Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win 7 64 Bit Trojan.0Access

Win 7 64 Bit Trojan.0Access


Log-Analyse und Auswertung: Win 7 64 Bit Trojan.0Access

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.08.2013, 14:56   #7
stec731
 
Win 7 64 Bit Trojan.0Access - Standard

Win 7 64 Bit Trojan.0Access


So habe die Liste abgearbeitet:

Vorhandene Programme wurden deinstalliert.

Log 1 von Adwcleaner:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 09/08/2013 um 15:36:51 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Oliver - OLIVER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Oliver\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gefunden : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gefunden : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\foxydeal.sqlite
Datei Gefunden : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\searchplugins\Babylon.xml
Datei Gefunden : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\searchplugins\Mysearchdial.xml
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\BrowserDefender
Ordner Gefunden : C:\Users\Oliver\AppData\Roaming\BabSolution
Ordner Gefunden : C:\Users\Oliver\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\ffxtlbr@delta.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\mysearchdial
Schlüssel Gefunden : HKCU\Software\mysearchdial.com
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\Software\SP Global

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=

-\\ Mozilla Firefox v23.0 (de)

Datei : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\prefs.js

Gefunden : user_pref("aol_toolbar.default.homepage.check", false);
Gefunden : user_pref("aol_toolbar.default.search.check", false);
Gefunden : user_pref("browser.search.order.1", "Mysearchdial");
Gefunden : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gefunden : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gefunden : user_pref("extensions.mysearchdial.aflt", "dnldmsd");
Gefunden : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Gefunden : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0Cy[...]
Gefunden : user_pref("extensions.mysearchdial.cntry", "DE");
Gefunden : user_pref("extensions.mysearchdial.cr", 1234704676);
Gefunden : user_pref("extensions.mysearchdial.dfltLng", "");
Gefunden : user_pref("extensions.mysearchdial.dfltSrch", true);
Gefunden : user_pref("extensions.mysearchdial.dnsErr", true);
Gefunden : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,6[...]
Gefunden : user_pref("extensions.mysearchdial.excTlbr", false);
Gefunden : user_pref("extensions.mysearchdial.hdrMd5", "A17EDC243CB74471816C946952E0EADF");
Gefunden : user_pref("extensions.mysearchdial.hmpg", true);
Gefunden : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyE[...]
Gefunden : user_pref("extensions.mysearchdial.id", "C8600022B2A81DBA");
Gefunden : user_pref("extensions.mysearchdial.instlDay", 15888);
Gefunden : user_pref("extensions.mysearchdial.instlRef", "");
Gefunden : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN[...]
Gefunden : user_pref("extensions.mysearchdial.lastVrsnTs", "15:34:11");
Gefunden : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2Xzu[...]
Gefunden : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Gefunden : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Gefunden : user_pref("extensions.mysearchdial.sg", "none");
Gefunden : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Gefunden : user_pref("extensions.mysearchdial.tlbrId", "base");
Gefunden : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2X[...]
Gefunden : user_pref("extensions.mysearchdial.vrsn", "");
Gefunden : user_pref("extensions.mysearchdial.vrsni", "");
Gefunden : user_pref("extensions.mysearchdial_i.hmpg", true);
Gefunden : user_pref("extensions.mysearchdial_i.newTab", false);
Gefunden : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Gefunden : user_pref("extensions.mysearchdial_i.vrsnTs", "15:34:11");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.2104] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=E8F7C8600022B2A8&affID=122471&tt=070813_wt4&tsp=4969",
Gefunden [l.2475] : urls_to_restore_on_startup ="session": {"restore_on_startup": 4,  [ "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=E8F7C8600022B2A8&affID=122471&tt=070813_wt4&tsp=4969" ]},

*************************

AdwCleaner[R1].txt - [6716 octets] - [09/08/2013 15:36:51]

########## EOF - C:\AdwCleaner[R1].txt - [6776 octets] ##########
--- --- ---


Log 2 von adwcleaner:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 09/08/2013 um 15:40:32 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Oliver - OLIVER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Oliver\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v23.0 (de)

Datei : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6843 octets] - [09/08/2013 15:36:51]
AdwCleaner[R2].txt - [934 octets] - [09/08/2013 15:40:32]
AdwCleaner[S1].txt - [7059 octets] - [09/08/2013 15:37:13]

########## EOF - C:\AdwCleaner[R2].txt - [1053 octets] ##########
--- --- ---


sowie Log von Combofix:

Code:
ATTFilter
ComboFix 13-08-07.01 - Oliver 09.08.2013  15:47:09.2.8 - x64
TRIBAL WINDOWS 7 ULTIMATE   6.1.7601.1.1252.49.1031.18.16329.14066 [GMT 2:00]
ausgeführt von:: c:\users\Oliver\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-09 bis 2013-08-09  ))))))))))))))))))))))))))))))
.
.
2013-08-09 13:51 . 2013-08-09 13:51	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-08-09 13:51 . 2013-08-09 13:51	--------	d-----w-	c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2013-08-09 13:51 . 2013-08-09 13:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-09 11:34 . 2013-08-09 11:34	27256	----a-w-	c:\windows\system32\drivers\FixZeroAccess.sys
2013-08-09 11:13 . 2013-08-09 11:13	--------	d-----w-	c:\programdata\Malwarebytes
2013-08-09 10:44 . 2013-08-09 10:50	--------	d-----w-	c:\program files\Unlocker
2013-08-09 08:13 . 2013-08-09 08:13	--------	d-----w-	c:\program files (x86)\Google
2013-08-09 08:04 . 2013-08-09 08:04	--------	d-----w-	c:\program files\Deskshare
2013-08-09 07:58 . 2013-08-09 10:22	--------	d-----w-	c:\programdata\firebird
2013-08-09 07:58 . 2013-08-09 10:23	--------	d-----w-	c:\users\Oliver\AppData\Local\DeskShare Data
2013-08-09 07:58 . 2013-08-09 07:58	--------	d-----w-	c:\users\Oliver\AppData\Local\Spoon
2013-08-06 08:18 . 2013-08-06 16:11	--------	d-----w-	c:\program files (x86)\SaveShare
2013-08-06 08:17 . 2013-08-06 08:18	--------	d-----w-	c:\programdata\InstallMate
2013-08-05 11:25 . 2011-11-24 07:17	166912	----a-w-	c:\windows\system32\powrprof.dll
2013-08-05 11:25 . 2011-11-24 06:22	145920	----a-w-	c:\windows\SysWow64\powrprof.dll
2013-08-05 10:07 . 2013-08-05 10:07	--------	d-----w-	c:\program files\CPUID
2013-08-04 14:25 . 2013-08-09 13:35	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2013-08-02 12:42 . 2013-08-09 10:52	--------	d-----w-	c:\users\NeroMediaHomeUser.4.Oliver-PC
2013-08-01 22:23 . 2013-08-01 22:24	--------	d-----w-	c:\program files (x86)\VirtualDJ
2013-07-31 14:45 . 2013-07-31 14:45	--------	d-----w-	C:\NvidiaLogging
2013-07-31 14:44 . 2013-05-14 19:28	39712	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2013-07-31 14:44 . 2013-05-14 19:27	29984	----a-w-	c:\windows\system32\nvaudcap64v.dll
2013-07-31 14:44 . 2013-05-14 19:27	28448	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2013-07-31 11:19 . 2013-07-15 23:30	19043	----a-w-	C:\Quarantine.reg
2013-07-31 11:14 . 2013-07-31 11:14	--------	d-----w-	c:\windows\SysWow64\BestPractices
2013-07-31 11:14 . 2013-07-31 11:14	--------	d-----w-	c:\windows\system32\BestPractices
2013-07-31 11:14 . 2013-07-31 11:14	--------	d-----w-	C:\inetpub
2013-07-31 11:01 . 2013-07-31 11:16	--------	d-----w-	c:\program files (x86)\TweakNow RegCleaner
2013-07-31 11:01 . 2013-07-31 11:01	--------	d-----w-	c:\users\Oliver\AppData\Roaming\TweakNow RegCleaner
2013-07-31 11:01 . 2013-07-31 11:01	--------	d-----w-	c:\users\Oliver\AppData\Roaming\TweakNow RegCleaner 2012
2013-07-31 11:00 . 2013-08-03 19:52	--------	d-----w-	c:\program files (x86)\RegCleaner
2013-07-29 08:58 . 2013-07-29 08:58	--------	d-----w-	c:\users\Oliver\AppData\Local\Apple Computer
2013-07-28 19:47 . 2013-07-31 11:16	--------	d-----w-	c:\users\Oliver\AppData\Local\Facebook
2013-07-25 16:33 . 2013-07-25 16:33	--------	d-----w-	c:\users\Oliver\Settings
2013-07-25 16:33 . 2013-07-25 16:33	--------	d-----w-	c:\users\Oliver\History
2013-07-25 16:33 . 2013-07-25 16:33	--------	d-----w-	c:\users\Oliver\Logs
2013-07-25 16:08 . 2013-07-25 16:08	--------	dc----w-	c:\programdata\{2A474181-642E-4924-82EE-418B25FB81F5}
2013-07-25 16:06 . 2013-07-25 16:06	--------	dc----w-	c:\programdata\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}
2013-07-25 16:06 . 2013-07-25 16:06	--------	dc----w-	c:\programdata\{F2610326-6A40-4BBC-9FBC-7F05356A912A}
2013-07-24 19:54 . 2013-08-09 10:50	--------	d-----w-	c:\program files (x86)\ASIO4ALL v2
2013-07-23 23:53 . 2013-08-09 10:50	--------	d-----w-	c:\users\Oliver\AppData\Roaming\GHISLER
2013-07-23 23:53 . 2013-07-31 11:16	--------	d-----w-	C:\totalcmd
2013-07-20 10:03 . 2013-07-20 10:03	--------	d-----w-	c:\users\Oliver\AppData\Local\SkinSoft
2013-07-20 10:03 . 2013-07-20 10:03	--------	d-----w-	c:\programdata\Ticketscript
2013-07-20 09:21 . 2013-07-20 09:21	--------	dc----w-	c:\programdata\{4682E4CB-7209-4099-8AA1-580ABCCCE731}
2013-07-19 18:30 . 2000-05-21 22:00	115920	----a-w-	c:\windows\SysWow64\MSInet.ocx
2013-07-19 18:30 . 2001-03-13 11:51	1066176	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2013-07-19 18:30 . 2001-03-13 11:49	140288	----a-w-	c:\windows\SysWow64\COMDLG32.OCX
2013-07-19 18:30 . 2001-03-13 11:48	118784	----a-w-	c:\windows\SysWow64\msstdfmt.dll
2013-07-19 18:30 . 2001-03-13 11:47	164112	----a-w-	c:\windows\SysWow64\temp.002
2013-07-19 18:30 . 2001-03-13 11:47	598288	----a-w-	c:\windows\SysWow64\temp.001
2013-07-19 18:30 . 2000-08-20 18:00	1388544	----a-w-	c:\windows\SysWow64\temp.000
2013-07-19 18:30 . 1999-05-27 22:30	208896	----a-w-	c:\windows\SysWow64\SoftGuard6.ocx
2013-07-19 16:33 . 2013-08-09 10:50	--------	d-----w-	c:\program files (x86)\MP3Diags
2013-07-19 16:25 . 2013-07-31 11:16	--------	d-----w-	c:\program files (x86)\Mp3DoctorPRO
2013-07-18 22:12 . 2013-07-18 22:12	--------	d-----w-	c:\program files\LatencyMon
2013-07-18 22:12 . 2013-02-07 17:37	23968	----a-w-	c:\windows\system32\drivers\rspLLL64.sys
2013-07-18 11:07 . 2013-03-04 18:14	43680	----a-r-	c:\windows\system32\drivers\SymIMV.sys
2013-07-17 18:24 . 2013-07-17 18:28	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-07-17 18:24 . 2013-07-17 18:28	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-07-17 18:22 . 2013-07-17 18:23	--------	d-----w-	c:\windows\system32\MRT
2013-07-17 13:08 . 2013-07-17 18:28	--------	d-----w-	c:\windows\system32\drivers\NISx64\1404000.028
2013-07-15 23:14 . 2013-08-09 10:50	--------	d-----w-	c:\program files (x86)\MSI Afterburner
2013-07-15 23:11 . 2013-07-31 11:16	--------	d-----w-	c:\program files (x86)\MSI Kombustor 2.5
2013-07-15 20:39 . 2013-07-26 23:39	2474256	----a-w-	c:\windows\PE_Rom.dll
2013-07-15 20:37 . 2013-07-15 20:37	--------	d-----w-	c:\programdata\ASUS OC Profiles
2013-07-15 20:35 . 2013-07-15 20:35	--------	d-----w-	c:\program files\ASUS
2013-07-15 20:35 . 2011-09-20 10:25	46152	----a-w-	c:\windows\SysWow64\drivers\ASUSFILTER.sys
2013-07-15 20:33 . 2010-08-03 11:21	14464	----a-w-	c:\windows\SysWow64\drivers\AsUpIO.sys
2013-07-15 20:33 . 2010-11-08 12:57	14464	----a-w-	c:\windows\system32\drivers\AiChargerPlus.sys
2013-07-15 20:33 . 2008-12-02 18:05	184320	----a-w-	c:\windows\SysWow64\drivers\UpdateHelper.dll
2013-07-15 20:33 . 2002-07-25 14:07	614532	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-07-15 20:33 . 2001-09-05 19:18	225280	------w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-07-15 20:33 . 2001-09-05 02:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-07-15 20:33 . 2001-09-05 02:14	176128	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-07-15 20:33 . 2001-09-05 02:13	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-07-15 20:32 . 2013-07-15 20:32	--------	d-----w-	c:\programdata\ASUS
2013-07-15 20:32 . 2013-07-15 20:33	--------	d-----w-	c:\program files (x86)\ASUS
2013-07-15 20:32 . 2010-08-24 13:16	13440	----a-w-	c:\windows\SysWow64\drivers\AsIO.sys
2013-07-15 20:32 . 2010-06-29 13:41	28672	----a-w-	c:\windows\SysWow64\AsIO.dll
2013-07-15 20:32 . 2008-01-04 11:34	11832	------w-	c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-07-15 20:32 . 2008-01-04 11:34	10216	------w-	c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-07-10 18:11 . 2013-06-11 23:25	19238912	----a-w-	c:\windows\system32\mshtml.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-27 07:16 . 2013-06-30 20:11	80896	----a-r-	c:\users\Oliver\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe
2013-07-17 13:08 . 2013-06-30 19:41	177312	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-15 20:38 . 2013-06-30 20:05	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 20:38 . 2013-06-30 20:05	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-06 09:58 . 2013-07-06 09:53	2836	----a-w-	c:\windows\system32\ASOROSet.bin
2013-07-06 09:33 . 2013-07-06 09:33	119808	----a-r-	c:\users\Oliver\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-07-03 18:20 . 2013-07-03 18:20	29696	----a-w-	c:\windows\system32\drivers\dtscsibus.sys
2013-06-30 20:11 . 2013-06-30 20:11	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-30 20:11 . 2013-06-30 20:12	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-30 20:11 . 2013-06-30 20:12	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-30 20:10 . 2012-07-17 12:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-23 22:57 . 2013-06-30 18:49	78277128	----a-w-	c:\windows\system32\MRT.exe
2013-06-21 12:06 . 2013-07-01 18:54	9239344	----a-w-	c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 18:54	7687592	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 18:54	7641832	----a-w-	c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 18:54	6324360	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 18:54	572704	----a-w-	c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-01 18:54	570656	----a-w-	c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-01 18:54	467232	----a-w-	c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-01 18:54	465184	----a-w-	c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-01 18:54	2953504	----a-w-	c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 18:54	27781920	----a-w-	c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-01 18:54	2777888	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 18:54	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 18:54	2363680	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 18:54	21102368	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-01 18:54	2002720	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 18:54	1832224	----a-w-	c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-01 18:54	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 18:54	15144928	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-07-01 18:54	1511712	----a-w-	c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-07-01 18:54	13411896	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-07-01 18:54	11235104	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-06-30 18:41	61216	----a-w-	c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2013-06-30 18:41	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2013-06-30 18:41	2936208	----a-w-	c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-06-30 18:41	2597856	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-06-30 18:41	12427240	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2009-07-13 21:59	15920536	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2013-06-30 18:41	6496544	----a-w-	c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-06-30 18:41	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-06-30 18:41	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-06-30 18:41	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-06-30 18:41	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2013-06-30 18:41	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-06-21 03:16 . 2013-06-21 03:16	566048	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-06-17 00:10 . 2013-06-30 18:36	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2846490-6779-455B-8F15-0B130A7B26E9}\mpengine.dll
2013-06-05 01:36 . 2013-06-30 18:39	3441992	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2013-06-04 23:08 . 2013-06-30 18:39	26987520	----a-w-	c:\windows\system32\RCoRes64.dat
2013-06-03 19:34 . 2013-06-30 18:39	142920	----a-w-	c:\windows\system32\RCoInstII64.dll
2013-05-30 17:59 . 2013-06-30 18:39	4810008	----a-w-	c:\windows\system32\RTKSMlfx.dll
2013-05-30 17:57 . 2013-06-30 18:39	758104	----a-w-	c:\windows\system32\RTKSMSettingsIPC.dll
2013-05-30 14:57 . 2013-06-30 18:39	946736	----a-w-	c:\windows\system32\SFSS_APO.dll
2013-05-22 15:24 . 2013-06-30 18:39	3744328	----a-w-	c:\windows\system32\RtkAPO64.dll
2013-05-20 20:16 . 2013-06-30 18:39	1003592	----a-w-	c:\windows\system32\RtkApi64.dll
2013-05-20 18:36 . 2013-06-30 18:39	2794056	----a-w-	c:\windows\system32\RtPgEx64.dll
2013-05-19 08:19 . 2013-05-19 08:19	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-05-19 08:19 . 2013-05-19 08:19	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-19 08:19 . 2013-05-19 08:19	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-19 08:19 . 2013-05-19 08:19	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-19 08:18 . 2013-05-19 08:18	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-05-19 08:18 . 2013-05-19 08:18	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-05-19 08:18 . 2013-05-19 08:18	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-05-19 08:18 . 2013-05-19 08:18	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-05-19 08:18 . 2013-05-19 08:18	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-05-19 08:18 . 2013-05-19 08:18	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-05-19 08:18 . 2013-05-19 08:18	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-19 08:18 . 2013-05-19 08:18	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-19 08:18 . 2013-05-19 08:18	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-05-19 08:18 . 2013-05-19 08:18	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-05-19 08:18 . 2013-05-19 08:18	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-05-19 08:18 . 2013-05-19 08:18	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-05-19 08:18 . 2013-05-19 08:18	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-05-19 08:18 . 2013-05-19 08:18	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-05-19 08:17 . 2013-05-19 08:17	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-05-19 08:17 . 2013-05-19 08:17	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-19 08:17 . 2013-05-19 08:17	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-05-19 08:17 . 2013-05-19 08:17	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-05-19 08:17 . 2013-05-19 08:17	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-05-19 08:17 . 2013-05-19 08:17	112640	----a-w-	c:\windows\system32\smss.exe
2013-05-19 08:17 . 2013-05-19 08:17	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-05-19 08:17 . 2013-05-19 08:17	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-19 08:17 . 2013-05-19 08:17	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-19 08:17 . 2013-05-19 08:17	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-19 08:17 . 2013-05-19 08:17	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-19 08:17 . 2013-05-19 08:17	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-19 08:17 . 2013-05-19 08:17	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-13 13:36 . 2013-05-13 13:36	50864	----a-w-	c:\windows\system32\drivers\point64.sys
2013-05-13 05:51 . 2013-06-30 18:36	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-30 18:36	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-30 18:36	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-30 18:36	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-30 18:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-30 18:36	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-30 18:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-30 18:36	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-30 18:36	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-30 18:36	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-12 21:42 . 2013-06-30 18:41	1832224	----a-w-	c:\windows\system32\nvdispco6432018.dll
2013-05-12 21:42 . 2013-06-30 18:41	1511712	----a-w-	c:\windows\system32\nvdispgenco6432018.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-03 05:35	1725128	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-03 05:35	1725128	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-03 05:35	1725128	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-06-30 138096]
"DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2013-06-25 3128352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-10-26 5178664]
.
c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Oliver\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130808.001_e93\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130808.001_e93\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [x]
S2 gearsec;gearsec;c:\windows\SysWOW64\gearsec.exe;c:\windows\SysWOW64\gearsec.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 a4djavs;Audio 4 DJ WDM Audio;c:\windows\system32\Drivers\a4djavs.sys;c:\windows\SYSNATIVE\Drivers\a4djavs.sys [x]
S3 a4djusb_svc;Audio 4 DJ;c:\windows\system32\Drivers\a4djusb.sys;c:\windows\SYSNATIVE\Drivers\a4djusb.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-30 20:38]
.
2013-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-662309260-220568418-758730657-1000Core.job
- c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28 19:41]
.
2013-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-662309260-220568418-758730657-1000UA.job
- c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28 19:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-03 05:33	2328264	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-03 05:33	2328264	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-03 05:33	2328264	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-05-27 7188552]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-05-20 1308232]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-30 21:12; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-06-30 21:32; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
FF - ExtSQL: 2013-06-30 21:32; ich@maltegoetz.de; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\ich@maltegoetz.de
FF - ExtSQL: 2013-06-30 21:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-30 21:48; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn
FF - ExtSQL: 2013-06-30 21:49; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn
FF - ExtSQL: 2013-08-09 10:03; {94cd2cc3-083f-49ba-a218-4cda4b4829fd}; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
FF - ExtSQL: 2013-08-09 12:50; ffxtlbr@delta.com; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\ffxtlbr@delta.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Birth of the Federation version 1.0.2 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-09  15:53:16
ComboFix-quarantined-files.txt  2013-08-09 13:53
ComboFix2.txt  2013-08-09 13:13
.
Vor Suchlauf: 17 Verzeichnis(se), 115.733.602.304 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 115.663.663.104 Bytes frei
.
- - End Of File - - 367DA6C2466257D10351FD8ED217CFAC
A36C5E4F47E84449FF07ED3517B43A31

 

Themen zu Win 7 64 Bit Trojan.0Access
administrator, adobe, bho, desktop, dsl, explorer, firefox, flash player, format, ftp, google, helper, helper.exe, installation, logfile, mozilla, mp3, nvidia, office 2013, plug-in, realtek, regcleaner, registry, safer networking, schannel.dll, security, senden, software, speedial, symantec, system


« Windows XP (2002 SP3): QVO6 und ständige Popups (Warnungen) | Virenscan bei neuem, gebrauchtem netbook bedrohungen gefunden »


Ähnliche Themen: Win 7 64 Bit Trojan.0Access


  1. Probleme mit Trojan.0Access auf Windows 7
    Plagegeister aller Art und deren Bekämpfung - 25.06.2015 (6)
  2. Trojan.Siredef.C / Trojan.0Access / Rootkit.0Access
    Plagegeister aller Art und deren Bekämpfung - 12.05.2014 (9)
  3. 00000004.@ (Trojan.0Access) usw.
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (14)
  4. Vista: Trojan.Ransom.Gen; Trojan.0Access; Trojan.Agent; Firewall inaktiv
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (3)
  5. TR/ATRAPS.Gen und TR/Kazy durch Antivir gemeldet; ferner Trojan.Agent.MRGGen, Trojan.0Access, Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (10)
  6. Trojan.Banker, Trojan.0Access, Rootkit.0access in Malwarebytes- Log
    Log-Analyse und Auswertung - 24.10.2012 (5)
  7. Hilfe Virus! Internet tot!Trojan.Ransom.FGen Trojan.0Access
    Log-Analyse und Auswertung - 07.10.2012 (13)
  8. Trojan.Phex.THAGen6, RootKit.0Access, Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (29)
  9. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  10. Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen
    Log-Analyse und Auswertung - 19.09.2012 (9)
  11. RootKit.0Access/Trojan.Zaccess
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (2)
  12. Rootkit.0Access, Trojan.Sirefef, Trojan.Small Befall
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  13. Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen
    Log-Analyse und Auswertung - 05.07.2012 (23)
  14. trojan.small, trojan.sirefef, rootkit.0access
    Log-Analyse und Auswertung - 29.06.2012 (1)
  15. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  16. Probleme mit Trojan.Small, Trojan.Sirefef.AG.35, Rootkid.0Access,TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 28.06.2012 (23)
  17. Rootkit.0Access und Trojan.Agent
    Log-Analyse und Auswertung - 01.06.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win 7 64 Bit Trojan.0Access - So habe die Liste abgearbeitet: Vorhandene Programme wurden deinstalliert. Log 1 von Adwcleaner:AdwCleaner Logfile: Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v2.306 - Datei am 09/08/2013 um 15:36:51 erstellt # - Win 7 64 Bit Trojan.0Access...
Archiv
Du betrachtest: Win 7 64 Bit Trojan.0Access auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131