011.11.12 16:18:07 | 000,000,440 | -H-- | C] () -- C:\ProgramData\9SrQQbeTkFJrsC
[2011.11.12 16:18:03 | 000,338,704 | -H-- | C] () -- C:\ProgramData\9SrQQbeTkFJrsC.exe
[2011.11.12 15:48:16 | 000,425,744 | -HS- | C] () -- C:\ProgramData\LEnXuYtOREFxPor.exe
[2011.10.23 19:04:18 | 000,183,823 | -H-- | C] () -- C:\Users\Lucas\Desktop\Klimastatisik.jpg
[2011.09.15 18:42:46 | 000,003,584 | -H-- | C] () -- C:\Users\Lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.14 16:53:43 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.06.03 10:20:37 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.03 15:22:09 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.12.27 12:52:21 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010.10.09 16:31:27 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.10.04 17:41:58 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2010.10.04 17:38:29 | 013,803,520 | -H-- | C] () -- C:\ProgramData\sandra.mda
[2010.10.01 22:29:58 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.09.29 14:48:36 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.09.26 13:03:46 | 000,000,191 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2010.09.26 12:59:44 | 000,000,362 | R--- | C] () -- C:\Windows\cm106.ini
[2010.09.26 12:59:17 | 000,001,304 | R--- | C] () -- C:\Windows\Cm106.ini.cfg
[2010.09.26 12:13:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.26 10:27:30 | 000,007,602 | -H-- | C] () -- C:\Users\Lucas\AppData\Local\Resmon.ResmonCfg
[2010.09.26 10:07:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.06.07 12:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll
[2009.04.28 06:56:30 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\lxecsmr.dll
[2009.02.20 07:48:04 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\lxecsm.dll

< End of report >










OTL Extras logfile created on: 12.11.2011 20:03:37 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lucas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 41,18% Memory free
8,00 Gb Paging File | 5,29 Gb Available in Paging File | 66,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 328,08 Gb Free Space | 70,46% Space Free | Partition Type: NTFS
Drive D: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: LUCAS-PC | User Name: Lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{19BDBFE9-0B6A-37F2-80F6-48AFD1EA582D}" = ATI AVIVO64 Codecs
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{38145F6E-041F-69AE-59B4-37CA06F33D67}" = ccc-utility64
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B85D868D-1415-FDA5-8DB9-D4D457080885}" = ATI Catalyst Install Manager
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP3
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{1E863F44-2D2D-4BD7-B25B-EDA9FF622267}" = Radiotracker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3AC02D87-274C-BAE6-ACFA-B64B714A0083}" = Catalyst Control Center Core Implementation
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42CA2096-C607-7F71-5550-F19BCD9A4100}" = Catalyst Control Center InstallProxy
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{605DDD7B-1521-423B-A654-E9A963573D82}" = Catalyst Control Center Graphics Light
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F1891DD-CEFE-4349-CFB3-172ED6C94A18}" = ccc-core-static
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75CFBC87-1B8A-2DA8-4575-F50BD61E9368}" = Catalyst Control Center Graphics Previews Vista
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B937101-FD85-4CA9-9176-ADA6492314AF}" = ArcSoft WebCam Companion 3
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C49AB5C-A457-DEF0-0436-AADEB2062296}" = Catalyst Control Center Graphics Previews Common
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C54AE051-35E6-A421-164B-FDF2C3A8EE4E}" = Catalyst Control Center Graphics Full Existing
"{CA5290FD-1C71-D40D-E0B9-D44FF41007FA}" = Catalyst Control Center HydraVision Full
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3CF1241-B6B9-C0F1-8D69-96A01360A07A}" = Catalyst Control Center Graphics Full New
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD7851B2-C277-204C-C414-797649FBFCAA}" = CCC Help English
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4F4CB1F-5319-EECB-F758-A651DAF87D02}" = Catalyst Control Center Localization All
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"bc4f0872" = Contextual Tool Yourprofitclub
"FoxTab PDF Converter" = FoxTab PDF Converter
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"GameSpy Arcade" = GameSpy Arcade
"Generic USB 106 Sound" = SL-8795 Headset
"hon" = Heroes of Newerth
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 63200" = Monday Night Combat
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07.11.2011 11:27:22 | Computer Name = Lucas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07.11.2011 11:27:22 | Computer Name = Lucas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1969

Error - 07.11.2011 11:27:22 | Computer Name = Lucas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1969

Error - 08.11.2011 11:01:43 | Computer Name = Lucas-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 10.11.2011 10:58:21 | Computer Name = Lucas-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 10.11.2011 14:33:38 | Computer Name = Lucas-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Die Aktion kann nicht abgeschlossen werden. Versuchen
Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error - 11.11.2011 09:19:44 | Computer Name = Lucas-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 12.11.2011 09:57:31 | Computer Name = Lucas-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 12.11.2011 11:49:00 | Computer Name = Lucas-PC | Source = System Restore | ID = 8210
Description =

Error - 12.11.2011 12:04:18 | Computer Name = Lucas-PC | Source = System Restore | ID = 8210
Description =

[ Media Center Events ]
Error - 17.12.2010 09:07:32 | Computer Name = Lucas-PC | Source = MCUpdate | ID = 0
Description = 14:07:28 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)

Error - 17.12.2010 10:08:35 | Computer Name = Lucas-PC | Source = MCUpdate | ID = 0
Description = 15:08:32 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)

Error - 18.12.2010 04:26:30 | Computer Name = Lucas-PC | Source = MCUpdate | ID = 0
Description = 09:26:24 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)

Error - 19.12.2010 05:11:33 | Computer Name = Lucas-PC | Source = MCUpdate | ID = 0
Description = 10:11:33 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)

Error - 24.12.2010 05:58:49 | Computer Name = Lucas-PC | Source = MCUpdate | ID = 0
Description = 10:58:45 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)

Error - 28.01.2011 05:08:43 | Computer Name = Lucas-PC | Source = MCUpdate | ID = 0
Description = 10:08:43 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)

Error - 28.01.2011 05:09:32 | Computer Name = Lucas-PC | Source = MCUpdate | ID = 0
Description = 10:09:27 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)

Error - 03.09.2011 05:42:21 | Computer Name = Lucas-PC | Source = MCUpdate | ID = 0
Description = 11:42:21 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)

Error - 15.09.2011 02:38:19 | Computer Name = Lucas-PC | Source = MCUpdate | ID = 0
Description = 08:38:17 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)

Error - 26.09.2011 01:54:14 | Computer Name = Lucas-PC | Source = MCUpdate | ID = 0
Description = 07:54:12 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)

[ System Events ]
Error - 12.11.2011 10:52:52 | Computer Name = Lucas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) PROSet/Wireless Event Log erreicht.

Error - 12.11.2011 10:52:52 | Computer Name = Lucas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) PROSet/Wireless Event Log" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 12.11.2011 11:05:48 | Computer Name = Lucas-PC | Source = bowser | ID = 8003
Description =

Error - 12.11.2011 11:17:48 | Computer Name = Lucas-PC | Source = bowser | ID = 8003
Description =

Error - 12.11.2011 11:26:04 | Computer Name = Lucas-PC | Source = bowser | ID = 8003
Description =

Error - 12.11.2011 11:41:48 | Computer Name = Lucas-PC | Source = bowser | ID = 8003
Description =

Error - 12.11.2011 11:53:47 | Computer Name = Lucas-PC | Source = bowser | ID = 8003
Description =

Error - 12.11.2011 11:53:55 | Computer Name = Lucas-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7 für
x64-basierte Systeme

Error - 12.11.2011 12:05:47 | Computer Name = Lucas-PC | Source = bowser | ID = 8003
Description =

Error - 12.11.2011 13:14:19 | Computer Name = Lucas-PC | Source = bowser | ID = 8003
Description =


< End of report >

hiho

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
PRC - C:\ProgramData\LEnXuYtOREFxPor.exe ()
O4 - HKCU..\Run: [rJkidNSDHNQGC.exe] C:\ProgramData\rJkidNSDHNQGC.exe (Recover Inc)
O4 - HKCU..\Run: [LEnXuYtOREFxPor.exe] C:\ProgramData\LEnXuYtOREFxPor.exe ()
[2011.11.12 16:18:11 | 000,000,000 | -H-D | C] -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.11.12 15:50:17 | 000,494,592 | -HS- | C] (Recover Inc) -- C:\ProgramData\rJkidNSDHNQGC.exe
[2011.11.12 16:26:09 | 000,000,440 | -H-- | M] () -- C:\ProgramData\9SrQQbeTkFJrsC
[2011.11.12 16:25:17 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~9SrQQbeTkFJrsC
[2011.11.12 16:25:17 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~9SrQQbeTkFJrsCr
[2011.11.12 16:18:11 | 000,000,657 | -H-- | M] () -- C:\Users\Lucas\Desktop\System Restore.lnk
[2011.11.12 16:18:03 | 000,338,704 | -H-- | M] () -- C:\ProgramData\9SrQQbeTkFJrsC.exe
[2011.11.12 15:48:16 | 000,425,744 | -HS- | M] () -- C:\ProgramData\LEnXuYtOREFxPor.exe
[2011.11.12 15:48:16 | 000,425,744 | -HS- | M] () -- C:\ProgramData\LEnXuYtOREFxPor.exe
[2011.11.12 15:46:38 | 000,494,592 | -HS- | M] (Recover Inc) -- C:\ProgramData\rJkidNSDHNQGC.exe
:Files
C:\ProgramData\rJkidNSDHNQGC.exe
C:\ProgramData\LEnXuYtOREFxPor.exe
:Commands
[Reboot]
         

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


lade unhide:
http://www.trojaner-board.de/54791-a...ner-board.html

Wo soll sich das Textdokument befinden?

mach einfach weiter, wenn du den ordner moved files im upload channel hochgeladen hast finde ich dass dann schon da drinn :-)

Und welche "verdächtige Datei" muss ich nun hochladen?

du sollst den ganzen ordner packen und hochladen, so wie es da steht.

danke für den upload.
hast du unhide bereits genutzt?

Ja hab ich.. laut dem programm war es auch erfolgreich

ok.
dann gehts weiter.
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

• Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
  Tool
  
  Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  
• Hinweis:
  Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  
• Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Ic habe combofix wie in der anleitung ausgeführt. Jetzt wird die txt Datei angezeigt, aber ich kann kann weder programme noch internet-browser öffnen. Die Fehlermeldung:


C:/PROGRAM(x86)/Internet Explorer/iexplore.exe

Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen der zum Löschen markiert wurde.

Mir ist im nachhinein aufgefallen das ich vergessen hab den windows defender auszuschalten. Soll ich die txt datei schließen, defedenr ausschalten und combofix nochmal starten?

ne, starte mal den pc neu, dann sollte es wieder gehen.
dann in c:\qoobox die combofix.txt suchen und hier reinstellen.

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-11-13.01 - Lucas 13.11.2011  14:35:47.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2688 [GMT 1:00]
ausgeführt von:: c:\users\Lucas\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\xmlB2F5.tmp
c:\programdata\xmlB42E.tmp
c:\programdata\xmlB4EB.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-13 bis 2011-11-13  ))))))))))))))))))))))))))))))
.
.
2011-11-13 13:40 . 2011-11-13 13:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-13 12:40 . 2011-11-13 12:50	--------	d-----w-	C:\_OTL
2011-11-11 12:21 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{42DB2786-66ED-4EDC-8F42-25039DB8081F}\mpengine.dll
2011-11-09 13:03 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 13:03 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 13:03 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:03 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-10-30 11:10 . 2011-10-30 11:10	--------	d-----w-	c:\windows\system32\SPReview
2011-10-30 11:08 . 2011-10-30 11:08	--------	d-----w-	c:\windows\system32\EventProviders
2011-10-26 13:20 . 2011-08-13 05:27	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-26 13:20 . 2011-08-13 04:18	6144	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 11:23 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-10-30 11:23 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-10-10 19:54 . 2010-12-11 14:29	1092400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-01 03:25 . 2011-10-12 18:38	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 18:38	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-09-26 13:25 . 2011-09-03 10:44	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-09-26 13:24 . 2011-09-03 10:43	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-09-15 13:29 . 2010-12-11 14:40	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-09-15 13:29 . 2010-12-11 14:29	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-28 18:32 . 2010-12-23 10:26	1166144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-08-27 05:37 . 2011-10-12 18:34	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 18:34	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 18:34	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-12 18:34	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-08-23 16:51 . 2011-08-23 16:51	235	----a-w-	c:\windows\SysWow64\nxEuUninstall.bat
2011-08-23 16:51 . 2011-08-23 16:51	446464	----a-w-	c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-08-20 05:37 . 2011-10-12 18:38	1188864	----a-w-	c:\windows\system32\wininet.dll
2011-08-20 04:31 . 2011-10-12 18:38	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2011-08-17 05:26 . 2011-10-12 18:34	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-08-17 05:25 . 2011-10-12 18:34	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-08-17 04:24 . 2011-10-12 18:34	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19 . 2011-10-12 18:34	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2010-10-20 3207072]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-11 136360]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02	114688	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2008-12-19 7700480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=38b68776000000000000001fc6fbd0d0&tlver=1.4.19.19&affID=17160
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Lucas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\7hau3zol.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic-de3 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=38b68776000000000000001fc6fbd0d0&tlver=1.4.19.19&instlRef=sst&affID=17160&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: z: {05b075bb-d9bc-3c8e-c25c-a69264dc18ab} - c:\program files (x86)\Mozilla Firefox\extensions\{05b075bb-d9bc-3c8e-c25c-a69264dc18ab}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: ProxTube: ich@maltegoetz.de - %profile%\extensions\ich@maltegoetz.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-VIAAUD - c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-bc4f0872 - c:\windows\system32\bc4f0872.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4187949527-1098897499-2300503558-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,19,03,38,e8,95,85,f0,af,0f,6a,5b,73,5e,db,f1,c3,46,7c,97,f6,
   e5,50,c6,35,bc,af,b5,4b,f3,1c,60,89,74,8d,66,3e,3e,da,15,55,95,f6,96,f8,1e,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-13  14:46:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-13 13:46
.
Vor Suchlauf: 11 Verzeichnis(se), 352.308.428.800 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 355.944.333.312 Bytes frei
.
- - End Of File - - FE918CDA8958A473B7A208FB1BCBF361
         

--- --- ---







2011-11-13 13:46:12 . 2011-11-13 13:46:12 572 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-bc4f0872.reg.dat
2011-11-13 13:46:12 . 2011-11-13 13:46:12 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
2011-11-13 13:46:05 . 2011-11-13 13:46:05 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-VIAAUD.reg.dat
2011-11-13 13:46:05 . 2011-11-13 16:29:20 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC}.reg.dat
2011-11-13 13:38:30 . 2011-11-13 16:22:55 11,718 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-11-13 13:37:43 . 2010-11-02 18:26:54 1,031 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:24 174 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\4\desktop.ini
2011-11-13 13:37:43 . 2010-10-11 11:26:40 1,138 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Tom Clancy's Splinter Cell Double Agent\Readme.lnk
2011-11-13 13:37:43 . 2010-10-11 11:26:41 2,426 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Tom Clancy's Splinter Cell Double Agent\Splinter Cell Double Agent registrieren.lnk
2011-11-13 13:37:43 . 2010-10-11 11:26:41 2,492 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Tom Clancy's Splinter Cell Double Agent\Splinter Cell Double Agent Updater.lnk
2011-11-13 13:37:43 . 2010-10-11 11:26:40 2,132 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Tom Clancy's Splinter Cell Double Agent\Tom Clancy's Splinter Cell Double Agent starten.lnk
2011-11-13 13:37:43 . 2011-02-14 16:35:45 1,656 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Warcraft III\Warcraft III Deinstallation.lnk
2011-11-13 13:37:43 . 2011-02-14 16:35:45 2,194 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Warcraft III\Warcraft III Liesmich.lnk
2011-11-13 13:37:43 . 2011-02-14 16:35:45 1,971 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Warcraft III\Warcraft III Welt-Editor.lnk
2011-11-13 13:37:43 . 2011-02-14 16:35:45 1,971 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Warcraft III\Warcraft III.lnk
2011-11-13 13:37:43 . 2010-09-26 11:01:10 1,959 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
2011-11-13 13:37:43 . 2010-09-26 11:02:17 2,242 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
2011-11-13 13:37:43 . 2010-11-02 18:26:54 1,012 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk
2011-11-13 13:37:43 . 2010-11-02 18:26:54 1,031 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\WinRAR\Hilfe zu WinRAR.lnk
2011-11-13 13:37:43 . 2010-11-17 14:27:37 935 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Steam\Steam.lnk
2011-11-13 13:37:43 . 2011-06-26 12:09:37 886 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Travian-Babysitter\Desinstalar.lnk
2011-11-13 13:37:43 . 2011-06-26 12:09:37 1,174 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Travian-Babysitter\Foro Travian-Babysitter.lnk
2011-11-13 13:37:43 . 2011-06-26 12:09:37 1,149 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Travian-Babysitter\Travian-Babysitter.lnk
2011-11-13 13:37:43 . 2011-06-26 12:09:37 1,169 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Travian-Babysitter\Web Travian-Babysitter.lnk
2011-11-13 13:37:43 . 2010-10-11 11:26:40 1,391 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Tom Clancy's Splinter Cell Double Agent\Deinstallieren Splinter Cell Double Agent.lnk
2011-11-13 13:37:43 . 2010-10-11 11:26:40 2,090 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Tom Clancy's Splinter Cell Double Agent\Handbuch.lnk
2011-11-13 13:37:43 . 2010-10-11 11:26:40 2,260 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Tom Clancy's Splinter Cell Double Agent\Hardware-Erkennung.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 789 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Internet-Links\Produkttests und Benchmarks mit Sandra;.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 805 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Internet-Links\SiSoftware im Internet.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 775 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Internet-Links\SiSoftware Preisvergleich.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 779 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Internet-Links\Statistiken und Bewertungen.lnk
2011-11-13 13:37:43 . 2011-08-22 13:27:31 2,533 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Skype\Skype.lnk
2011-11-13 13:37:43 . 2011-06-04 16:38:15 1,307 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\StarCraft II\Battle.net-Accountverwaltung.lnk
2011-11-13 13:37:43 . 2011-06-04 16:38:15 1,302 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\StarCraft II\Blizzard Tech-Support.lnk
2011-11-13 13:37:43 . 2011-06-04 16:38:15 1,498 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\StarCraft II\StarCraft II - Deinstallieren.lnk
2011-11-13 13:37:43 . 2011-06-04 16:38:15 1,247 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\StarCraft II\StarCraft II - Handbuch.lnk
2011-11-13 13:37:43 . 2011-06-04 16:38:15 1,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\StarCraft II\StarCraft II - Karten-Editor.lnk
2011-11-13 13:37:43 . 2011-06-04 16:38:15 1,301 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\StarCraft II\StarCraft II - Reparieren.lnk
2011-11-13 13:37:43 . 2011-06-04 16:38:15 1,121 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\StarCraft II\StarCraft II.lnk
2011-11-13 13:37:43 . 2010-09-26 09:20:03 2,048 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Startup\Adobe Reader Speed Launch.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:24 174 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
2011-11-13 13:37:43 . 2010-11-17 14:27:33 2,573 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Steam\Steam Support Center.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,174 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Beispielskripte\Analyse-Skript.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,154 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Beispielskripte\Burn-in Skript.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,164 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Beispielskripte\Skript zur Berichtserzeugung.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,169 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Beispielskripte\Skript zur Umgebungsueberwachung.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,164 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Berichtsbeispiele\Bericht im HTML-Format.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,164 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Berichtsbeispiele\Bericht im MIF-Format.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,164 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Berichtsbeispiele\Bericht im RPT-Format.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,164 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Berichtsbeispiele\Bericht im Text-Format.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,164 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Berichtsbeispiele\Bericht im XML-Format.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,164 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Datenbank-Schemata\Access Schema.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,159 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Datenbank-Schemata\mySQL Schema.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,164 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Datenbank-Schemata\Oracle Schema.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,184 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Datenbank-Schemata\SQL Server-Schema.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 779 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Internet-Links\ Bestellen Sie die Vollversion, um weitere Features freizuschalten.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 795 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Internet-Links\Bestellen Sie die Vollversion für gewerbliche Nutzung, um weitere Features freizuschalten.lnk
2011-11-13 13:37:43 . 2010-12-19 14:11:08 617 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Riot Games\League of Legends\League of Legends spielen .lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,956 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Deinstalliere Sandra.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,025 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\Dokumentation.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,192 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\SiSoftware\SiSoftware Sandra Lite 2010.SP3.lnk
2011-11-13 13:37:43 . 2010-09-26 18:17:49 2,441 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
2011-11-13 13:37:43 . 2010-12-27 11:40:13 1,822 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Radiotracker 6\Radiotracker deinstallieren.lnk
2011-11-13 13:37:43 . 2010-12-27 11:40:13 136 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Radiotracker 6\Radiotracker im Internet.url
2011-11-13 13:37:43 . 2010-12-27 11:40:13 1,183 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Radiotracker 6\Radiotracker.lnk
2011-11-13 13:37:43 . 2010-12-27 11:40:13 1,516 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Radiotracker 6\Hilfe und Support\Treiber-Installation reparieren (benötigt evtl. Neustart).lnk
2011-11-13 13:37:43 . 2010-09-26 18:17:49 2,441 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime - Bitte lesen.lnk
2011-11-13 13:37:43 . 2010-09-26 18:17:49 1,816 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime deinstallieren.lnk
2011-11-13 13:37:43 . 2011-09-14 19:18:40 1,142 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org.lnk
2011-11-13 13:37:43 . 2010-09-26 18:17:49 2,471 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
2011-11-13 13:37:43 . 2011-09-14 19:18:40 1,154 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Writer.lnk
2011-11-13 13:37:43 . 2011-09-14 19:18:40 1,116 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Draw.lnk
2011-11-13 13:37:43 . 2011-09-14 19:18:40 1,160 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Impress.lnk
2011-11-13 13:37:43 . 2011-09-14 19:18:40 1,054 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Math.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:09 1,212 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
2011-11-13 13:37:43 . 2011-05-06 16:22:07 1,245 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games for Windows Marketplace\Games for Windows Marketplace.lnk
2011-11-13 13:37:43 . 2011-06-03 09:21:40 2,447 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Home and Student (Deutsch)\Microsoft Excel 2010.lnk
2011-11-13 13:37:43 . 2011-06-03 09:21:41 2,451 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Home and Student (Deutsch)\Microsoft OneNote 2010.lnk
2011-11-13 13:37:43 . 2011-06-03 09:21:42 2,457 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Home and Student (Deutsch)\Microsoft PowerPoint 2010.lnk
2011-11-13 13:37:43 . 2011-06-03 09:21:43 2,445 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Home and Student (Deutsch)\Microsoft Word 2010.lnk
2011-11-13 13:37:43 . 2011-06-03 09:21:40 2,487 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Home and Student (Deutsch)\Microsoft Office 2010-Tools\Digitales Zertifikat für VBA-Projekte.lnk
2011-11-13 13:37:43 . 2011-06-03 09:21:40 2,461 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Home and Student (Deutsch)\Microsoft Office 2010-Tools\Microsoft Clip Organizer.lnk
2011-11-13 13:37:43 . 2011-06-03 09:21:43 2,483 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Home and Student (Deutsch)\Microsoft Office 2010-Tools\Microsoft Office 2010 Upload Center.lnk
2011-11-13 13:37:43 . 2011-06-03 09:21:41 2,495 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Home and Student (Deutsch)\Microsoft Office 2010-Tools\Microsoft Office 2010-Spracheinstellungen.lnk
2011-11-13 13:37:43 . 2011-06-03 09:21:40 2,477 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Home and Student (Deutsch)\Microsoft Office 2010-Tools\Microsoft Office Picture Manager.lnk
2011-11-13 13:37:43 . 2010-09-26 10:44:52 1,983 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox (Abgesicherter Modus).lnk
2011-11-13 13:37:43 . 2010-09-26 10:44:52 1,961 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox.lnk
2011-11-13 13:37:43 . 2011-09-14 19:18:56 36 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\Desktop.ini
2011-11-13 13:37:43 . 2011-09-14 19:18:40 1,080 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Base.lnk
2011-11-13 13:37:43 . 2011-09-14 19:18:40 1,118 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Calc.lnk
2011-11-13 13:37:43 . 2011-06-04 11:44:16 570 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\StarCraft II Wings of Liberty™ Demo.lnk
2011-11-13 13:37:43 . 2011-06-04 16:38:14 692 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\StarCraft II Wings of Liberty™.lnk
2011-11-13 13:37:43 . 2010-10-09 14:56:48 1,018 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\GameSpy Arcade\GameSpy Arcade.lnk
2011-11-13 13:37:43 . 2010-10-09 14:56:48 1,025 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\GameSpy Arcade\Uninstall GameSpy Arcade.lnk
2011-11-13 13:37:43 . 2011-02-18 19:34:24 1,947 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Heroes of Newerth\Heroes of Newerth.lnk
2011-11-13 13:37:43 . 2011-02-18 19:34:24 1,981 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Heroes of Newerth\Map Editor.lnk
2011-11-13 13:37:43 . 2011-02-18 19:34:24 1,730 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Heroes of Newerth\Uninstall.lnk
2011-11-13 13:37:43 . 2010-09-26 10:05:37 2,480 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Intel PROSet Wireless\Ereignisanzeige für WiFi.lnk
2011-11-13 13:37:43 . 2010-09-26 10:05:37 2,450 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Intel PROSet Wireless\Erweiterte Statistik für WiFi.lnk
2011-11-13 13:37:43 . 2010-09-26 10:05:37 2,522 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Intel PROSet Wireless\Manuelles Diagnose-Tool für WiFi.lnk
2011-11-13 13:37:43 . 2010-09-26 18:20:00 2,447 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
2011-11-13 13:37:43 . 2010-09-26 18:20:00 2,105 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\iTunes\Über iTunes.lnk
2011-11-13 13:37:43 . 2011-08-12 16:49:15 944 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk
2011-11-13 13:37:43 . 2011-08-12 16:49:15 1,656 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\LogMeIn Hamachi\Uninstall.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:07 1,304 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:07 1,248 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:09 606 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
2011-11-13 13:37:43 . 2010-09-26 12:00:02 1,049 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\FRITZ!WLAN\FRITZ!WLAN Hilfe Stick N.lnk
2011-11-13 13:37:43 . 2010-09-26 12:00:02 1,039 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\FRITZ!WLAN\FRITZ!WLAN Hilfe.lnk
2011-11-13 13:37:43 . 2010-09-26 12:00:01 1,017 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\FRITZ!WLAN\FRITZ!WLAN Readme.lnk
2011-11-13 13:37:43 . 2010-09-26 12:00:01 1,028 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\FRITZ!WLAN\FRITZ!WLAN.lnk
2011-11-13 13:37:43 . 2011-03-14 16:08:35 1,210 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\BioShock 2.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:28 352 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:28 1,128 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Desktop.ini
2011-11-13 13:37:43 . 2009-07-14 04:55:00 364 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:59 258 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
2011-11-13 13:37:43 . 2011-03-14 17:30:02 236 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Games for Windows Marketplace.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:12 356 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:28 474 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:27 470 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:28 466 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:28 360 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:12 376 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:12 370 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Microsoft.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:12 378 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
2011-11-13 13:37:43 . 2009-07-14 04:55:01 368 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:12 392 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
2011-11-13 13:37:43 . 2010-11-06 12:39:45 246 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Games\Star Wars™ The Force Unleashed™ II.lnk
2011-11-13 13:37:43 . 2010-10-10 10:52:23 2,216 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Battlefield 2 Special Forces spielen.lnk
2011-11-13 13:37:43 . 2010-10-10 10:52:23 120 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Battlefield 2-Website aufrufen.url
2011-11-13 13:37:43 . 2010-10-10 10:52:23 2,238 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\BF2 SF jetzt online spielen!.lnk
2011-11-13 13:37:43 . 2010-10-10 10:55:22 2,170 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\BF2-Standalone-Server starten.lnk
2011-11-13 13:37:43 . 2010-10-10 10:52:47 1,896 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Dieses Produkt registrieren.lnk
2011-11-13 13:37:43 . 2010-10-10 10:55:22 2,557 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Electronic Arts Product Support.lnk
2011-11-13 13:37:43 . 2010-10-10 10:52:23 986 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\README-Datei lesen.lnk
2011-11-13 13:37:43 . 2011-09-16 21:34:17 1,261 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Free Studio Manager.lnk
2011-11-13 13:37:43 . 2011-09-16 21:34:17 1,351 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Rocket Subscription.lnk
2011-11-13 13:37:43 . 2011-09-16 21:34:18 1,221 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Uninstall.lnk
2011-11-13 13:37:43 . 2011-09-16 21:34:17 1,323 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Programs\Free Audio CD Burner.lnk
2011-11-13 13:37:43 . 2011-09-16 21:34:17 1,426 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk
2011-11-13 13:37:43 . 2010-10-09 14:55:38 2,201 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Battlefield 2 deinstallieren.lnk
2011-11-13 13:37:43 . 2010-10-09 14:52:44 239 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Battlefield 2 online mit GameSpy Arcade spielen.url
2011-11-13 13:37:43 . 2010-10-09 14:53:15 1,888 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Battlefield 2 spielen.lnk
2011-11-13 13:37:43 . 2010-10-09 14:55:38 120 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Battlefield 2-Website aufrufen.url
2011-11-13 13:37:43 . 2010-10-09 14:53:15 1,910 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\BF2 jetzt online spielen!.lnk
2011-11-13 13:37:43 . 2010-10-09 14:53:59 1,018 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\BF2-Standalone-Server starten.lnk
2011-11-13 13:37:43 . 2010-10-09 14:53:17 1,874 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Dieses Produkt registrieren.lnk
2011-11-13 13:37:43 . 2010-10-09 14:57:35 2,534 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\Electronic Arts Product Support.lnk
2011-11-13 13:37:43 . 2010-10-09 14:55:38 1,203 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2\README-Datei lesen.lnk
2011-11-13 13:37:43 . 2010-10-10 10:52:23 2,201 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Battlefield 2 Special Forces deinstallieren.lnk
2011-11-13 13:37:43 . 2010-10-10 10:52:23 237 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\Battlefield 2 Special Forces\Battlefield 2 Special Forces online mit GameSpy Arcade spielen.url
2011-11-13 13:37:43 . 2010-12-18 21:01:29 1,349 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\aTube Catcher\aTube Catcher Website.lnk
2011-11-13 13:37:43 . 2010-12-18 21:01:29 1,208 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\aTube Catcher\aTube Catcher.lnk
2011-11-13 13:37:43 . 2010-12-18 21:01:29 2,092 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\aTube Catcher\Reset settings.lnk
2011-11-13 13:37:43 . 2010-09-26 10:37:55 2,071 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\AntiVir Hilfe.lnk
2011-11-13 13:37:43 . 2010-09-26 10:37:55 2,087 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\AntiVir im Internet.lnk
2011-11-13 13:37:43 . 2010-09-26 10:37:55 2,094 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\AntiVir starten.lnk
2011-11-13 13:37:43 . 2010-09-26 10:37:55 1,204 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\Readme anzeigen.lnk
2011-11-13 13:37:43 . 2010-09-26 09:06:18 2,086 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Assistent.lnk
2011-11-13 13:37:43 . 2010-09-26 09:06:18 2,092 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Erweitert.lnk
2011-11-13 13:37:43 . 2010-09-26 09:06:18 2,080 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC.lnk
2011-11-13 13:37:43 . 2010-09-26 09:06:18 2,094 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\Hilfe.lnk
2011-11-13 13:37:43 . 2010-09-26 09:06:18 2,076 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\Neustart im laufenden Betrieb.lnk
2011-11-13 13:37:43 . 2010-09-27 13:50:18 2,284 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Driver Whiz\Driver Whiz.lnk
2011-11-13 13:37:43 . 2010-09-27 13:50:18 2,087 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Driver Whiz\Help.lnk
2011-11-13 13:37:43 . 2010-09-27 13:50:18 1,970 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Driver Whiz\Knowledgebase.lnk
2011-11-13 13:37:43 . 2010-09-27 13:50:18 1,884 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Driver Whiz\Uninstall Driver Whiz.lnk
2011-11-13 13:37:43 . 2011-09-16 21:34:18 1,241 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Fix components.lnk
2011-11-13 13:37:43 . 2010-10-02 11:22:18 2,026 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\ArcSoft WebCam Companion 3\Dienstprogramm starten.lnk
2011-11-13 13:37:43 . 2010-10-02 11:22:18 2,026 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\ArcSoft WebCam Companion 3\WebCam Companion 3.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:13 1,242 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:21 1,294 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
2011-11-13 13:37:43 . 2009-07-14 04:53:52 1,270 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:13 1,674 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
2011-11-13 13:37:43 . 2009-07-14 04:54:29 1,298 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:22 1,274 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
2011-11-13 13:37:43 . 2009-07-14 04:53:33 1,268 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
2011-11-13 13:37:43 . 2009-07-14 04:53:50 1,232 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:05 1,288 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
2011-11-13 13:37:43 . 2009-07-14 04:53:33 1,246 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:29 1,262 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
2011-11-13 13:37:43 . 2009-07-14 04:53:58 1,274 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
2011-11-13 13:37:43 . 2009-07-14 05:32:31 2,741 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
2011-11-13 13:37:43 . 2010-10-02 11:22:27 2,409 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\ArcSoft Connect\ArcSoft Connect starten.lnk
2011-11-13 13:37:43 . 2010-10-02 11:22:27 2,433 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\ArcSoft Connect\Meine ArcSoft-Infos ansehen.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:09 1,316 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:35 343 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
2011-11-13 13:37:43 . 2010-09-26 08:57:35 1,436 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:35 1,386 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:28 1,316 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:13 216 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
2011-11-13 13:37:43 . 2009-07-14 05:32:31 1,989 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:13 1,468 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:13 1,468 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
2011-11-13 13:37:43 . 2009-07-14 05:32:31 1,899 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
2011-11-13 13:37:43 . 2011-04-04 19:17:58 2,038 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk
2011-11-13 13:37:43 . 2011-04-04 19:17:58 2,038 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk
2011-11-13 13:37:43 . 2011-04-04 19:17:59 2,451 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Call of Duty(R) 4 - Modern Warfare(TM) deinstallieren.lnk
2011-11-13 13:37:43 . 2011-04-04 19:17:58 2,244 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Dokumentation\Call of Duty(R) 4 - Modern Warfare(TM)-Spielanleitung.lnk
2011-11-13 13:37:43 . 2011-04-04 19:17:59 2,415 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Dokumentation\Kundendienst.lnk
2011-11-13 13:37:43 . 2011-04-04 19:17:58 2,343 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Dokumentation\Readme.lnk
2011-11-13 13:37:43 . 2011-04-04 19:17:59 2,228 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Activision\Call of Duty(R) 4 - Modern Warfare(TM)\Dokumentation\Technische Hilfe.lnk
2011-11-13 13:37:43 . 2010-10-04 16:38:32 1,204 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\SiSoftware Sandra Lite 2010.SP3.lnk
2011-11-13 13:37:43 . 2009-07-14 04:55:00 1,248 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:09 1,338 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
2011-11-13 13:37:43 . 2009-07-14 04:54:25 1,290 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:58 1,252 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
2011-11-13 13:37:43 . 2009-07-14 04:53:50 1,242 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
2011-11-13 13:37:43 . 2009-07-14 04:53:33 1,250 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:57 1,246 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:29 1,268 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:09 1,320 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:27 1,238 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:32 1,242 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
2011-11-13 13:37:43 . 2009-07-14 04:53:55 1,367 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:28 1,272 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:08 1,330 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:33 1,351 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:58 1,254 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:09 1,579 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:58 1,322 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:07 370 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
2011-11-13 13:37:43 . 2009-07-14 04:57:07 1,388 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
2011-11-13 13:37:43 . 2011-04-04 19:39:24 816 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\7-Zip\7-Zip File Manager.lnk
2011-11-13 13:37:43 . 2011-04-04 19:39:24 821 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\7-Zip\7-Zip Help.lnk
2011-11-13 13:37:43 . 2009-07-14 04:55:00 1,230 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:33 1,726 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
2011-11-13 13:37:43 . 2009-07-14 04:54:23 1,266 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:29 1,364 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
2011-11-13 13:37:43 . 2009-07-14 05:01:14 1,282 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Default Programs.lnk
2011-11-13 13:37:43 . 2009-07-14 05:01:14 442 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\desktop.ini
2011-11-13 13:37:43 . 2009-07-14 04:49:40 1,266 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Windows Update.lnk
2011-11-13 13:37:43 . 2010-09-26 09:20:03 2,459 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 7.0.lnk
2011-11-13 13:37:43 . 2010-09-26 18:17:36 2,519 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:35 1,130 --sha-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
2011-11-13 13:37:43 . 2010-10-04 17:19:21 1,218 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\HD VDeck.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:33 1,345 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:08 1,330 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
2011-11-13 13:37:43 . 2011-01-28 12:56:28 1,852 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Vuze.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:09 1,352 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
2011-11-13 13:37:43 . 2010-09-26 08:57:35 1,326 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
2011-11-13 13:37:43 . 2009-07-14 04:54:59 1,210 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
2011-11-13 13:37:43 . 2011-03-14 17:29:52 1,338 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Windows Live ID.lnk
2011-11-13 13:37:43 . 2009-07-14 05:09:29 1,547 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
2011-11-13 13:37:43 . 2009-07-14 04:57:08 1,246 ----a-w- C:\Qoobox\Quarantine\C\Users\Lucas\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
2011-11-13 13:34:56 . 2011-11-13 16:17:47 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-10-04 16:42:01 . 2010-10-04 16:42:01 1,629 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\xmlB4EB.tmp.vir
2010-10-04 16:42:01 . 2010-10-04 16:42:01 13,571 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\xmlB42E.tmp.vir
2010-10-04 16:42:00 . 2010-10-04 16:42:01 5,898 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\xmlB2F5.tmp.vir
2007-11-07 07:03:18 . 2007-11-07 07:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir

sieht gut aus.
rechtsklick auf den desktop eigenschaften, such dir nen desktop bild aus.
malwarebytes:
Downloade Dir bitte Malwarebytes

• Installiere
  das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche
  nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet
  ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste
  das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8153

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

13.11.2011 19:21:44
mbam-log-2011-11-13 (19-21-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 388181
Laufzeit: 57 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\systemrestore\frstaging\Users\Lucas\downloads\pdfconvertersetup.exe (Adware.InstallCore) -> Quarantined and deleted successfully.
c:\system volume information\systemrestore\frstaging\Users\Public\Videos\backup_060917\Bernd\Download\liquidclockinst.exe (PUP.Perflogger) -> Quarantined and deleted successfully.
c:\Users\Lucas\downloads\pdfconvertersetup.exe (Adware.InstallCore) -> Quarantined and deleted successfully.
c:\Users\Public\Videos\backup_060917\Bernd\Download\liquidclockinst.exe (PUP.Perflogger) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11132011_134005\c_programdata\9srqqbetkfjrsc.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11132011_134005\c_programdata\lenxuytorefxpor.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11132011_134005\c_programdata\rjkidnsdhnqgc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

wie läuft das system?