WLSIDTEN.DLL

nati_u · 19.01.2013

Hallo zusammen,

beim Starten des Rechners erscheinet folgende Meldung Fehler beim Laden von...und dann wlsidten.dll - hab schon im internet gesurft - und weiß dass es ein virus ist - wie bekomme ich diesen entfernt?

bitte in laiensprachen erklären. danke

nati

nati_u · 19.01.2013

häää, jetzt versteh ich garnix mehr....

jetzt wurde ich auf link verwiesen - bei dem ich auf meinen eigenen eintrag lande.....hab doch in die entsprechende kategorie gewechselt...

ich hab auch gesehen - dass es hier schon mal einen eintrag von gab - aber damit kann ich nix anfangen....

bin echt ein laie auf dem rechner

nokiafan · 19.01.2013

Ist doch alles richtig. Du wurdest auf dein Thema im richtigen Forum verwiesen.

Das es das gleiche Thema schon gibt, schreibst du dort nach vorherigem Lesen deine noch offenen Fragen hin. Der Link ist dann http://www.wintotal-forum.de/index.php/topic,168343.0.html

schrauber · 20.01.2013

Hi,

Bleib besser hier in Deinem eigenen Thread, jeder Rechner und jedes Logfile ist anders.

Ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden. Es ist wichtig, dass Du solange mitarbeitest, bis wir sagen, dass der Rechner sauber ist, auch wenn die Symptome eventuell nach den ersten Aktionen verschwunden sein sollten. Dazu gehört auch, keine weiteren Programme zu installieren oder Scans durchzuführen, ausser wenn es hier entsprechend angeordnet wird. Wenn Du dazu bereit bist, arbeite die folgenden Punkte in der angegebenen Reihenfolge ab. Wenn Dir etwas unklar ist, bitte fragen, bevor Du weitermachst.

Bitte diese anleitung abarbeiten, es entstehen 2 Logfiles
http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_otl

Dise Logfiles bitte in Spoiler-Tags hier posten, wie das geht steht hier:
http://www.wintotal-forum.de/index.php/topic,156218.0.html

nati_u · 20.01.2013

OTL logfile created on: 19.01.2013 15:55:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marco Sauer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,64% Memory free
4,23 Gb Paging File | 1,90 Gb Available in Paging File | 44,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 193,15 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,36 Gb Free Space | 63,56% Space Free | Partition Type: NTFS

Computer Name: MARCO | User Name: Marco Sauer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

Spoiler-Tag richtig gesetzt

nati_u · 20.01.2013

PRC - C:\Users\Marco Sauer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
PRC - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
PRC - C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtwebkit4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\QtWebKit\qmlwebkitplugin.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\Programme\Common Files\logishrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()

========== Services (SafeList) ==========

Spoiler-Tag richtig gesetzt

nati_u · 20.01.2013

SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$BEAUTYACE) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (CSObjectsSrv) -- C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (DSBrokerService) -- C:\Programme\DellSupport\brkrsvc.exe ()
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (pfc) -- system32\drivers\pfc.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwusbfake) -- system32\DRIVERS\ewusbfake.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (ewsercd) -- system32\DRIVERS\ewsercd.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (ah08ytzw) -- File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (SMR311) -- C:\Windows\System32\drivers\SMR311.SYS (Symantec Corporation)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (TelekomNM3) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (CSCrySec) -- C:\Windows\System32\drivers\CSCrySec.sys (Infowatch)
DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (sptd) -- C:\Windows\System32\drivers\SPTD.sys ()
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (DSproct) -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv) -- C:\Programme\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (siusbmod) -- C:\Windows\System32\drivers\siusbmod.sys (Siemens AG )

========== Standard Registry (SafeList) ==========

Spoiler-Tag richtig gesetzt

nati_u · 20.01.2013

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070307
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {547EEAAC-3665-4e6c-B326-C622D698543A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: URL = http://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: URL = http://www.bing.com/search?q={searchTerms}&FORM=ASHTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: URL = http://int.search-results.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=19&gct=sb&qsrc=2869
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyOverride = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: foxsearch
FF - prefs.js..browser.search.order.1: foxsearch
FF - prefs.js..browser.search.selectedEngine: foxsearch
FF - prefs.js..extensions.enabledAddons: [email protected]:1.03
FF - prefs.js..keyword.URL: http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=

FF - user.js..browser.search.selectedEngine: foxsearch
FF - user.js..browser.search.order.1: foxsearch
FF - user.js..browser.search.defaultenginename: foxsearch
FF - user.js..keyword.URL: http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Users\Marco Sauer\Downloads\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Marco Sauer\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2013.01.19 11:39:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2013.01.19 11:39:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2013.01.19 11:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.15 23:11:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.05.13 17:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco Sauer\AppData\Roaming\mozilla\Extensions
[2012.03.17 22:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco Sauer\AppData\Roaming\mozilla\Firefox\Profiles\qm0jraev.default\extensions
[2012.09.03 16:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.03 16:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\MARCO SAUER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QM0JRAEV.DEFAULT\EXTENSIONS\[email protected]
[2009.09.06 18:02:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.04.14 17:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2008.03.04 15:16:52 | 000,227,703 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 7989 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra->Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra->Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra->Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A2F8810-442D-4725-8DAF-DEA249347B80}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2954DD68-AA9D-4F25-8910-5D44C02E6F7F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{db84cfa4-c290-11e0-94b6-001aa00a9b12}\Shell - = AutoRun
O33 - MountPoints2\{db84cfa4-c290-11e0-94b6-001aa00a9b12}\Shell\AutoRun\command - = H:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{e72986dd-706a-11de-86a8-001aa00a9b12}\Shell - = AutoRun
O33 - MountPoints2\{e72986dd-706a-11de-86a8-001aa00a9b12}\Shell\AutoRun\command - = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- %1 %*
O35 - HKLM\..exefile [open] -- %1 %*
O37 - HKLM\...com [@ = comfile] -- %1 %*
O37 - HKLM\...exe [@ = exefile] -- %1 %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

Spoiler-Tag richtig gesetzt

nati_u · 20.01.2013

========== Files/Folders - Created Within 30 Days ==========

[2013.01.19 12:58:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marco Sauer\Desktop\OTL.exe
[2013.01.19 12:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2013.01.19 11:44:22 | 000,000,000 | R--D | C] -- C:\Backup
[2013.01.19 11:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0
[2013.01.19 11:39:22 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2013.01.19 11:39:22 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2013.01.19 11:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch
[2013.01.19 11:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.01.19 11:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.01.19 11:34:45 | 000,585,560 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2013.01.18 22:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonRnR
[2013.01.18 22:34:21 | 006,260,632 | ---- | C] (Symantec Corporation) -- C:\Users\Marco Sauer\Desktop\NRnR.exe
[2012.10.29 20:14:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.19 15:48:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.19 15:48:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.19 15:21:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.19 12:58:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marco Sauer\Desktop\OTL.exe
[2013.01.19 12:11:27 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2013.01.19 11:53:13 | 000,696,180 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.19 11:53:13 | 000,651,512 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.19 11:53:13 | 000,154,642 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.19 11:53:13 | 000,125,718 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.19 11:46:58 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.19 11:46:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.19 11:45:03 | 000,017,408 | ---- | M] () -- C:\Users\Marco Sauer\AppData\Local\WebpageIcons.db
[2013.01.19 11:40:28 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2013.01.19 11:40:28 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2013.01.19 11:34:45 | 000,585,560 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2013.01.19 11:10:00 | 000,000,931 | ---- | M] () -- C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2013.01.18 22:34:23 | 006,260,632 | ---- | M] (Symantec Corporation) -- C:\Users\Marco Sauer\Desktop\NRnR.exe
[2013.01.18 22:18:15 | 000,008,268 | ---- | M] () -- C:\Users\Marco Sauer\AppData\Local\d3d9caps.dat
[2013.01.18 22:17:42 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2013.01.18 20:33:28 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.28 20:53:23 | 000,003,584 | ---- | M] () -- C:\Users\Marco Sauer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.19 11:45:01 | 000,017,408 | ---- | C] () -- C:\Users\Marco Sauer\AppData\Local\WebpageIcons.db
[2013.01.19 11:40:28 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2013.01.19 11:40:28 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2013.01.19 11:10:00 | 000,000,931 | ---- | C] () -- C:\Users\Marco Sauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2012.10.29 20:14:51 | 083,023,306 | ---- | C] () -- C:\ProgramData\netdislw.pad
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010.06.28 19:55:30 | 000,004,096 | -H-- | C] () -- C:\Users\Marco Sauer\AppData\Local\keyfile3.drm
[2010.01.27 16:40:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.05.18 05:04:05 | 000,008,268 | ---- | C] () -- C:\Users\Marco Sauer\AppData\Local\d3d9caps.dat
[2009.04.06 23:26:40 | 177,579,487 | ---- | C] () -- C:\Users\Marco Sauer\upix3_tbyb_g.exe
[2009.04.06 22:44:42 | 000,000,817 | ---- | C] () -- C:\Users\Marco Sauer\.recently-used.xbel
[2008.11.15 15:15:55 | 000,000,168 | RHS- | C] () -- C:\ProgramData\F0930BEFD2.sys
[2008.11.15 15:15:54 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.06.27 19:55:08 | 001,404,280 | ---- | C] () -- C:\Users\Marco Sauer\setup_dm_Fotowelt.exe
[2008.03.14 13:45:27 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.09.05 10:17:57 | 000,060,968 | ---- | C] () -- C:\Users\Marco Sauer\GoToAssistDownloadHelper.exe
[2007.03.19 20:20:42 | 000,017,350 | ---- | C] () -- C:\Users\Marco Sauer\AppData\Roaming\wklnhst.dat
[2007.03.16 14:01:15 | 000,003,584 | ---- | C] () -- C:\Users\Marco Sauer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
= %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
ThreadingModel = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
= %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
ThreadingModel = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
= %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
ThreadingModel = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP

FC5A2B2
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\samsung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\restore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\My PSP Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Meine Snapfire Shows:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Meine Corel-Shows:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Mein Geschenk_mcf-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\McafeeRootkitDetective11[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\IMG_2244.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Fotobuch__NINI_mcf-Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Envisioneer 4.5Express:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Envisioneer 4.5 Express:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Eigene Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Eigene Datenquellen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\CDBurnerXP Projects:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\330.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\329.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\328.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\327.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\326.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\325.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\324.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\323.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\322.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\321.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\320.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\319.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\318.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\317.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\316.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\315.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\314.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\313.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\312.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\311.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\310.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\308.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\307.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\306.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\305.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\304.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\303.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\302.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\301.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\300.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\299.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\298.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\297.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\296.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\295.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\294.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\293.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\292.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\291.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\290.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\289.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\288.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\287.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\286.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\284.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\283.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\282.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\281.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\280.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\279.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\278.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\277.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\276.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\275.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\274.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\273.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\272.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\271.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\270.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\269.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\268.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\267.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\266.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\265.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\264.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\263.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\262.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\261.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\260.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\259.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\258.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\257.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\256.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Documents\255.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\WORD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\Studium:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\MARCO SAUER DATEIEN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\Lieder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\Leserbrief_GA.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marco Sauer\Desktop\Adobe CS4:Roxio EMC Stream

< End of report >

Spoiler-Tag richtig gesetzt

nati_u · 20.01.2013

so richtig???

hoffe, du kannst damit was anfangen

grüße

nati

schrauber · 21.01.2013

Der Text gehört zwischen die beiden Tags, damit man ihn aufklappen kann

Eine Sache:

DRV - (sptd) -- C:\Windows\System32\drivers\SPTD.sys

Klick mal bitte auf den Link WICHTIG. Wegen dieser Software muss ich den Thread leider schliessen. Wenn DU sie deinstalliert hast kannst Du einen neuen Thread aufmachen.

WLSIDTEN.DLL

nati_u

nati_u

nokiafan

schrauber

nati_u

nati_u

nati_u

nati_u

nati_u

nati_u

schrauber

WLSIDTEN.DLL

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums