Masterbootsektor Virus "BOO/Whistler"

Swisstreasure · 02.09.2011, 18:10

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir erneut Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

lapala · 02.09.2011, 18:24

Gmer läuft nicht:
Beim ersten Versuch bricht er mittendrin ab
Der 2.Versuch führt sofort nach Klick auf die .exe zu einem Bluescreen

Swisstreasure · 02.09.2011, 22:49

Hast Du das alte GMER gelöscht und neu geladen?

lapala · 02.09.2011, 22:51

Ja, hab ich
Aber ich gebe ihm grad noch einen Versuch - fehlgeschlagen
Und beim naechsten Versuch wieder Bluescreen

Swisstreasure · 02.09.2011, 23:01

Downloade Dir bitte RKUnhookerLE
und speichere die Datei auf deinem Desktop.

Entpacke die .rar Datei auf deinem Desktop. ( Rechtsklick --> hier entpacken )
Solltes du keine Zip Software auf deinem Rechner haben downloade dir bitte 7zip und installiere es.
Öffne den neuen Ordner und starte die RKU3.8.388.590.exe.
Wähle als Sprache English und installiere RKU im vorgegebenen Pfad.
Trenne Dich vom Internet ( Wlan nicht vergessen ), deaktiviere alle Hintergrundwächter. Besonders den deiner Anti Virensoftware.
Start --> Alle Programme und im Ordner Rootkit Unhooker LE die Datei RKU starten.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Klicke auf den Report Tab und danach auf Scan
Setze ein Häckchen bei
- Drivers
- Stealth Code
- Files
- Code Hooks
Entferne alle anderen Hacken
Wenn Du gefragt wirst welcher Bereich gescannt werden soll, gehe sicher das deine Systemplatte ( meistens C: ) angehackt ist.
Klicke OK
Wenn der Scan beendet wurde
File --> Save Report
klicken.
Speichere die Datei als RKU.txt auf dem Desktop.
Klicke Close

Hinweis: Solltest Du folgende Warnung bekommen

Zitat:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Klicke auf OK

lapala · 03.09.2011, 07:38

Code:

ATTFilter

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E809000 C:\Windows\system32\DRIVERS\atikmdag.sys 5861376 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82811000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82811000 PnpManager 3907584 bytes
0x82811000 RAW 3907584 bytes
0x82811000 WMIxWDM 3907584 bytes
0x8F40F000 C:\Windows\system32\drivers\RTKVHDA.sys 2138112 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x97490000 Win32k 2113536 bytes
0x97490000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0x8EEB8000 C:\Windows\system32\DRIVERS\athr.sys 1200128 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8A60C000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT-Dateisystemtreiber)
0x8A27F000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F6A8000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8A407000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80670000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Codeintegritätsmodul)
0x9E0D2000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8F80B000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9C807000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8EE0C000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8F003000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80750000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8A20E000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9C93E000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-Protokollstapel)
0x9E009000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x82EB5000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F995000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x82E0C000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0x9E070000 C:\Windows\system32\DRIVERS\atksgt.sys 274432 bytes
0x8062F000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8A54C000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8A50C000 C:\Windows\system32\DRIVERS\ahcix86s.sys 262144 bytes (AMD Technologies Inc., AMD Technology AHCI Compatible Controller Driver for Windows family)
0x8FCE7000 C:\Windows\System32\Drivers\dump_ahcix86s.sys 262144 bytes
0x8EDAA000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F66B000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8FC0E000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A3B5000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8FDB2000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A71C000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0x82FA0000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82BCB000 ACPI_HAL 208896 bytes
0x82BCB000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82F55000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Dateisystem-Filter-Manager)
0x8F7AB000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8F0BC000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8F0F7000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F619000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A38A000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8F1C0000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9C8F7000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8FCA8000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8A5A5000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8FC7F000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8A76C000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x82E63000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0x8F646000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8F153000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A7A4000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8FD72000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F8FF000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8FD93000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82F1F000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9C8C9000 C:\Windows\system32\DRIVERS\irda.sys 122880 bytes (Microsoft Corporation, IRDA Protocol Driver)
0x9C9AB000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A4F1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FD40000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA-Filtertreiber zur Dateivirtualisierung)
0x9C9C8000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8EFDD000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8A58D000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8FD5B000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0x8FC68000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8F131000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9E058000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F7DD000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS-Paketplaner)
0x8F952000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9C9E1000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8F199000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8F185000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8FC4A000 C:\Windows\system32\drivers\RTSTOR.SYS 81920 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
0x8F968000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8F094000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0x9C92B000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x82FE6000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9C8B7000 C:\Windows\system32\DRIVERS\ipfltdrv.sys 73728 bytes (Microsoft Corporation, IP FILTER DRIVER)
0x9E1B9000 C:\Windows\system32\DRIVERS\PSDVdisk.sys 73728 bytes (Egis Incorporated, Acer eDataSecurity Management PSD Virtual Disk Driver)
0x8A793000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x82FD5000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80616000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformspezifischer Hardwarefehlertreiber)
0x82F87000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8F985000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9C8E7000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82EFF000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8F1AE000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8FD31000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A75D000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82E8A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8A5CD000 C:\Windows\system32\DRIVERS\processr.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8F176000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8EDF1000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82EA6000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x976D0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F9EE000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F93B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82F47000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8FCD0000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F8BF000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modemgerätetreiber)
0x8A5E5000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x807CC000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9E1DC000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F8F3000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8EEAC000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8F0B1000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Tastaturklassentreiber)
0x8F0EC000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mausklassentreiber)
0x8F930000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8F148000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8F126000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A7ED000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82E9C000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8F0A7000 C:\Windows\system32\DRIVERS\DKbFltr.sys 40960 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0x8FCDD000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8FD27000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x82F3D000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8F1EA000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9C921000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8FC5E000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9E1CB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8EDA0000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8A7CD000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x9E1F0000 C:\Windows\system32\FsUsbExDisk.SYS 36864 bytes
0x8F8CC000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8F97C000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9E0B3000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82F97000 C:\Windows\system32\DRIVERS\psdfilter.sys 36864 bytes (Egis Incorporated, Acer eDataSecurity Management PSD Filter Driver)
0x9E1B0000 C:\Windows\system32\DRIVERS\PSDNServ.sys 36864 bytes (Egis Incorporated, Acer eDataSecurity Management PSD Named Pipe Driver)
0x8F949000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x976B0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A600000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8EDE8000 C:\Windows\system32\DRIVERS\usbfilter.sys 36864 bytes (Advanced Micro Devices Inc., AMD USB Filter Driver)
0x8A5DC000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x82E52000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8F9E5000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x82F17000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8A7C5000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
0x80627000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8F9DD000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0x82E5B000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8EFF5000 C:\Windows\system32\DRIVERS\NTIDrvr.sys 32768 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x8F920000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F928000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A755000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x82F0F000 C:\Windows\System32\Drivers\UBHelper.sys 32768 bytes (NewTech Infosystems Corporation, NTI CDROM Filter Driver)
0x9E1E8000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8F8DC000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F8EC000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x9E0C2000 C:\Windows\system32\drivers\int15.sys 28672 bytes (Acer, Inc., int15)
0x8060F000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F8D5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9E1D5000 C:\Windows\system32\Drivers\SSPORT.sys 28672 bytes (Samsung Electronics, 32bit Port Contention Driver)
0x8EE00000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8F800000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x9E0C9000 C:\Windows\system32\DRIVERS\lirsgt.sys 20480 bytes
0x8F090000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9E0CE000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x82E99000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8FCA6000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0x8F1BE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8EE06000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x87AE008A unknown_irp_handler 3958 bytes
0x87AE0098 unknown_irp_handler 3944 bytes
0x87AFFA0A unknown_irp_handler 1526 bytes
!!!!!!!!!!!Hidden driver:  0x87AEDB18 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0x03DD0000 Hidden Image-->eSettings.Model.Computer.dll [ EPROCESS 0x88092D90 ] PID: 472, 151552 bytes
0x03C10000 Hidden Image-->log4net.dll [ EPROCESS 0x88092D90 ] PID: 472, 282624 bytes
0x009C0000 Hidden Image-->Framework.Model.ControllerInterface.dll [ EPROCESS 0x88092D90 ] PID: 472, 28672 bytes
0x00A40000 Hidden Image-->Framework.PluginInterface.dll [ EPROCESS 0x88092D90 ] PID: 472, 28672 bytes
0x00F90000 Hidden Image-->ePowerSrvPlugin.dll [ EPROCESS 0x88092D90 ] PID: 472, 28672 bytes
0x01170000 Hidden Image-->Framework.Service.Utility.dll [ EPROCESS 0x88092D90 ] PID: 472, 28672 bytes
0x03B00000 Hidden Image-->eRecovery.RemoteServerInterface.dll [ EPROCESS 0x88092D90 ] PID: 472, 28672 bytes
0x03DC0000 Hidden Image-->eSettings.Logger.dll [ EPROCESS 0x88092D90 ] PID: 472, 28672 bytes
0x03DB0000 Hidden Image-->eSettings.ServicePlugin.dll [ EPROCESS 0x88092D90 ] PID: 472, 28672 bytes
0x009F0000 Hidden Image-->Framework.Host.dll [ EPROCESS 0x88092D90 ] PID: 472, 36864 bytes
0x033F0000 Hidden Image-->eRecovery.ServicePlugin.dll [ EPROCESS 0x88092D90 ] PID: 472, 36864 bytes
0x00880000 Hidden Image-->Framework.Model.Controller.dll [ EPROCESS 0x88092D90 ] PID: 472, 45056 bytes
0x00A30000 Hidden Image-->Framework.Utility.CommonFunctions.dll [ EPROCESS 0x88092D90 ] PID: 472, 45056 bytes
0x01120000 Hidden Image-->WMIInterface.dll [ EPROCESS 0x88092D90 ] PID: 472, 45056 bytes
0x03A50000 Hidden Image-->Framework.Utility.dll [ EPROCESS 0x88092D90 ] PID: 472, 45056 bytes
0x03E00000 Hidden Image-->eSettings.Model.ComputerInterface.dll [ EPROCESS 0x88092D90 ] PID: 472, 45056 bytes
0x00950000 Hidden Image-->MobilityInterface.dll [ EPROCESS 0x8818DD90 ] PID: 2196, 45056 bytes
0x03A80000 Hidden Image-->msvcm80.dll [ EPROCESS 0x88092D90 ] PID: 472, 507904 bytes
0x01D30000 Hidden Image-->msvcm80.dll [ EPROCESS 0x8818DD90 ] PID: 2196, 507904 bytes
0x009D0000 Hidden Image-->Framework.Library.dll [ EPROCESS 0x88092D90 ] PID: 472, 69632 bytes
0x03A60000 Hidden Image-->eRecovery.RemoteServer.dll [ EPROCESS 0x88092D90 ] PID: 472, 69632 bytes
0x010C0000 Hidden Image-->WMIServiceDLL.dll [ EPROCESS 0x88092D90 ] PID: 472, 98304 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0c187abb\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0c187abb\WER5DE8.tmp.version.txt
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0c187abb\WER5DE9.tmp.appcompat.txt
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0c187abb\WER5EB5.tmp.hdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0c187abb\WER788C.tmp.mdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\store.lock
!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\VikPev00
!-->[Hidden] C:\Users\Moritz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\432X7BEA\ht=1857&windowwidth=763&agofid=1504kinochan&bw=192&nabt=10000&nabt=-11&nabt=-00&nabt=0000&nabt=510&nabt=PSO_1&nabt=LTKP_1&sowefo_ausschluss=super_block_ext[1]m
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00D68186-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00D68187-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00D68188-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{056FE9EA-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{056FE9EB-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{05DEF14D-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{05DEF14E-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{06C8E4A5-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{06C8E4A6-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08576A89-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08576A8A-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0C8CD9D5-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0C8CD9D6-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0CA3CEED-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0CA3CEEE-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0CA3CEEF-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D9C0A6D-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D9C0A6E-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0F6D3661-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0F6D3662-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1351B775-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1351B776-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13C87F2D-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13C87F2F-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{147419FD-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{147419FF-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1649E199-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1649E19A-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A273E99-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A273E9A-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A273E9B-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AC67D6D-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AC67D6E-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B87847A-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B87847C-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1D242B75-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1D242B76-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21442E85-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21442E86-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21B42049-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21B4204A-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22E97BD1-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22E97BD2-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22E97BD3-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24033809-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2403380A-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2403380B-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{282A5F2D-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{282A5F2E-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{287DC0A1-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{287DC0A2-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{29D6F79D-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{29D6F79E-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B359432-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B359433-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F0247AE-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F0247AF-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F5347C5-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F5347C6-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F5347C7-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{30B14179-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{30B1417A-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{328BA4BD-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{328BA4BF-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32AF397F-D5BA-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32AF3981-D5BA-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{35E3B59D-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{35E3B59E-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3674FA69-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3674FA6A-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37B1A115-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37B1A116-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3906C7A4-D5BA-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{398741A2-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{398741A3-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3CAAF499-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3CAAF49A-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3CAAF49B-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3D8D4EAD-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3D8D4EAF-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3EBB8621-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3EBB8622-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{407BBA71-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{407BBA72-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43A43021-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43A43022-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{449733B9-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{449733BA-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{458C4A8E-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{458C4A8F-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{458C4A90-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{476B7089-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{476B708A-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{476B708B-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4A9184DD-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4A9184DE-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4B59AFFD-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4B59AFFE-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C9D53AD-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C9D53AE-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EC3E271-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EC3E272-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{517A16E1-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{517A16E2-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5238BC91-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5238BC92-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5238BC93-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{536BB6BD-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{536BB6BE-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{55C904C5-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{55C904C6-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{583F1B91-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{583F1B93-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{594C270D-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{594C270E-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5A64F245-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5A64F246-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CBB1C39-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CBB1C3A-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5F27AD95-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5F27AD96-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5F27AD97-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{605D302D-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{605D302E-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{61739A09-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{61739A0A-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{63AD33AD-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{63AD33AE-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{661C4D75-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{661C4D76-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6748238D-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6748238E-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{68870485-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{68870486-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{68870488-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6AA1AC7D-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6AA1AC7E-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6AA1AC7F-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CFD8FC1-D5BE-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CFD8FC3-D5BE-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D09A231-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D09A232-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6E1B4955-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6E1B4957-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F95AC49-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F95AC4A-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{71F0C006-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{71F0C007-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7378AB67-D5BE-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7402DDB9-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7402DDBA-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{750179FD-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{750179FE-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{750179FF-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{766DE2E9-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{766DE2EA-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{793AE9C5-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{793AE9C6-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7AE1EA4D-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7AE1EA4E-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7AE1EA4F-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7AE1EA50-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C1E69E9-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C1E69EA-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D671E71-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D671E72-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{80426D75-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{80426D76-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81987FC5-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81987FC7-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81987FC8-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81987FC9-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{827506C5-D5B1-11E0-AD4D-9B1F82507CC2}.dat::$DATA
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{827506C6-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8331D465-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8331D466-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{848B3271-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{848B3272-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8723DB65-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8723DB66-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{88CD3D49-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{88CD3D4A-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{89541359-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8954135A-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A1CC7C5-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A1CC7C6-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B7AE889-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B7AE88A-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B7AE88B-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E1D16ED-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E1D16EE-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E1D16EF-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8FB133A5-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8FB133A6-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8FB133A7-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8FB133A8-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{90331FED-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{90331FEF-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{910EDF39-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{910EDF3A-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{925C5679-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{925C567A-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9564DF51-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9564DF52-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{969E8861-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{969E8862-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{969E8863-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97311E2D-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97311E2E-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97311E2F-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97E4665D-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97E4665E-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97E46660-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99239575-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99239576-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9C67A04A-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9C67A04B-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9D7FF651-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9D7FF652-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9E800AA5-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9E800AA6-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9ED67DD1-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9ED67DD2-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A0052A75-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A0052A76-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A38E15A5-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A38E15A6-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A45F02E5-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A45F02E6-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A45F02E7-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A589EFB1-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A589EFB2-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A598FA15-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A598FA16-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A70CAE25-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A70CAE26-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA802D19-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA802D1A-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB537BB5-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB537BB6-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC6522D9-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC6522DA-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC669AE9-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC669AEA-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADDD7291-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADDD7292-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADDD7293-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B16D81D5-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B16D81D7-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B16D81D9-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B2752E59-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B2752E5A-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B34F2CEE-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B34F2CF0-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B360BFBD-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B360BFBE-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B4C88D02-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B587919B-D5B7-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B587919D-D5B7-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B8EE6AD9-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B8EE6ADA-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9863779-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B986377A-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BA5A2255-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BA5A2256-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BA5A2257-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BA8B0E85-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BA8B0E86-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BA8B0E87-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BBDA35F2-D5B7-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BFE54505-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BFE54506-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C0549A89-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C0549A8B-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C14C60D9-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C14C60DA-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C1D0758D-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C1D0758E-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6C6DA05-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6C6DA06-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C741EF45-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C741EF46-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C741EF47-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C80A4176-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C80A4177-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8CE9ADD-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8CE9ADE-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD9302C9-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD9302CA-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CE509709-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CE50970A-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CF37DAE5-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CF37DAE6-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CFAB4615-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CFAB4617-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D476D215-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D476D216-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D476D217-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D55F3ECD-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D55F3ECE-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D620BB09-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D620BB0A-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D68F1562-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D68F1563-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB7BF46A-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB7BF46B-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC430E19-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC430E1A-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DCF6422D-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DCF6422E-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DCF6422F-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDA4E139-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDA4E13A-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDA4E13B-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E29DA70D-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E29DA70E-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E3117129-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E311712A-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E3F4406D-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E3F4406E-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E4FAF1C5-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E4FAF1C6-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E99441A9-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E99BA54D-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E99BA54E-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9DD72DD-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9DD72DE-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9DD72E0-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EAC9C791-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EAC9C793-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC10E4AD-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC10E4AE-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFD061CF-D5BB-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFD061D1-D5BB-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0738DCD-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0738DCE-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1279C9D-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1279C9E-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1DF9369-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1DF936A-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2E8CD2D-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2E8CD2E-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F684C56D-D5BB-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F74B764D-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F74B764E-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F74B764F-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F820D825-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F820D826-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F8EBD9D1-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F8EBD9D2-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9D621E9-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9D621EA-D5B1-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FB6C124E-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FB6C1250-D5B5-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FE790FBD-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FE790FBE-D5B2-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FF0BCB85-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FF0BCB86-D5B3-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFCAE665-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFCAE666-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFCAE667-D5B4-11E0-AD4D-9B1F82507CC2}.dat
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EJUQE4E\background_gradient[1]
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EJUQE4E\httpErrorPagesScripts[1]
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N3NN4JB\ErrorPageTemplate[1]
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N3NN4JB\navcancl[2]
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKZDBYGD\bullet[1]
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKZDBYGD\info_48[2]
!-->[Hidden] C:\Windows\Temp\TMP0000004C1E3E1D5C16AB559A
!-->[Hidden] C:\Windows\Temp\~DF2569.tmp
!-->[Hidden] C:\Windows\Temp\~DFEF51.tmp
==============================================
>Hooks
==============================================
Device object-->ParseProcedure, Type: Kernel Object [unknown_irp_handler]
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x828B97AA-->828B97B1 [ntkrnlpa.exe]
[292]avguard.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: IAT modification 0x00431028-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->AllocateAndInitializeSid, Type: IAT modification 0x0043103C-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->BuildExplicitAccessWithNameW, Type: IAT modification 0x0043102C-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->CloseServiceHandle, Type: IAT modification 0x0043109C-->00000000 [dnsapi.dll]
[292]avguard.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x00431050-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->DeregisterEventSource, Type: IAT modification 0x00431080-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->DuplicateTokenEx, Type: IAT modification 0x00431040-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->EqualSid, Type: IAT modification 0x00431054-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->FreeSid, Type: IAT modification 0x00431030-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->GetSecurityDescriptorDacl, Type: IAT modification 0x00431024-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->GetSecurityInfo, Type: IAT modification 0x00431044-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->GetSidIdentifierAuthority, Type: IAT modification 0x0043106C-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->GetSidSubAuthority, Type: IAT modification 0x00431064-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->GetSidSubAuthorityCount, Type: IAT modification 0x0043105C-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->GetTokenInformation, Type: IAT modification 0x00431058-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->GetUserNameW, Type: IAT modification 0x00431060-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->InitializeSecurityDescriptor, Type: IAT modification 0x0043100C-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->LookupAccountSidW, Type: IAT modification 0x00431070-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: IAT modification 0x00431048-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->OpenProcessToken, Type: IAT modification 0x00431068-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->OpenSCManagerW, Type: IAT modification 0x00431098-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->OpenServiceW, Type: IAT modification 0x00431094-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->QueryServiceStatus, Type: IAT modification 0x0043108C-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x0043101C-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x00431014-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x00431004-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->RegisterEventSourceW, Type: IAT modification 0x00431088-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->RegisterServiceCtrlHandlerW, Type: IAT modification 0x00431078-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x004310A0-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x00431020-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->RegQueryValueExA, Type: IAT modification 0x00431010-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x00431018-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x00431000-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->ReportEventW, Type: IAT modification 0x00431074-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->SetEntriesInAclW, Type: IAT modification 0x00431034-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->SetSecurityDescriptorDacl, Type: IAT modification 0x00431008-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->SetSecurityInfo, Type: IAT modification 0x00431038-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->SetServiceStatus, Type: IAT modification 0x0043107C-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->SetTokenInformation, Type: IAT modification 0x0043104C-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->StartServiceCtrlDispatcherW, Type: IAT modification 0x00431084-->00000000 [unknown_code_page]
[292]avguard.exe-->advapi32.dll-->StartServiceW, Type: IAT modification 0x00431090-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x004311F0-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->ConnectNamedPipe, Type: IAT modification 0x004310E8-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->CopyFileW, Type: IAT modification 0x004310AC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x00431200-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->CreateEventW, Type: IAT modification 0x004311EC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x00431204-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->CreateMutexW, Type: IAT modification 0x0043117C-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004310F0-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x00431210-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->CreateSemaphoreW, Type: IAT modification 0x004310D8-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: IAT modification 0x004310C8-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x0043112C-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->DeviceIoControl, Type: IAT modification 0x004310E0-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->ExpandEnvironmentStringsA, Type: IAT modification 0x004311B0-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->FindClose, Type: IAT modification 0x00431208-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x004311FC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x00431214-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->FormatMessageW, Type: IAT modification 0x004311F4-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x004311AC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetComputerNameW, Type: IAT modification 0x00431124-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetCurrentProcess, Type: IAT modification 0x004310B4-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x00431184-->00000000 [shell32.dll]
[292]avguard.exe-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x00431130-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetDateFormatW, Type: IAT modification 0x004310A8-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetExitCodeProcess, Type: IAT modification 0x00431120-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetExitCodeThread, Type: IAT modification 0x004311BC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x004311DC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetFileSize, Type: IAT modification 0x00431180-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetLastError, Type: IAT modification 0x00431110-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetLocalTime, Type: IAT modification 0x0043118C-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetModuleFileNameW, Type: IAT modification 0x004311A4-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetModuleHandleW, Type: IAT modification 0x004310EC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetOverlappedResult, Type: IAT modification 0x004310F8-->00000000 [aecore.dll]
[292]avguard.exe-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x00431134-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x00431170-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004311A0-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetStartupInfoA, Type: IAT modification 0x004311D0-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetStartupInfoW, Type: IAT modification 0x004310BC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x0043113C-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetTempPathW, Type: IAT modification 0x00431158-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x0043111C-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetTimeFormatW, Type: IAT modification 0x004310B0-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetVersionExW, Type: IAT modification 0x004310F4-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->GetWindowsDirectoryW, Type: IAT modification 0x00431104-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x00431190-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->InterlockedDecrement, Type: IAT modification 0x00431140-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x004311D4-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->InterlockedExchangeAdd, Type: IAT modification 0x00431188-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->InterlockedIncrement, Type: IAT modification 0x00431144-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->IsBadReadPtr, Type: IAT modification 0x00431138-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->IsDebuggerPresent, Type: IAT modification 0x004311C0-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004311D8-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004311E0-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004311A8-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->LocalAlloc, Type: IAT modification 0x00431198-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->LocalFree, Type: IAT modification 0x004311F8-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->lstrcpynW, Type: IAT modification 0x004310CC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->lstrlenA, Type: IAT modification 0x004311B4-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->lstrlenW, Type: IAT modification 0x004310D0-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->MoveFileW, Type: IAT modification 0x004310D4-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->MultiByteToWideChar, Type: IAT modification 0x004311B8-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->OpenEventW, Type: IAT modification 0x00431194-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->OpenProcess, Type: IAT modification 0x004310B8-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->Process32FirstW, Type: IAT modification 0x004310C0-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->Process32NextW, Type: IAT modification 0x004310C4-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->QueryDosDeviceW, Type: IAT modification 0x0043114C-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x00431114-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->QueryPerformanceFrequency, Type: IAT modification 0x00431100-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->ReadFile, Type: IAT modification 0x00431160-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->ReleaseSemaphore, Type: IAT modification 0x00431118-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x00431150-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->ResetEvent, Type: IAT modification 0x0043120C-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->SetEndOfFile, Type: IAT modification 0x00431174-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->SetErrorMode, Type: IAT modification 0x00431128-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->SetEvent, Type: IAT modification 0x0043110C-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x004310DC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->SetFilePointer, Type: IAT modification 0x00431178-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->SetLastError, Type: IAT modification 0x004310FC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x004311C4-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x0043119C-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x004311CC-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x004311C8-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->VerifyVersionInfoW, Type: IAT modification 0x004311E8-->00000000 [aeheur.dll]
[292]avguard.exe-->kernel32.dll-->WaitForMultipleObjects, Type: IAT modification 0x004310E4-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->WaitForSingleObject, Type: IAT modification 0x00431108-->00000000 [unknown_code_page]
[292]avguard.exe-->kernel32.dll-->WriteFile, Type: IAT modification 0x0043116C-->00000000 [aepack.dll]
[292]avguard.exe-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x0043115C-->00000000 [unknown_code_page]
[292]avguard.exe-->shell32.dll-->ShellExecuteW, Type: IAT modification 0x004314EC-->00000000 [unknown_code_page]
[292]avguard.exe-->user32.dll-->CharUpperW, Type: IAT modification 0x004314FC-->00000000 [unknown_code_page]
[292]avguard.exe-->user32.dll-->GetForegroundWindow, Type: IAT modification 0x00431508-->00000000 [unknown_code_page]
[292]avguard.exe-->user32.dll-->LoadStringW, Type: IAT modification 0x00431504-->00000000 [unknown_code_page]
[292]avguard.exe-->user32.dll-->OemToCharBuffW, Type: IAT modification 0x0043150C-->00000000 [unknown_code_page]
[292]avguard.exe-->user32.dll-->wsprintfW, Type: IAT modification 0x00431500-->00000000 [unknown_code_page]
[3312]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [PSDProtect.dll]
[3312]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [PSDProtect.dll]

lapala · 03.09.2011, 15:39

gmer hat doch noch geklappt

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-03 16:37:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000065  rev.
Running: m2i5wngz.exe; Driver: C:\Users\Moritz\AppData\Local\Temp\kfriakoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                               section is writeable [0x8E209000, 0x20B6D6, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                 section is writeable [0x9DA71300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                 section is writeable [0x9DACA300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!CreateWindowExW                                                       75A11305 5 Bytes  JMP 6C26DAFC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!DialogBoxParamW                                                       75A310B0 5 Bytes  JMP 6C1954D5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!DialogBoxIndirectParamW                                               75A32EF5 5 Bytes  JMP 6C3652F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!DialogBoxParamA                                                       75A48152 5 Bytes  JMP 6C365294 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!DialogBoxIndirectParamA                                               75A4847D 5 Bytes  JMP 6C36535A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!MessageBoxIndirectA                                                   75A5D4D9 5 Bytes  JMP 6C365229 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!MessageBoxIndirectW                                                   75A5D5D3 5 Bytes  JMP 6C3651BE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!MessageBoxExA                                                         75A5D639 5 Bytes  JMP 6C36515C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!MessageBoxExW                                                         75A5D65D 5 Bytes  JMP 6C3650FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!SetWindowsHookExW                                                     75A087AD 5 Bytes  JMP 6C269A89 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!CallNextHookEx                                                        75A08E3B 5 Bytes  JMP 6C25D0C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!UnhookWindowsHookEx                                                   75A098DB 5 Bytes  JMP 6C1D467E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!CreateWindowExW                                                       75A11305 5 Bytes  JMP 6C26DAFC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!DialogBoxParamW                                                       75A310B0 5 Bytes  JMP 6C1954D5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!DialogBoxIndirectParamW                                               75A32EF5 5 Bytes  JMP 6C3652F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!DialogBoxParamA                                                       75A48152 5 Bytes  JMP 6C365294 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!DialogBoxIndirectParamA                                               75A4847D 5 Bytes  JMP 6C36535A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!MessageBoxIndirectA                                                   75A5D4D9 5 Bytes  JMP 6C365229 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!MessageBoxIndirectW                                                   75A5D5D3 5 Bytes  JMP 6C3651BE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!MessageBoxExA                                                         75A5D639 5 Bytes  JMP 6C36515C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] USER32.dll!MessageBoxExW                                                         75A5D65D 5 Bytes  JMP 6C3650FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] ole32.dll!OleLoadFromStream                                                      761F1E80 5 Bytes  JMP 6C36565F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5640] ole32.dll!CoCreateInstance                                                       76229F3E 5 Bytes  JMP 6C26DB58 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\disk \Device\Harddisk0\DR0                                                                                                     87978A0A

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process         C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** )                                                                      3560                                                                                                      
Process         C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** )                                                                      5640                                                                                                      

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                    0x50 0x6D 0x90 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                    0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                 0x3C 0x3D 0x9D 0xAD ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                    C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                    1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                 0x90 0x04 0x50 0xC4 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                        0x0C 0x21 0x42 0x83 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                  0x6D 0x78 0xA6 0x6C ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                        0x50 0x6D 0x90 0x02 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                        0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                     0x3C 0x3D 0x9D 0xAD ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                        C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                        1
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                     0x90 0x04 0x50 0xC4 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                          
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                            0x0C 0x21 0x42 0x83 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                      0x6D 0x78 0xA6 0x6C ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                  Whistler@MBR code has been found                                                                           <-- ROOTKIT !!!
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N3NN4JB\iframe3[1].htm  648 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N3NN4JB\iframe3[2].htm  1030 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N3NN4JB\iframe3[3].htm  1335 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LG9WS3GX.txt                                        0 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5PUHQH5R.txt                                        0 bytes

---- EOF - GMER 1.0.15 ----

Swisstreasure · 04.09.2011, 17:40

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

lapala · 04.09.2011, 19:34

Code:

ATTFilter

OTL logfile created on: 04.09.2011 20:22:38 - Run 6
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Moritz\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 68,56% Memory free
5,73 Gb Paging File | 4,40 Gb Available in Paging File | 76,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 9,52 Gb Free Space | 6,61% Space Free | Partition Type: NTFS
Drive D: | 72,13 Gb Total Space | 64,52 Gb Free Space | 89,45% Space Free | Partition Type: NTFS
Drive I: | 72,02 Gb Total Space | 69,32 Gb Free Space | 96,25% Space Free | Partition Type: NTFS
 
Computer Name: MORITZ-LAPTOP | User Name: Moritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.04 20:22:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Moritz\Desktop\OTL.exe
PRC - [2011.08.03 11:00:00 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011.07.03 22:53:47 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.12 14:17:07 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.05 19:07:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.21 04:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.06.25 08:13:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.03 22:53:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.12 14:17:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.07.03 22:53:56 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 22:53:56 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.29 18:00:20 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.10.25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.10.21 21:09:50 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.10.21 21:09:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.09.30 07:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.06 21:38:18 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.06.25 08:53:34 | 003,844,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.28 17:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.05.27 23:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.28 19:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.01.10 03:34:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.01.10 03:34:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011.03.12 22:30:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.14 22:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.31 12:23:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.31 00:24:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.29 00:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.08.31 00:24:54 | 000,000,000 | ---D | M]
 
[2010.02.23 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Extensions
[2010.02.23 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.21 09:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions
[2010.12.11 14:14:01 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010.04.27 17:24:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.03 00:57:34 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011.07.16 10:51:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.05 12:32:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.07.05 12:32:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.07.05 12:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009.04.15 18:47:17 | 000,000,000 | ---D | M] (RDown - Rapidshare Downloader) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\dave2x@download
[2011.01.04 12:05:47 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\isreaditlater@ideashower.com
[2011.02.12 16:21:01 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\vshare@toolbar
[2010.12.11 14:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2011.07.05 12:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009.12.09 23:24:45 | 000,001,127 | ---- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\4zf2y16n.default\searchplugins\rapidshare-filefinder.xml
[2009.12.09 23:24:13 | 000,004,153 | ---- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\4zf2y16n.default\searchplugins\youtube.xml
[2011.08.16 10:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 15:09:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MORITZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZF2Y16N.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\MORITZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZF2Y16N.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2011.08.31 12:23:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.19 19:38:57 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.31 19:25:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wallpaper Juggler Monitor] C:\Program Files\Wallpaper Juggler\WallpaperJugglerM.exe (Topdownloads Networks)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FE02DFE-0767-48E6-96C2-F05D932B6E75}: DhcpNameServer = 10.0.0.10 10.0.0.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43E2FA7B-AE45-470A-ABED-A3E58AC215A5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BkupTray - hkey= - key= - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.04 20:22:10 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Moritz\Desktop\OTL.exe
[2011.09.03 00:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE
[2011.09.03 00:05:54 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Desktop\RkU3.8.388.590
[2011.09.02 14:45:08 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.09.01 14:53:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Moritz\Desktop\aswMBR.exe
[2011.08.31 19:31:04 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\temp
[2011.08.31 19:25:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.31 18:44:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.31 18:44:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.31 18:44:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.08.31 18:44:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.31 18:44:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.31 18:36:36 | 004,191,448 | R--- | C] (Swearware) -- C:\Users\Moritz\Desktop\ComboFix.exe
[2011.08.30 13:09:20 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Malwarebytes
[2011.08.30 13:09:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.30 13:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.30 13:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.30 13:09:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.30 13:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.29 00:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.08.29 00:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.08.29 00:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.08.28 15:10:07 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler
[2011.08.28 15:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler
[2011.08.28 15:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Wallpaper Juggler
[2011.08.26 19:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.0
[2011.08.26 18:43:05 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Foxit Software
[2011.08.15 17:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\ALDI Bestellsoftware
[2011.08.12 23:27:59 | 000,000,000 | ---D | C] -- C:\Users\Moritz\A Norway
[2011.08.12 23:04:31 | 000,000,000 | ---D | C] -- C:\Users\Moritz\America
[2008.09.25 13:49:40 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.04 20:22:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Moritz\Desktop\OTL.exe
[2011.09.04 20:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.04 18:51:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.04 18:51:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.04 14:20:15 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1AEAEB46-8F29-4B72-9FF7-AAD3A371800A}.job
[2011.09.04 12:51:55 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.09.04 12:51:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.04 12:51:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.04 12:51:31 | 2949,066,752 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.03 13:43:20 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.03 13:43:20 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.03 13:43:20 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.03 13:43:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.03 00:05:05 | 000,629,057 | ---- | M] () -- C:\Users\Moritz\Desktop\RkU3.8.388.590.rar
[2011.09.03 00:01:05 | 230,197,478 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.02 23:58:33 | 000,302,592 | ---- | M] () -- C:\Users\Moritz\Desktop\m2i5wngz.exe
[2011.09.02 18:18:51 | 000,000,512 | ---- | M] () -- C:\Users\Moritz\Desktop\MBR.dat
[2011.09.02 18:07:04 | 000,000,362 | ---- | M] () -- C:\Users\Moritz\Desktop\Download - Verknüpfung.lnk
[2011.09.02 15:04:24 | 000,080,384 | ---- | M] () -- C:\Users\Moritz\Desktop\MBRCheck.exe
[2011.09.01 14:53:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Moritz\Desktop\aswMBR.exe
[2011.09.01 01:00:31 | 000,000,680 | ---- | M] () -- C:\Users\Moritz\AppData\Local\d3d9caps.dat
[2011.08.31 19:25:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.08.31 18:36:57 | 004,191,448 | R--- | M] (Swearware) -- C:\Users\Moritz\Desktop\ComboFix.exe
[2011.08.31 00:44:22 | 000,000,020 | ---- | M] () -- C:\Users\Moritz\defogger_reenable
[2011.08.30 13:09:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.30 12:21:57 | 001,605,632 | ---- | M] () -- C:\Users\Moritz\boot.iso
[2011.08.28 15:42:18 | 000,247,808 | ---- | M] () -- C:\Users\Moritz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.14 14:58:22 | 000,000,926 | ---- | M] () -- C:\Users\Moritz\Desktop\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.03 00:05:03 | 000,629,057 | ---- | C] () -- C:\Users\Moritz\Desktop\RkU3.8.388.590.rar
[2011.09.02 23:58:32 | 000,302,592 | ---- | C] () -- C:\Users\Moritz\Desktop\m2i5wngz.exe
[2011.09.02 18:18:51 | 000,000,512 | ---- | C] () -- C:\Users\Moritz\Desktop\MBR.dat
[2011.09.02 18:07:04 | 000,000,362 | ---- | C] () -- C:\Users\Moritz\Desktop\Download - Verknüpfung.lnk
[2011.09.02 15:04:23 | 000,080,384 | ---- | C] () -- C:\Users\Moritz\Desktop\MBRCheck.exe
[2011.08.31 18:44:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.31 18:44:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.31 18:44:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.31 18:44:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.31 18:44:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.31 01:51:58 | 2949,066,752 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.31 00:44:07 | 000,000,020 | ---- | C] () -- C:\Users\Moritz\defogger_reenable
[2011.08.30 13:09:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.30 12:21:57 | 001,605,632 | ---- | C] () -- C:\Users\Moritz\boot.iso
[2011.08.28 15:10:07 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx
[2011.07.06 18:48:12 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.07.06 18:48:12 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.24 11:58:13 | 000,022,328 | ---- | C] () -- C:\Users\Moritz\AppData\Roaming\PnkBstrK.sys
[2010.12.24 11:57:59 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.12.24 11:57:55 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.10.16 14:50:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.10.16 14:50:32 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.04.02 15:33:25 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.04.02 15:33:09 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.02 15:33:08 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.04.02 15:32:36 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2010.02.23 17:52:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.12 13:34:19 | 000,000,000 | ---- | C] () -- C:\Windows\jcmkr32.INI
[2009.11.01 12:50:22 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009.10.21 21:09:50 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.10.21 21:09:49 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.05.27 17:32:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.27 17:32:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.03 19:12:34 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2009.03.16 12:45:12 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2009.02.24 14:09:00 | 000,000,569 | ---- | C] () -- C:\Windows\eReg.dat
[2009.02.04 16:00:45 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009.02.04 16:00:45 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009.02.04 16:00:45 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009.02.02 16:59:58 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.01.30 16:19:35 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.01.25 12:47:50 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.01.24 16:51:36 | 000,247,808 | ---- | C] () -- C:\Users\Moritz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.24 15:46:54 | 000,026,340 | ---- | C] () -- C:\Users\Moritz\AppData\Roaming\UserTile.png
[2009.01.24 13:36:30 | 000,000,680 | ---- | C] () -- C:\Users\Moritz\AppData\Local\d3d9caps.dat
[2009.01.24 13:17:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.25 13:48:26 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.09.25 13:48:26 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.09.25 13:48:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.09.25 13:48:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.09.25 04:07:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.09.25 04:04:33 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.09.25 04:04:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.09.25 04:04:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.09.25 04:04:33 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.09.25 03:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.08.28 05:39:18 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.08.28 05:39:18 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.08.28 05:39:18 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.08.28 05:39:18 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.08.27 20:36:03 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.08.27 20:32:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.08.27 20:32:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.08.19 04:48:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.08.19 04:48:50 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.08.19 04:48:50 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.08.19 04:48:18 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,344,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.09.18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2008.08.27 20:30:20 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Acer GameZone Console
[2010.12.10 22:58:01 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\albumart
[2009.04.16 12:25:13 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools
[2009.04.16 12:26:33 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools Lite
[2009.04.06 21:45:51 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools Pro
[2011.08.27 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Dropbox
[2011.07.16 10:51:36 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DVDVideoSoft
[2011.07.16 10:51:06 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.26 18:43:05 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Foxit Software
[2011.08.15 14:48:24 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\gtk-2.0
[2011.09.04 18:55:15 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\ICQ
[2010.12.26 11:50:10 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Leadertech
[2009.02.10 18:37:04 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\OpenOffice.org
[2009.01.24 15:46:54 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\PeerNetworking
[2011.07.15 01:06:33 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Personal Video Database
[2009.02.15 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Pingus
[2011.02.12 19:14:38 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Rovio
[2010.10.16 14:49:03 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Samsung
[2010.04.18 15:00:48 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\smc
[2009.09.29 16:47:16 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Teeworlds
[2010.05.13 15:04:03 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\temp
[2009.08.13 12:58:45 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\thriXXX
[2010.02.23 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Thunderbird
[2009.02.08 13:32:16 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Tobit
[2010.04.27 18:00:57 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\TuneUp Software
[2009.02.09 20:24:23 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Wormux
[2011.09.03 16:41:07 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.04 14:20:15 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1AEAEB46-8F29-4B72-9FF7-AAD3A371800A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.31 19:25:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.01.24 12:48:34 | 000,000,000 | ---D | M] -- C:\Acer
[2010.02.19 14:39:55 | 000,000,000 | ---D | M] -- C:\ATI
[2009.05.27 22:55:40 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.01.24 12:43:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.30 11:09:47 | 000,000,000 | ---D | M] -- C:\Lyrics
[2008.08.27 20:13:50 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.08.31 00:24:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.31 19:16:53 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.01.24 12:43:07 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.31 19:38:57 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.09.04 20:25:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.13 14:21:23 | 000,000,000 | ---D | M] -- C:\Temp
[2009.03.19 20:11:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.09.03 00:01:05 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-02 13:03:21

< End of report >

Swisstreasure · 05.09.2011, 22:20

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

lapala · 05.09.2011, 23:53

Code:

ATTFilter

ComboFix 11-09-05.05 - Moritz 05.09.2011  23:53:13.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2814.1783 [GMT 2:00]
ausgeführt von:: C:\Users\Moritz\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((   Dateien erstellt von 2011-08-05 bis 2011-09-05  ))))))))))))))))))))))))))))))


2011-09-05 22:22:54 . 2011-09-05 22:23:29	--------	d-----w-	C:\Users\Moritz\AppData\Local\temp
2011-09-05 22:22:54 . 2011-09-05 22:22:54	--------	d-----w-	C:\Users\Gast\AppData\Local\temp
2011-09-05 22:22:54 . 2011-09-05 22:22:54	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2011-09-02 13:03:05 . 2011-08-12 02:44:27	7152464	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8CB4C39A-AB80-4F86-84FE-6CE62258F409}\mpengine.dll
2011-09-02 12:45:08 . 2011-09-02 12:45:08	--------	d-sh--w-	C:\Windows\system32\%APPDATA%
2011-08-30 11:09:20 . 2011-08-30 11:09:20	--------	d-----w-	C:\Users\Moritz\AppData\Roaming\Malwarebytes
2011-08-30 11:09:08 . 2011-07-06 17:52:42	41272	----a-w-	C:\Windows\system32\drivers\mbamswissarmy.sys
2011-08-30 11:09:06 . 2011-08-30 11:09:06	--------	d-----w-	C:\ProgramData\Malwarebytes
2011-08-30 11:09:03 . 2011-08-30 11:09:10	--------	d-----w-	C:\Program Files\Malwarebytes' Anti-Malware
2011-08-30 11:09:03 . 2011-07-06 17:52:42	22712	----a-w-	C:\Windows\system32\drivers\mbam.sys
2011-08-29 09:27:06 . 2011-08-28 22:07:51	159744	----a-w-	C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-08-29 09:27:06 . 2011-08-28 22:07:51	159744	----a-w-	C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-08-29 09:27:06 . 2011-08-28 22:07:51	159744	----a-w-	C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-08-29 09:27:06 . 2011-08-28 22:07:50	159744	----a-w-	C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-08-28 22:19:30 . 2011-08-28 22:19:30	--------	d-----w-	C:\Program Files\iPod
2011-08-28 22:07:52 . 2011-08-28 22:07:51	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-28 22:07:52 . 2011-08-28 22:07:51	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-28 22:07:52 . 2011-08-28 22:07:51	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-28 22:07:52 . 2011-08-28 22:07:51	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-28 22:07:52 . 2011-08-28 22:07:50	159744	----a-w-	C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-08-28 22:07:52 . 2011-08-28 22:07:50	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-28 22:07:52 . 2011-08-28 22:07:50	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-28 22:07:52 . 2011-08-28 22:07:50	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-28 22:07:51 . 2011-08-28 22:07:50	159744	----a-w-	C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
2011-08-28 13:10:07 . 2003-05-14 19:07:16	389120	----a-w-	C:\Windows\system32\actskn43.ocx
2011-08-28 13:10:04 . 2011-08-28 13:10:16	--------	d-----w-	C:\Program Files\Wallpaper Juggler
2011-08-28 13:10:04 . 2000-05-21 22:00:00	140488	----a-w-	C:\Windows\system32\COMDLG32.OCX
2011-08-28 13:10:04 . 1998-04-23 22:00:00	368912	----a-w-	C:\Windows\system32\vbar332.dll
2011-08-26 16:43:05 . 2011-08-26 16:43:05	--------	d-----w-	C:\Users\Moritz\AppData\Roaming\Foxit Software
2011-08-24 13:17:54 . 2011-07-11 13:25:35	2048	----a-w-	C:\Windows\system32\tzres.dll
2011-08-15 15:01:05 . 2011-08-15 15:04:38	--------	d-----w-	C:\Program Files\ALDI Bestellsoftware
2011-08-12 21:27:59 . 2011-08-12 21:34:25	--------	d-----w-	C:\Users\Moritz\A Norway
2011-08-12 21:04:31 . 2011-08-12 21:27:33	--------	d-----w-	C:\Users\Moritz\America
2011-08-10 15:22:00 . 2011-06-17 16:03:18	375808	----a-w-	C:\Windows\system32\winsrv.dll
2011-08-10 15:21:59 . 2011-07-06 15:31:47	214016	----a-w-	C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 15:21:55 . 2011-06-06 10:59:30	2409784	----a-w-	C:\Program Files\Windows Mail\OESpamFilter.dat
2011-08-10 15:18:37 . 2011-06-20 08:54:36	3602832	----a-w-	C:\Windows\system32\ntkrnlpa.exe
2011-08-10 15:18:37 . 2011-06-20 08:54:36	3550096	----a-w-	C:\Windows\system32\ntoskrnl.exe
2011-08-10 15:18:34 . 2011-06-17 20:13:55	905104	----a-w-	C:\Windows\system32\drivers\tcpip.sys
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-08-11 14:00:13 . 2011-07-03 21:24:54	404640	----a-w-	C:\Windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 09:20:54 . 2011-07-12 09:20:54	83816	----a-w-	C:\Windows\system32\dns-sd.exe
2011-07-12 09:20:54 . 2011-07-12 09:20:54	73064	----a-w-	C:\Windows\system32\dnssd.dll
2011-07-12 09:20:54 . 2011-07-12 09:20:54	178536	----a-w-	C:\Windows\system32\dnssdX.dll
2011-07-05 16:37:00 . 2011-07-05 16:37:00	94208	----a-w-	C:\Windows\system32\QuickTimeVR.qtx
2011-07-05 16:37:00 . 2011-07-05 16:37:00	69632	----a-w-	C:\Windows\system32\QuickTime.qts
2011-07-03 20:53:56 . 2009-03-20 13:47:12	66616	----a-w-	C:\Windows\system32\drivers\avgntflt.sys
2011-07-03 20:53:56 . 2009-03-20 13:47:12	138192	----a-w-	C:\Windows\system32\drivers\avipbb.sys
2011-08-31 10:23:55 . 2011-07-06 08:41:03	134104	----a-w-	C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36:00	94208	----a-w-	C:\Users\Moritz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36:00	94208	----a-w-	C:\Users\Moritz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36:00	94208	----a-w-	C:\Users\Moritz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36:00	94208	----a-w-	C:\Users\Moritz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05:06	121392	----a-w-	C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 12:58:52 495616]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 18:08:40 1049896]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 17:07:06 281768]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 02:06:00 6144000]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 12:35:35 176128]
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 18:56:16 1230704]
"Wallpaper Juggler Monitor"="C:\Program Files\Wallpaper Juggler\WallpaperJugglerM.exe" [2004-09-22 18:18:18 40960]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-07-05 16:36:48 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-08-18 23:07:38 421736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59:06	937920	----a-r-	C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 12:52:20	40368	----a-w-	C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 19:36:20	28672	----a-w-	C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-14 15:05:22	526896	----a-w-	C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-06-11 08:22:16	409600	----a-w-	C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-18 23:07:38	421736	----a-w-	C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-01-29 22:11:32	888120	----a-w-	C:\Program Files\Samsung\Kies\KiesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-01-29 22:11:36	3372856	----a-w-	C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-09-10 22:02:24	809480	----a-w-	C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36:48	421888	----a-w-	C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-21 02:06:00	6144000	----a-w-	C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15:00	1826816	----a-w-	C:\Windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17:18	61440	----a-w-	C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 08:03:46	303104	----a-w-	C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23:32	1008184	----a-w-	C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3966416877-3789978977-102637031-1000]
"EnableNotificationsRef"=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]
R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-12 20:29:23 136176]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 19:36:02 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 11:44:56 210432]
R3 dgderdrv;dgderdrv;C:\Windows\system32\drivers\dgderdrv.sys [2011-01-29 16:00:20 20032]
R3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-12 20:29:23 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 17:52:42 41272]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys [2011-01-03 08:38:36 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 08:38:36 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 08:38:36 136680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 11:16:28 753504]
R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2009-04-06 19:38:18 717296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-05-12 12:17:07 136360]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 11:11:14 16384]
S2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 11:22:52 24576]
S2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2010-05-28 06:25:04 233472]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 19:36:20 45056]
S2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2008-01-10 01:34:43 5120]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2010-10-25 09:03:52 36640]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2008-05-28 15:54:20 22072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32:50	8192	----a-w-	C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

Inhalt des "geplante Tasks" Ordners

2011-09-05 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-12 20:29:41 . 2011-03-12 20:29:23]

2011-09-05 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-12 20:29:41 . 2011-03-12 20:29:23]

2011-09-05 C:\Windows\Tasks\User_Feed_Synchronization-{1AEAEB46-8F29-4B72-9FF7-AAD3A371800A}.job
- C:\Windows\system32\msfeedssync.exe [2011-08-10 15:20:11 . 2011-07-23 09:26:12]


------- Zusätzlicher Suchlauf -------

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - C:\Users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
LSP: C:\Windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\4zf2y16n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.n-tv.de/


**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-06 00:23:29
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

? [3584]
? [4064]
? [3964]

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 

CreateFile("\\.\PHYSICALDRIVE0"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
device: opened successfully
user: error reading MBR 
kernel: MBR read successfully
user != kernel MBR !!! 

**************************************************************************

--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,d4,a2,1c,28,66,24,4c,94,b0,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,d4,a2,1c,28,66,24,4c,94,b0,89,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4908)
C:\Users\Moritz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

Zeit der Fertigstellung: 2011-09-06  00:39:04
ComboFix-quarantined-files.txt  2011-09-05 22:38:41
ComboFix2.txt  2011-08-31 17:31:03

Vor Suchlauf: 11 Verzeichnis(se), 10.228.592.640 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 10.232.262.656 Bytes frei

- - End Of File - - A887494AB146CF7B11075F42AC243869

Swisstreasure · 06.09.2011, 17:50

Hast Du noch Probleme?

lapala · 06.09.2011, 18:22

Ja, noch keine Änderung.
Externe Geräte werde immernoch nicht erkannt.

Swisstreasure · 06.09.2011, 21:41

Schritt 1

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista User: Bitte mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).

Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.

Schritt 2

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Klicke auf Scan
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 3

Dann suche: C:\Users\Moritz\Desktop\MBR.dat --> Rechtsklick --> senden an Zip komprimitierten Order und die mbr.zip anhängen.

Schritt 4

Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.scr
dds.pif

Schließe alle laufenden Programme.
Starte DDS mit Doppelklick.
Es wird 2 Logfiles erstellen.
- dds.txt
- attach.txt
Speichere beide Logfiles auf deinem Desktop
Poste beide Logfiles hier.

lapala · 06.09.2011, 23:01

Okay hier aswMBR

Code:

ATTFilter

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 18:16:24
-----------------------------
18:16:24.836    OS Version: Windows 6.0.6002 Service Pack 2
18:16:24.837    Number of processors: 2 586 0x301
18:16:24.838    ComputerName: MORITZ-LAPTOP  UserName: Moritz
18:16:33.606    Initialize success
18:16:53.988    AVAST engine defs: 11090100
18:17:32.104    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
18:17:32.110    Disk 0 Vendor:   Size: 0MB BusType: 0
18:17:34.128    Disk 0 MBR read successfully
18:17:34.131    Disk 0 MBR scan
18:17:34.213    Disk 0 MBR:Whistler-C [Rtk]
18:17:34.220    Disk 0 Whistler@MBR code has been found
18:17:34.225    Disk 0 MBR hidden
18:17:34.229    Disk 0 MBR [Whistler]  **ROOTKIT**
18:17:34.324    Disk 0 scanning C:\Windows\system32\drivers
18:18:02.304    Service scanning
18:18:05.091    Modules scanning
18:18:25.371    Disk 0 trace - called modules:
18:18:25.381    ntkrnlpa.exe >>UNKNOWN [0x87abea0a]<<
18:18:25.735    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bdbac8]
18:18:25.742    \Driver\disk[0x86ad8978] -> IRP_MJ_READ -> 0x87abea0a
18:18:25.749    Scan finished successfully
18:18:51.755    Disk 0 MBR has been saved successfully to "C:\Users\Moritz\Desktop\MBR.dat"
18:18:51.764    The log file has been saved successfully to "C:\Users\Moritz\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-06 23:50:35
-----------------------------
23:50:35.197    OS Version: Windows 6.0.6002 Service Pack 2
23:50:35.197    Number of processors: 2 586 0x301
23:50:35.199    ComputerName: MORITZ-LAPTOP  UserName: Moritz
23:50:36.692    Initialize success
23:50:49.172    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
23:50:49.175    Disk 0 Vendor:   Size: 0MB BusType: 0
23:50:51.193    Disk 0 MBR read successfully
23:50:51.196    Disk 0 MBR scan
23:50:51.200    Disk 0 Whistler@MBR code has been found
23:50:51.203    Disk 0 MBR hidden
23:50:51.207    Disk 0 MBR [Whistler]  **ROOTKIT**
23:50:51.250    Disk 0 scanning C:\Windows\system32\drivers
23:51:02.058    Service scanning
23:51:03.568    Modules scanning
23:51:13.611    Disk 0 trace - called modules:
23:51:13.620    ntkrnlpa.exe >>UNKNOWN [0x87b23a0a]<<
23:51:13.625    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fa9ac8]
23:51:13.629    \Driver\disk[0x86be2a10] -> IRP_MJ_READ -> 0x87b23a0a
23:51:13.636    Scan finished successfully
23:51:22.789    Disk 0 MBR has been saved successfully to "C:\Users\Moritz\Desktop\MBR.dat"
23:51:22.809    The log file has been saved successfully to "C:\Users\Moritz\Desktop\aswMBR.txt"

Hier dds.txt

Code:

ATTFilter

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19120  BrowserJavaVersion: 1.6.0_20
Run by Moritz at 23:55:49 on 2011-09-06
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2814.1589 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
"C:\Windows\system32\svchost.exe"
"C:\Windows\system32\svchost.exe"
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Wallpaper Juggler Monitor] "c:\program files\wallpaper juggler\WallpaperJugglerM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - c:\users\moritz\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1FE02DFE-0767-48E6-96C2-F05D932B6E75} : DhcpNameServer = 10.0.0.10 10.0.0.20
TCP: Interfaces\{43E2FA7B-AE45-470A-ABED-A3E58AC215A5} : DhcpNameServer = 192.168.178.1
mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\moritz\appdata\roaming\mozilla\firefox\profiles\4zf2y16n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.n-tv.de/
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-20 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2009-3-20 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-20 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-20 66616]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-8-27 24576]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-10-16 233472]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-5-3 5120]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-16 36640]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-9-25 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-3-7 20032]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-30 41272]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-3-7 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-3-7 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-3-7 136680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-06 07:57:01	7152464	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{0bbd265c-470d-4d43-89d4-3992ee05ed9b}\mpengine.dll
2011-09-05 22:39:18	--------	d-----w-	c:\users\moritz\appdata\local\temp
2011-09-05 22:36:55	--------	d-sh--w-	C:\$RECYCLE.BIN
2011-09-05 21:43:51	--------	d-----w-	C:\ComboFix
2011-09-02 12:45:08	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2011-08-31 16:44:22	98816	----a-w-	c:\windows\sed.exe
2011-08-31 16:44:22	518144	----a-w-	c:\windows\SWREG.exe
2011-08-31 16:44:22	256000	----a-w-	c:\windows\PEV.exe
2011-08-31 16:44:22	208896	----a-w-	c:\windows\MBR.exe
2011-08-30 11:09:20	--------	d-----w-	c:\users\moritz\appdata\roaming\Malwarebytes
2011-08-30 11:09:08	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-30 11:09:06	--------	d-----w-	c:\programdata\Malwarebytes
2011-08-30 11:09:03	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-30 11:09:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-08-29 09:27:06	159744	----a-w-	c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-08-29 09:27:06	159744	----a-w-	c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-08-29 09:27:06	159744	----a-w-	c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-08-29 09:27:06	159744	----a-w-	c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-08-28 22:19:30	--------	d-----w-	c:\program files\iPod
2011-08-28 22:07:52	159744	----a-w-	c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-08-28 22:07:52	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-28 22:07:52	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-28 22:07:52	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-28 22:07:52	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-28 22:07:52	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-28 22:07:52	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-28 22:07:52	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-28 22:07:51	159744	----a-w-	c:\program files\mozilla firefox\plugins\npqtplugin.dll
2011-08-28 13:10:07	389120	----a-w-	c:\windows\system32\actskn43.ocx
2011-08-28 13:10:04	368912	----a-w-	c:\windows\system32\vbar332.dll
2011-08-28 13:10:04	140488	----a-w-	c:\windows\system32\COMDLG32.OCX
2011-08-28 13:10:04	--------	d-----w-	c:\program files\Wallpaper Juggler
2011-08-26 16:43:05	--------	d-----w-	c:\users\moritz\appdata\roaming\Foxit Software
2011-08-24 13:17:54	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-15 15:01:05	--------	d-----w-	c:\program files\ALDI Bestellsoftware
2011-08-12 21:27:59	--------	d-----w-	c:\users\moritz\A Norway
2011-08-12 21:04:31	--------	d-----w-	c:\users\moritz\America
2011-08-10 15:22:00	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-08-10 15:21:59	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 15:21:55	2409784	----a-w-	c:\program files\windows mail\OESpamFilter.dat
2011-08-10 15:18:37	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-10 15:18:37	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-10 15:18:34	905104	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2011-08-11 14:00:13	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 11:04:29	916480	----a-w-	c:\windows\system32\wininet.dll
2011-07-23 11:00:05	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34	71680	----a-w-	c:\windows\system32\iesetup.dll
2011-07-23 10:59:34	109056	----a-w-	c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47	385024	----a-w-	c:\windows\system32\html.iec
2011-07-23 09:27:04	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-12 09:20:54	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20:54	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-07-12 09:20:54	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-07-05 16:37:00	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37:00	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-07-03 20:53:56	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 
.
CreateFile("\\.\PHYSICALDRIVE0"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
device: opened successfully
user: error reading MBR 
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x87B23A0A]<< 
_asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; MOV ECX, [EAX+0xc]; OR ECX, [EAX+0x10]; PUSH ESI; JNZ 0x94; MOV ESI, 0x200; CMP [EAX+0x4], ESI; JB 0x94;  }
1 ntkrnlpa!IofCallDriver[0x8285D912] -> \Device\Harddisk0\DR0[0x85FA9AC8]
\Driver\disk[0x86BE2A10] -> IRP_MJ_READ -> 0x87B23A0A
kernel: MBR read successfully
_asm { NOP ; XOR AX, AX; NOP ; MOV DS, AX; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; NOP ; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x626;  }
user != kernel MBR !!! 
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 23:56:09,77 ===============

Hier attach.txt

Code:

ATTFilter

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 25.09.2008 03:56:15
System Uptime: 06.09.2011 21:36:17 (2 hours ago)
.
Motherboard: Acer |  | Aspire 5535
Processor: AMD Athlon(tm) X2 Dual-Core QL-60 | Socket S1G2 | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 9,403 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 64,518 GiB free.
G: is CDROM ()
I: is FIXED (NTFS) - 72 GiB total, 69,32 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetXtreme Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1684&SUBSYS_013C1025&REV_10\4&2F34AB0C&0&0028
Manufacturer: Broadcom
Name: Broadcom NetXtreme Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1684&SUBSYS_013C1025&REV_10\4&2F34AB0C&0&0028
Service: b57nd60x
.
==== System Restore Points ===================
.
RP942: 03.09.2011 14:22:55 - Geplanter Prüfpunkt
RP943: 04.09.2011 16:47:19 - Geplanter Prüfpunkt
RP944: 04.09.2011 18:58:53 - OTL Restore Point - 04.09.2011 18:58:53
RP945: 04.09.2011 20:12:57 - OTL Restore Point - 04.09.2011 20:12:57
RP946: 04.09.2011 20:25:00 - OTL Restore Point - 04.09.2011 20:25:00
RP947: 05.09.2011 14:46:04 - Geplanter Prüfpunkt
RP948: 06.09.2011 09:56:21 - Windows Update
RP949: 06.09.2011 22:13:54 - Geplanter Prüfpunkt
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
Acer eDataSecurity Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.3.0
ALDI Bestellsoftware 4.9
AMD USB Audio Driver Filter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
DivX-Setup
DivX Converter
DivX Player
DivX Plus DirectShow Filters
Dropbox
Foxit Reader 5.0
FoxyTunes for Firefox
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.10.1.715
Google Gears
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICQ7.5
iTunes
Java Auto Updater
Java(TM) 6 Update 20
JDownloader
LAME v3.98.3 for Audacity
Launch Manager
LightScribe  1.4.142.1
LogonStudio Vista
Malwarebytes' Anti-Malware Version 1.51.1.1800
Maple 12
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Minilyrics
Mozilla Firefox 6.0.1 (x86 de)
Mozilla Thunderbird (6.0.1)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA PhysX
Paint.NET v3.5.8
PhotoNow!
PixiePack Codec Pack
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RocketDock 1.3.5
Rootkit Unhooker LE 3.8 SR 2
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
SopCast 3.3.2
Spelling Dictionaries Support For Adobe Reader 8
Synaptics Pointing Device Driver 
Uninstall 1.0.0.1
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Office 2007 (KB946691)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.5
vShare Plugin
Wallpaper Juggler 2.2
Winamp
Winamp Erkennungs-Plug-in
Windows 7 Upgrade Advisor
Windows Media Player Firefox Plugin
WinRAR
Xvid 1.1.3 final uninstall
.
==== End Of File ===========================

Und angehängt der MBR.zip

Btw: defogger wurde schon am Beginn der Bereinigung angewendet, habe ich nicht nochmal ausgeführt, trotzdem hier wie gewünscht das Log

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:44 on 31/08/2011 (Moritz)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

02.09.2011, 22:49	#18
Swisstreasure /// Malwareteam	Masterbootsektor Virus "BOO/Whistler" Hast Du das alte GMER gelöscht und neu geladen? __________________

06.09.2011, 17:50	#27
Swisstreasure /// Malwareteam	Masterbootsektor Virus "BOO/Whistler" Hast Du noch Probleme?

Masterbootsektor Virus "BOO/Whistler"

Log-Analyse und Auswertung: Masterbootsektor Virus "BOO/Whistler"