WLSIDTEN.DLL

Dieses Thema WLSIDTEN.DLL im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von nati_u, 19. Jan. 2013.

Status des Themas:
Es sind keine weiteren Antworten möglich.

Thema: WLSIDTEN.DLL Hallo zusammen, beim Starten des Rechners erscheinet folgende Meldung Fehler beim Laden von...und dann...

  1. Hallo zusammen,

    beim Starten des Rechners erscheinet folgende Meldung Fehler beim Laden von...und dann wlsidten.dll - hab schon im internet gesurft - und weiß dass es ein virus ist - wie bekomme ich diesen entfernt?

    bitte in laiensprachen erklären. danke

    nati
     
  2. häää, jetzt versteh ich garnix mehr....

    jetzt wurde ich auf link verwiesen - bei dem ich auf meinen eigenen eintrag lande.....hab doch in die entsprechende kategorie gewechselt...

    ich hab auch gesehen - dass es hier schon mal einen eintrag von gab - aber damit kann ich nix anfangen....

    bin echt ein laie auf dem rechner
     
  3. Hi,

    Bleib besser hier in Deinem eigenen Thread, jeder Rechner und jedes Logfile ist anders.


    Ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden. Es ist wichtig, dass Du solange mitarbeitest, bis wir sagen, dass der Rechner sauber ist, auch wenn die Symptome eventuell nach den ersten Aktionen verschwunden sein sollten. Dazu gehört auch, keine weiteren Programme zu installieren oder Scans durchzuführen, ausser wenn es hier entsprechend angeordnet wird. Wenn Du dazu bereit bist, arbeite die folgenden Punkte in der angegebenen Reihenfolge ab. Wenn Dir etwas unklar ist, bitte fragen, bevor Du weitermachst.


    Bitte diese anleitung abarbeiten, es entstehen 2 Logfiles
    http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_otl


    Dise Logfiles bitte in Spoiler-Tags hier posten, wie das geht steht hier:
    http://www.wintotal-forum.de/index.php/topic,156218.0.html
     
  4. OTL logfile created on: 19.01.2013 15:55:20 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marco Sauer\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    2,00 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,64% Memory free
    4,23 Gb Paging File | 1,90 Gb Available in Paging File | 44,84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288,04 Gb Total Space | 193,15 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
    Drive D: | 10,00 Gb Total Space | 6,36 Gb Free Space | 63,56% Space Free | Partition Type: NTFS

    Computer Name: MARCO | User Name: Marco Sauer | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    Spoiler-Tag richtig gesetzt
     
  5. PRC - C:\Users\Marco Sauer\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
    PRC - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtblfs.exe (Kaspersky Lab ZAO)
    PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
    PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
    PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
    PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
    PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
    PRC - C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
    PRC - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
    PRC - C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    PRC - C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
    PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
    PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    PRC - C:\Windows\System32\PSIService.exe ()
    PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtwebkit4.dll ()
    MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll ()
    MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll ()
    MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll ()
    MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll ()
    MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll ()
    MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll ()
    MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll ()
    MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\QtWebKit\qmlwebkitplugin.dll ()
    MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll ()
    MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
    MOD - C:\Programme\Common Files\logishrd\LVCOMSER\LVCSPS.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
    MOD - C:\Windows\System32\atitmmxx.dll ()


    ========== Services (SafeList) ==========

    Spoiler-Tag richtig gesetzt
     
  6. SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
    SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
    SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
    SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
    SRV - (MSSQL$BEAUTYACE) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
    SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
    SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
    SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
    SRV - (CSObjectsSrv) -- C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
    SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    SRV - (LVCOMSer) -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
    SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    SRV - (DSBrokerService) -- C:\Programme\DellSupport\brkrsvc.exe ()
    SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
    SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (pfc) -- system32\drivers\pfc.sys File not found
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (hwusbfake) -- system32\DRIVERS\ewusbfake.sys File not found
    DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
    DRV - (ewsercd) -- system32\DRIVERS\ewsercd.sys File not found
    DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
    DRV - (ah08ytzw) -- File not found
    DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
    DRV - (SMR311) -- C:\Windows\System32\drivers\SMR311.SYS (Symantec Corporation)
    DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
    DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
    DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
    DRV - (TelekomNM3) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
    DRV - (CSCrySec) -- C:\Windows\System32\drivers\CSCrySec.sys (Infowatch)
    DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch)
    DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
    DRV - (sptd) -- C:\Windows\System32\drivers\SPTD.sys ()
    DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
    DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
    DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
    DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
    DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
    DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
    DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
    DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
    DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
    DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
    DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
    DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
    DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
    DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
    DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
    DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
    DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)
    DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)
    DRV - (DSproct) -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
    DRV - (dsunidrv) -- C:\Programme\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)
    DRV - (siusbmod) -- C:\Windows\System32\drivers\siusbmod.sys (Siemens AG )


    ========== Standard Registry (SafeList) ==========

    Spoiler-Tag richtig gesetzt
     
  7. ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070307
    IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
    IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {547EEAAC-3665-4e6c-B326-C622D698543A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
    IE - HKCU\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: URL = http://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
    IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: URL = http://www.bing.com/search?q={searchTerms}&FORM=ASHTDF&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: URL = http://int.search-results.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=19&gct=sb&qsrc=2869
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyOverride = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: foxsearch
    FF - prefs.js..browser.search.order.1: foxsearch
    FF - prefs.js..browser.search.selectedEngine: foxsearch
    FF - prefs.js..extensions.enabledAddons: gutscheinmieze@synatix-gmbh.de:1.03
    FF - prefs.js..keyword.URL: http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=

    FF - user.js..browser.search.selectedEngine: foxsearch
    FF - user.js..browser.search.order.1: foxsearch
    FF - user.js..browser.search.defaultenginename: foxsearch
    FF - user.js..keyword.URL: http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Users\Marco Sauer\Downloads\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Marco Sauer\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2013.01.19 11:39:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2013.01.19 11:39:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2013.01.19 11:36:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.15 23:11:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011.05.13 17:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco Sauer\AppData\Roaming\mozilla\Extensions
    [2012.03.17 22:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco Sauer\AppData\Roaming\mozilla\Firefox\Profiles\qm0jraev.default\extensions
    [2012.09.03 16:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
    [2012.09.03 16:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    File not found (No name found) -- C:\USERS\MARCO SAUER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QM0JRAEV.DEFAULT\EXTENSIONS\GUTSCHEINMIEZE@SYNATIX-GMBH.DE
    [2009.09.06 18:02:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011.04.14 17:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
    [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
    [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
    [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - homepage: http://www.google.com

    O1 HOSTS File: ([2008.03.04 15:16:52 | 000,227,703 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.1001-search.info
    O1 - Hosts: 127.0.0.1 1001-search.info
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 7989 more lines...
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
    O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra->Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra->Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra->Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A2F8810-442D-4725-8DAF-DEA249347B80}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2954DD68-AA9D-4F25-8910-5D44C02E6F7F}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
    O24 - Desktop WallPaper: C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{db84cfa4-c290-11e0-94b6-001aa00a9b12}\Shell - = AutoRun
    O33 - MountPoints2\{db84cfa4-c290-11e0-94b6-001aa00a9b12}\Shell\AutoRun\command - = H:\.\Autorun.exe AUTORUN=1
    O33 - MountPoints2\{e72986dd-706a-11de-86a8-001aa00a9b12}\Shell - = AutoRun
    O33 - MountPoints2\{e72986dd-706a-11de-86a8-001aa00a9b12}\Shell\AutoRun\command - = F:\SETUP.EXE
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- %1 %*
    O35 - HKLM\..exefile [open] -- %1 %*
    O37 - HKLM\...com [@ = comfile] -- %1 %*
    O37 - HKLM\...exe [@ = exefile] -- %1 %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    Spoiler-Tag richtig gesetzt
     
  8. ========== Files/Folders - Created Within 30 Days ==========

    [2013.01.19 12:58:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marco Sauer\Desktop\OTL.exe
    [2013.01.19 12:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
    [2013.01.19 11:44:22 | 000,000,000 | R--D | C] -- C:\Backup
    [2013.01.19 11:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0
    [2013.01.19 11:39:22 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
    [2013.01.19 11:39:22 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
    [2013.01.19 11:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch
    [2013.01.19 11:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
    [2013.01.19 11:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2013.01.19 11:34:45 | 000,585,560 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
    [2013.01.18 22:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonRnR
    [2013.01.18 22:34:21 | 006,260,632 | ---- | C] (Symantec Corporation) -- C:\Users\Marco Sauer\Desktop\NRnR.exe
    [2012.10.29 20:14:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
    [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013.01.19 15:48:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013.01.19 15:48:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013.01.19 15:21:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013.01.19 12:58:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marco Sauer\Desktop\OTL.exe
    [2013.01.19 12:11:27 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2013.01.19 11:53:13 | 000,696,180 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2013.01.19 11:53:13 | 000,651,512 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013.01.19 11:53:13 | 000,154,642 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2013.01.19 11:53:13 | 000,125,718 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013.01.19 11:46:58 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013.01.19 11:46:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013.01.19 11:45:03 | 000,017,408 | ---- | M] () -- C:\Users\Marco Sauer\AppData\Local\WebpageIcons.db
    [2013.01.19 11:40:28 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
    [2013.01.19 11:40:28 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
    [2013.01.19 11:34:45 | 000,585,560 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
    [2013.01.19 11:10:00 | 000,000,931 | ---- | M] () -- C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
    [2013.01.18 22:34:23 | 006,260,632 | ---- | M] (Symantec Corporation) -- C:\Users\Marco Sauer\Desktop\NRnR.exe
    [2013.01.18 22:18:15 | 000,008,268 | ---- | M] () -- C:\Users\Marco Sauer\AppData\Local\d3d9caps.dat
    [2013.01.18 22:17:42 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
    [2013.01.18 20:33:28 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012.12.28 20:53:23 | 000,003,584 | ---- | M] () -- C:\Users\Marco Sauer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013.01.19 11:45:01 | 000,017,408 | ---- | C] () -- C:\Users\Marco Sauer\AppData\Local\WebpageIcons.db
    [2013.01.19 11:40:28 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
    [2013.01.19 11:40:28 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
    [2013.01.19 11:10:00 | 000,000,931 | ---- | C] () -- C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
    [2012.10.29 20:14:51 | 083,023,306 | ---- | C] () -- C:\ProgramData\netdislw.pad
    [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
    [2010.06.28 19:55:30 | 000,004,096 | -H-- | C] () -- C:\Users\Marco Sauer\AppData\Local\keyfile3.drm
    [2010.01.27 16:40:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009.05.18 05:04:05 | 000,008,268 | ---- | C] () -- C:\Users\Marco Sauer\AppData\Local\d3d9caps.dat
    [2009.04.06 23:26:40 | 177,579,487 | ---- | C] () -- C:\Users\Marco Sauer\upix3_tbyb_g.exe
    [2009.04.06 22:44:42 | 000,000,817 | ---- | C] () -- C:\Users\Marco Sauer\.recently-used.xbel
    [2008.11.15 15:15:55 | 000,000,168 | RHS- | C] () -- C:\ProgramData\F0930BEFD2.sys
    [2008.11.15 15:15:54 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2008.06.27 19:55:08 | 001,404,280 | ---- | C] () -- C:\Users\Marco Sauer\setup_dm_Fotowelt.exe
    [2008.03.14 13:45:27 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
    [2007.09.05 10:17:57 | 000,060,968 | ---- | C] () -- C:\Users\Marco Sauer\GoToAssistDownloadHelper.exe
    [2007.03.19 20:20:42 | 000,017,350 | ---- | C] () -- C:\Users\Marco Sauer\AppData\Roaming\wklnhst.dat
    [2007.03.16 14:01:15 | 000,003,584 | ---- | C] () -- C:\Users\Marco Sauer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
    ThreadingModel = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
    ThreadingModel = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
    ThreadingModel = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Updater5:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Symantec:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\samsung:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\restore:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\My PSP Files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\My Albums:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Meine Snapfire Shows:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Meine empfangenen Dateien:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Meine Corel-Shows:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Mein Geschenk_mcf-Dateien:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\McafeeRootkitDetective11[1]:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\IMG_2244.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Fotobuch__NINI_mcf-Dateien:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Envisioneer 4.5Express:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Envisioneer 4.5 Express:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Eigene Google Gadgets:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Eigene Datenquellen:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Downloads:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\CDBurnerXP Projects:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\330.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\329.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\328.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\327.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\326.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\325.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\324.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\323.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\322.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\321.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\320.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\319.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\318.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\317.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\316.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\315.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\314.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\313.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\312.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\311.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\310.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\308.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\307.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\306.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\305.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\304.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\303.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\302.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\301.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\300.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\299.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\298.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\297.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\296.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\295.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\294.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\293.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\292.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\291.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\290.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\289.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\288.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\287.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\286.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\284.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\283.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\282.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\281.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\280.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\279.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\278.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\277.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\276.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\275.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\274.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\273.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\272.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\271.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\270.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\269.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\268.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\267.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\266.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\265.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\264.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\263.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\262.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\261.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\260.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\259.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\258.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\257.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\256.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\255.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\WORD:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\Studium:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\MARCO SAUER DATEIEN:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\Lieder:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\Leserbrief_GA.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\Adobe CS4:Roxio EMC Stream

    < End of report >

    Spoiler-Tag richtig gesetzt
     
  9. so richtig???

    hoffe, du kannst damit was anfangen

    grüße

    nati
     
Status des Themas:
Es sind keine weiteren Antworten möglich.