Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7 64 Bit Trojan.0Access

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.08.2013, 13:43   #1
stec731
 
Win 7 64 Bit Trojan.0Access - Standard

Win 7 64 Bit Trojan.0Access



Hallo ich benötige eure Hilfe.

Seit heute Morgen meldet mir Norton Dateiname: 80000000.@
Bedrohungsname: Trojan.Zeroaccess.C
Vollständiger Pfad: c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ \...\*ﯹ๛\{95ad3916-2136-e954-66ef-32d4d068a325}\u\80000000.@

Ich habe bereits mbar durchlaufen lassen anbei das Logfile:

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.09.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Oliver :: OLIVER-PC [administrator]

09.08.2013 13:14:09
mbar-log-2013-08-09 (13-14-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 321452
Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ \... (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ \...\*ﯹ๛ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ \...\*ﯹ๛\{95ad3916-2136-e954-66ef-32d4d068a325} (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ \...\*ﯹ๛\{95ad3916-2136-e954-66ef-32d4d068a325}\l (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ \...\*ﯹ๛\{95ad3916-2136-e954-66ef-32d4d068a325}\u (Trojan.0Access) -> Delete on reboot.
c:\Program Files (x86)\Google\Desktop\Install\{95ad3916-2136-e954-66ef-32d4d068a325} (Trojan.0Access) -> Delete on reboot.

Files Detected: 3
c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ \...\*ﯹ๛\{95ad3916-2136-e954-66ef-32d4d068a325}\@ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ \...\*ﯹ๛\{95ad3916-2136-e954-66ef-32d4d068a325}\u\00000001.@ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ \...\*ﯹ๛\{95ad3916-2136-e954-66ef-32d4d068a325}\u\800000cb.@ (Trojan.0Access) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Danach habe ich erneut mbar laufen lassen mit diesem Ergebnis :

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.09.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Oliver :: OLIVER-PC [administrator]

09.08.2013 14:13:24
mbar-log-2013-08-09 (14-13-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 321565
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ \... (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{95ad3916-2136-e954-66ef-32d4d068a325} (Trojan.0Access) -> No action taken.

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

anbei auch der OTL Log:

OTL logfile created on: 09.08.2013 14:12:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oliver\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,95 Gb Total Physical Memory | 13,38 Gb Available Physical Memory | 83,89% Memory free
31,89 Gb Paging File | 29,22 Gb Available in Paging File | 91,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 108,35 Gb Free Space | 46,55% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 79,70 Gb Free Space | 53,47% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 369,57 Gb Free Space | 39,67% Space Free | Partition Type: NTFS

Computer Name: xxxxxx | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Oliver\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe (Disc Soft Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Oliver\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\gearsec.exe (GEAR Software)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu ()
MOD - C:\Users\Oliver\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll ()
MOD - C:\Users\Oliver\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll ()
MOD - C:\Users\Oliver\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (Samsung UPD Service2) -- C:\Windows\SysNative\SUPDSvc2.exe (Samsung Electronics)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NvStreamSvc) -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (Disc Soft Bus Service) -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe (Disc Soft Ltd)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
SRV - (DTSAudioService) -- C:\Programme\Realtek\Audio\HDA\DTSAudioService64.exe (DTS)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (NeroMediaHomeService.4) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gearsec) -- C:\Windows\SysWOW64\gearsec.exe (GEAR Software)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mbamswissarmy) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (dtscsibus) -- C:\Windows\SysNative\drivers\dtscsibus.sys (Disc Soft Ltd)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (rspLLL) -- C:\Windows\SysNative\drivers\rspLLL64.sys (Resplendence Software Projects Sp.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (a4djavs) -- C:\Windows\SysNative\drivers\a4djavs.sys (Native Instruments GmbH)
DRV:64bit: - (a4djusb_svc) -- C:\Windows\SysNative\drivers\a4djusb.sys (Native Instruments GmbH)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AiChargerPlus) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys (ASUSTek Computer Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130808.023_e6c\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130808.023_e6c\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130808.001_e93\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1 Q1H1B1Q&cr=1234704676&ir=
IE:64bit: - HKLM\..\SearchScopes\{1952F5D3-2800-0056-6BF6-330896E1680E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1 Q1H1B1Q&cr=1234704676&ir=
IE - HKLM\..\SearchScopes\{06984E14-83C8-4EC0-5621-3B4ADD928E9B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-662309260-220568418-758730657-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-662309260-220568418-758730657-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-662309260-220568418-758730657-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
IE - HKU\S-1-5-21-662309260-220568418-758730657-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\S-1-5-21-662309260-220568418-758730657-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-662309260-220568418-758730657-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 D9 32 0A C8 75 CE 01 [binary data]
IE - HKU\S-1-5-21-662309260-220568418-758730657-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-662309260-220568418-758730657-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-662309260-220568418-758730657-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1 Q1H1B1Q&cr=1234704676&ir=
IE - HKU\S-1-5-21-662309260-220568418-758730657-1000\..\SearchScopes\{1952F5D3-2800-0056-6BF6-330896E1680E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-662309260-220568418-758730657-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-662309260-220568418-758730657-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-662309260-220568418-758730657-1010\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-662309260-220568418-758730657-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "google"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.2
FF - prefs.js..extensions.enabledAddons: %7B94cd2cc3-083f-49ba-a218-4cda4b4829fd%7D:1.2.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Oliver\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.07.04 12:26:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\ [2013.08.09 12:50:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ [2013.08.09 13:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.08.07 14:52:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.08.07 14:52:14 | 000,000,000 | ---D | M]

[2013.06.30 21:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions
[2013.07.25 01:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\7ggkqyzz.default\extensions
[2013.08.09 12:50:56 | 000,000,000 | ---D | M] (Value Apps) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
[2013.08.09 12:50:56 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\ffxtlbr@delta.com
[2013.07.25 01:19:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\ich@maltegoetz.de
[2013.06.30 21:32:17 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\7ggkqyzz.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2013.07.31 13:00:56 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\7ggkqyzz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.08.09 12:44:24 | 000,006,547 | ---- | M] () -- C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\7ggkqyzz.default\searchplugins\babylon.xml
[2013.07.02 15:34:26 | 000,002,391 | ---- | M] () -- C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\7ggkqyzz.default\searchplugins\Mysearchdial.xml
[2013.08.07 14:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.08.07 14:52:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.08.07 14:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.08.07 14:52:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.13 20:45:42 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013.05.10 09:57:44 | 000,187,456 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2013.07.08 10:25:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2013.07.08 10:25:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2013.07.08 10:25:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2013.07.08 10:25:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2013.07.08 10:25:24 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={goo gle:suggestAPIKeyParameter}
CHR - homepage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=E8F7C8600022B2A8&affID=122471&tt=070813_wt4&tsp=4969
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Oliver\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Oliver\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Oliver\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Oliver\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Facebook Friend Inviter = C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\fojfflomljfbdfdcfmiihnijjfnnakdn\1.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft-Konto-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-662309260-220568418-758730657-1000..\Run: [DAEMON Tools Ultra Agent] C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-662309260-220568418-758730657-1000..\Run: [Facebook Update] C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-662309260-220568418-758730657-1003..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-662309260-220568418-758730657-1010..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-662309260-220568418-758730657-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-662309260-220568418-758730657-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Oliver\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-662309260-220568418-758730657-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-662309260-220568418-758730657-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-662309260-220568418-758730657-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-662309260-220568418-758730657-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47531A34-8A38-46D2-AF2D-0065CB96FA2A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{3e64e27c-e3aa-11e2-ad75-c8600022b2a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3e64e27c-e3aa-11e2-ad75-c8600022b2a8}\Shell\AutoRun\command - "" = I:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.08.09 14:13:19 | 000,162,008 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013.08.09 13:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.08.09 13:34:27 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2013.08.09 13:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.08.09 13:13:30 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Desktop\mbar
[2013.08.09 12:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.08.09 12:44:27 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\BabSolution
[2013.08.09 12:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013.08.09 12:44:14 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Babylon
[2013.08.09 12:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.08.09 10:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.08.09 10:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Deskshare
[2013.08.09 09:59:17 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\Language
[2013.08.09 09:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2013.08.09 09:58:23 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\DeskShare Data
[2013.08.09 09:58:20 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Spoon
[2013.08.07 14:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.08.06 21:14:42 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Desktop\Tichelhaus - meet & greet
[2013.08.06 10:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveShare
[2013.08.06 10:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.08.05 21:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2013.08.05 13:25:27 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powrprof.dll
[2013.08.05 12:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013.08.05 12:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013.08.04 16:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013.08.04 16:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013.08.02 14:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013.08.02 00:23:52 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2013.08.02 00:23:51 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\VirtualDJ
[2013.08.02 00:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2013.07.31 16:45:50 | 000,000,000 | ---D | C] -- C:\NvidiaLogging
[2013.07.31 16:44:41 | 000,039,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2013.07.31 16:44:41 | 000,029,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2013.07.31 16:44:41 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2013.07.31 13:14:36 | 000,000,000 | ---D | C] -- C:\inetpub
[2013.07.31 13:14:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013.07.31 13:14:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013.07.31 13:01:38 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\TweakNow RegCleaner 2012
[2013.07.31 13:01:38 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\TweakNow RegCleaner
[2013.07.31 13:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow RegCleaner
[2013.07.31 13:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow RegCleaner
[2013.07.31 13:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCleaner
[2013.07.29 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Apple Computer
[2013.07.28 21:47:44 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Facebook
[2013.07.25 18:33:32 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Settings
[2013.07.25 18:33:32 | 000,000,000 | ---D | C] -- C:\Users\Oliver\History
[2013.07.25 18:33:31 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Logs
[2013.07.25 18:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{2A474181-642E-4924-82EE-418B25FB81F5}
[2013.07.25 18:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}
[2013.07.25 18:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{F2610326-6A40-4BBC-9FBC-7F05356A912A}
[2013.07.24 21:54:56 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2013.07.24 21:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2013.07.24 21:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013.07.24 01:53:46 | 000,000,000 | ---D | C] -- C:\totalcmd
[2013.07.24 01:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
[2013.07.24 01:53:46 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\GHISLER
[2013.07.20 12:03:52 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\SkinSoft
[2013.07.20 12:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Ticketscript
[2013.07.20 11:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{4682E4CB-7209-4099-8AA1-580ABCCCE731}
[2013.07.19 20:30:16 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSInet.ocx
[2013.07.19 20:30:16 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Renamer Ultra 2000
[2013.07.19 20:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Renamer Ultra 2000
[2013.07.19 20:30:15 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2013.07.19 20:30:15 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2013.07.19 20:30:15 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2013.07.19 20:30:15 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2013.07.19 20:30:15 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2013.07.19 20:30:15 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstdfmt.dll
[2013.07.19 18:33:40 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Diags
[2013.07.19 18:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Diags
[2013.07.19 18:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3DoctorPRO
[2013.07.19 18:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3Doctor PRO
[2013.07.19 00:12:08 | 000,023,968 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspLLL64.sys
[2013.07.19 00:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
[2013.07.19 00:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\LatencyMon
[2013.07.18 13:07:14 | 000,043,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys
[2013.07.17 20:28:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013.07.17 20:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.07.17 20:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.07.17 20:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.07.17 20:22:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.07.16 01:15:42 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013.07.16 01:15:42 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013.07.16 01:15:42 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013.07.16 01:15:42 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013.07.16 01:15:42 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013.07.16 01:15:42 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2013.07.16 01:15:42 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013.07.16 01:15:42 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013.07.16 01:15:41 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2013.07.16 01:15:41 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013.07.16 01:15:41 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2013.07.16 01:15:41 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013.07.16 01:15:41 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2013.07.16 01:15:41 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2013.07.16 01:15:41 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2013.07.16 01:15:41 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013.07.16 01:15:41 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013.07.16 01:15:41 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013.07.16 01:15:41 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2013.07.16 01:15:41 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2013.07.16 01:15:41 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2013.07.16 01:15:41 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2013.07.16 01:15:40 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2013.07.16 01:15:40 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2013.07.16 01:15:40 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2013.07.16 01:15:40 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2013.07.16 01:15:40 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2013.07.16 01:15:40 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2013.07.16 01:15:40 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2013.07.16 01:15:40 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2013.07.16 01:15:39 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2013.07.16 01:15:39 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2013.07.16 01:15:39 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2013.07.16 01:15:39 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2013.07.16 01:15:39 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013.07.16 01:15:39 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013.07.16 01:15:39 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2013.07.16 01:15:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013.07.16 01:15:39 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2013.07.16 01:15:39 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2013.07.16 01:15:38 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2013.07.16 01:15:38 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013.07.16 01:15:38 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2013.07.16 01:15:38 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013.07.16 01:15:38 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2013.07.16 01:15:38 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2013.07.16 01:15:38 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013.07.16 01:15:38 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013.07.16 01:15:38 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013.07.16 01:15:38 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2013.07.16 01:15:38 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2013.07.16 01:15:38 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2013.07.16 01:15:38 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2013.07.16 01:15:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013.07.16 01:15:37 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2013.07.16 01:15:37 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013.07.16 01:15:37 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2013.07.16 01:15:37 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013.07.16 01:15:37 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2013.07.16 01:15:37 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013.07.16 01:15:37 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013.07.16 01:15:37 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013.07.16 01:15:37 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2013.07.16 01:15:37 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2013.07.16 01:15:37 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2013.07.16 01:15:37 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2013.07.16 01:15:37 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013.07.16 01:15:37 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013.07.16 01:15:37 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2013.07.16 01:15:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013.07.16 01:15:36 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2013.07.16 01:15:36 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013.07.16 01:15:36 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2013.07.16 01:15:36 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013.07.16 01:15:36 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2013.07.16 01:15:36 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2013.07.16 01:15:36 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013.07.16 01:15:36 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013.07.16 01:15:36 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013.07.16 01:15:36 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2013.07.16 01:15:36 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2013.07.16 01:15:36 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013.07.16 01:15:36 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2013.07.16 01:15:36 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013.07.16 01:15:35 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2013.07.16 01:15:35 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013.07.16 01:15:35 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2013.07.16 01:15:35 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013.07.16 01:15:35 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2013.07.16 01:15:35 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2013.07.16 01:15:35 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013.07.16 01:15:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013.07.16 01:15:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013.07.16 01:15:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2013.07.16 01:15:34 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2013.07.16 01:15:34 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013.07.16 01:15:34 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2013.07.16 01:15:34 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013.07.16 01:15:34 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2013.07.16 01:15:34 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013.07.16 01:15:34 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2013.07.16 01:15:34 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013.07.16 01:15:34 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2013.07.16 01:15:34 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013.07.16 01:15:33 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2013.07.16 01:15:33 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013.07.16 01:15:33 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2013.07.16 01:15:33 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013.07.16 01:15:33 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2013.07.16 01:15:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013.07.16 01:15:33 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2013.07.16 01:15:33 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013.07.16 01:15:32 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2013.07.16 01:15:32 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013.07.16 01:15:32 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2013.07.16 01:15:32 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2013.07.16 01:15:32 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013.07.16 01:15:32 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013.07.16 01:15:32 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2013.07.16 01:15:32 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2013.07.16 01:15:32 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013.07.16 01:15:32 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013.07.16 01:15:32 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2013.07.16 01:15:32 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013.07.16 01:15:32 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2013.07.16 01:15:32 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013.07.16 01:15:31 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2013.07.16 01:15:31 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2013.07.16 01:15:31 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013.07.16 01:15:31 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013.07.16 01:15:31 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2013.07.16 01:15:31 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013.07.16 01:15:31 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2013.07.16 01:15:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013.07.16 01:15:31 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2013.07.16 01:15:31 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013.07.16 01:15:31 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2013.07.16 01:15:31 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013.07.16 01:15:30 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2013.07.16 01:15:30 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013.07.16 01:15:30 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2013.07.16 01:15:30 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013.07.16 01:15:30 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2013.07.16 01:15:30 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2013.07.16 01:15:30 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2013.07.16 01:15:30 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013.07.16 01:15:30 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013.07.16 01:15:30 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013.07.16 01:15:29 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2013.07.16 01:15:29 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013.07.16 01:15:29 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2013.07.16 01:15:29 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2013.07.16 01:15:29 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013.07.16 01:15:29 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013.07.16 01:15:29 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2013.07.16 01:15:29 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2013.07.16 01:15:29 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013.07.16 01:15:29 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013.07.16 01:15:29 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2013.07.16 01:15:29 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013.07.16 01:15:28 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2013.07.16 01:15:28 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013.07.16 01:15:28 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2013.07.16 01:15:28 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2013.07.16 01:15:28 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013.07.16 01:15:28 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013.07.16 01:15:28 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2013.07.16 01:15:28 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013.07.16 01:15:27 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2013.07.16 01:15:27 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2013.07.16 01:15:27 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2013.07.16 01:15:27 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2013.07.16 01:15:27 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013.07.16 01:15:27 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013.07.16 01:15:27 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013.07.16 01:15:27 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013.07.16 01:15:26 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2013.07.16 01:15:26 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2013.07.16 01:15:26 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013.07.16 01:15:26 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013.07.16 01:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.07.16 01:14:11 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2013.07.16 01:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2013.07.16 01:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor 2.5
[2013.07.16 01:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Kombustor 2.5
[2013.07.15 22:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2013.07.15 22:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2013.07.15 22:35:23 | 000,046,152 | ---- | C] (MCCI Corporation) -- C:\Windows\SysWow64\drivers\ASUSFILTER.sys
[2013.07.15 22:33:42 | 000,014,464 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys
[2013.07.15 22:33:30 | 000,184,320 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\drivers\UpdateHelper.dll
[2013.07.15 22:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2013.07.15 22:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2013.07.15 22:32:55 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2013.07.15 22:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2013.07.10 20:12:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.07.10 20:12:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.07.10 20:12:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.07.10 20:12:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.07.10 20:12:05 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.07.10 20:12:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.07.10 20:12:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.07.10 20:12:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.07.10 20:12:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.07.10 20:12:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.07.10 20:12:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.07.10 20:12:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.07.10 20:12:04 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.07.10 20:12:04 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.10 20:12:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.07.10 20:08:49 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.07.10 20:08:49 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013.07.10 20:08:49 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013.07.10 20:08:49 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013.07.10 20:08:24 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

========== Files - Modified Within 30 Days ==========

[2013.08.09 14:13:19 | 000,162,008 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013.08.09 14:13:14 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.08.09 14:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.08.09 13:56:23 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.09 13:56:23 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.09 13:49:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.09 13:48:53 | 4251,983,870 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.09 13:34:27 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2013.08.09 13:32:31 | 001,627,120 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.08.09 13:32:31 | 000,702,326 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.08.09 13:32:31 | 000,656,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.08.09 13:32:31 | 000,149,910 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.08.09 13:32:31 | 000,122,242 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.08.09 13:27:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-662309260-220568418-758730657-1000UA.job
[2013.08.09 13:27:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-662309260-220568418-758730657-1000Core.job
[2013.08.07 11:46:31 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013.08.06 21:14:24 | 000,000,863 | ---- | M] () -- C:\Users\Oliver\Desktop\Projekte.lnk
[2013.08.05 22:07:11 | 001,768,831 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013.08.04 17:56:51 | 008,524,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.08.04 16:24:46 | 000,000,629 | ---- | M] () -- C:\Windows\wininit.ini
[2013.08.03 11:45:12 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013.08.02 14:42:21 | 000,002,404 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
[2013.08.02 00:23:52 | 000,001,046 | ---- | M] () -- C:\Users\Oliver\Desktop\VirtualDJ PRO Full.lnk
[2013.07.31 13:22:46 | 000,001,322 | ---- | M] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.07.27 01:43:21 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx
[2013.07.27 01:39:28 | 002,474,256 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2013.07.25 18:07:58 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.07.25 18:06:24 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
[2013.07.20 12:03:50 | 000,000,183 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
[2013.07.19 18:35:36 | 000,016,957 | ---- | M] () -- C:\Users\Oliver\Documents\MP3Diags.dat
[2013.07.19 18:35:36 | 000,002,730 | ---- | M] () -- C:\Users\Oliver\Documents\MP3Diags.ini
[2013.07.17 15:08:16 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.07.17 15:08:16 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.07.17 15:08:16 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.07.16 01:30:24 | 000,019,043 | ---- | M] () -- C:\Quarantine.reg
[2013.07.16 01:30:22 | 000,026,356 | ---- | M] () -- C:\Quarantine.lst
[2013.07.15 22:38:01 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.07.15 22:38:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013.08.09 14:13:14 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.08.06 21:14:24 | 000,000,863 | ---- | C] () -- C:\Users\Oliver\Desktop\Projekte.lnk
[2013.08.04 02:57:34 | 008,524,744 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.08.02 14:42:21 | 000,002,404 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
[2013.08.02 00:23:52 | 000,001,046 | ---- | C] () -- C:\Users\Oliver\Desktop\VirtualDJ PRO Full.lnk
[2013.07.31 13:19:43 | 000,026,356 | ---- | C] () -- C:\Quarantine.lst
[2013.07.31 13:19:43 | 000,019,043 | ---- | C] () -- C:\Quarantine.reg
[2013.07.29 09:27:47 | 000,001,322 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.07.25 18:07:58 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.07.20 12:03:50 | 000,000,183 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
[2013.07.19 20:30:15 | 000,208,896 | ---- | C] ( ) -- C:\Windows\SysWow64\SoftGuard6.ocx
[2013.07.19 18:35:36 | 000,016,957 | ---- | C] () -- C:\Users\Oliver\Documents\MP3Diags.dat
[2013.07.19 18:34:04 | 000,002,730 | ---- | C] () -- C:\Users\Oliver\Documents\MP3Diags.ini
[2013.07.16 01:30:27 | 000,000,629 | ---- | C] () -- C:\Windows\wininit.ini
[2013.07.15 22:39:59 | 000,000,000 | ---- | C] () -- C:\Windows\Path.idx
[2013.07.15 22:39:34 | 002,474,256 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2013.07.15 22:33:55 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2013.07.15 22:32:55 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013.07.15 22:32:55 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013.07.15 22:32:55 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013.07.02 15:34:18 | 000,423,709 | ---- | C] () -- C:\Users\Oliver\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2013.06.30 20:45:08 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2013.06.30 20:24:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.06.30 20:24:50 | 000,023,954 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013.06.30 19:18:56 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.05.19 10:17:04 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.05.19 10:17:04 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.08.09 12:50:56 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\BabSolution
[2013.08.09 12:44:14 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Babylon
[2013.07.03 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DAEMON Tools Ultra
[2013.07.06 11:45:22 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\dll-files.com
[2013.06.30 21:27:33 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FlashFXP
[2013.08.09 12:50:59 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\GHISLER
[2013.06.30 23:56:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\IrfanView
[2013.08.07 23:14:47 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Mp3tag
[2013.06.30 23:29:03 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\PDAppFlex
[2013.07.03 17:12:58 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.07.31 13:16:56 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\TagScanner
[2013.07.31 13:01:38 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\TweakNow RegCleaner
[2013.07.31 13:01:38 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\TweakNow RegCleaner 2012
[2013.07.01 10:38:15 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:325F6A7B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:47825E35

< End of report >

Alt 09.08.2013, 13:51   #2
ryder
/// TB-Ausbilder
 
Win 7 64 Bit Trojan.0Access - Standard

Win 7 64 Bit Trojan.0Access



!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.




Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:
Bitte lesen:
Regeln für die Bereinigung
  • Illegal genutzte Software
    Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
  • Keine Garantie
    Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
  • Keine Alleingänge
    Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
  • Aufmerksam lesen und nachfragen
    Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
  • Richtig antworten
    • Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
    • Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss. Denke bitte aber auch daran, dass wir diesen Thread und deine Logfiles nachträglich nicht editieren werden! (siehe LINK)
    • Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
      [CODE] (Logfile) [/CODE]
    • Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten. (Hier gibt es eine Anleitung)
  • Keine privaten Nachrichten
    Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
  • Wie läuft die Bereinigung ab?
    Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.



Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, dass sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 09.08.2013, 14:17   #3
stec731
 
Win 7 64 Bit Trojan.0Access - Standard

Win 7 64 Bit Trojan.0Access



Hallo, danke schon mal für die ganzen Hinweise.

Was das Thema Banking angeht so verfüge ich hier über das Chip Tan, somit dürfte hier kein Schaden entstanden sein.

Ich habe generell keine Problem das System komplett neu aufzusetzten, denke das wäre in meinem Fall wohl die Sicherste Methode. Frage hier wäre ob dann auch der MBR neugeschrieben werden sollte

Code:
ATTFilter
ComboFix 13-08-07.01 - Oliver 09.08.2013  15:06:20.1.8 - x64
TRIBAL WINDOWS 7 ULTIMATE   6.1.7601.1.1252.49.1031.18.16329.13636 [GMT 2:00]
ausgeführt von:: c:\users\Oliver\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\PFRO.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-09 bis 2013-08-09  ))))))))))))))))))))))))))))))
.
.
2013-08-09 13:11 . 2013-08-09 13:11	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-08-09 13:11 . 2013-08-09 13:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-09 11:37 . 2013-08-09 12:23	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-09 11:34 . 2013-08-09 11:34	27256	----a-w-	c:\windows\system32\drivers\FixZeroAccess.sys
2013-08-09 11:13 . 2013-08-09 11:13	--------	d-----w-	c:\programdata\Malwarebytes
2013-08-09 10:44 . 2013-08-09 10:44	--------	d-----w-	c:\programdata\BrowserDefender
2013-08-09 10:44 . 2013-08-09 10:50	--------	d-----w-	c:\users\Oliver\AppData\Roaming\BabSolution
2013-08-09 10:44 . 2013-08-09 10:50	--------	d-----w-	c:\program files\Unlocker
2013-08-09 10:44 . 2013-08-09 10:44	--------	d-----w-	c:\users\Oliver\AppData\Roaming\Babylon
2013-08-09 10:44 . 2013-08-09 10:44	--------	d-----w-	c:\programdata\Babylon
2013-08-09 08:13 . 2013-08-09 08:13	--------	d-----w-	c:\program files (x86)\Google
2013-08-09 08:04 . 2013-08-09 08:04	--------	d-----w-	c:\program files\Deskshare
2013-08-09 07:58 . 2013-08-09 10:22	--------	d-----w-	c:\programdata\firebird
2013-08-09 07:58 . 2013-08-09 10:23	--------	d-----w-	c:\users\Oliver\AppData\Local\DeskShare Data
2013-08-09 07:58 . 2013-08-09 07:58	--------	d-----w-	c:\users\Oliver\AppData\Local\Spoon
2013-08-06 08:18 . 2013-08-06 16:11	--------	d-----w-	c:\program files (x86)\SaveShare
2013-08-06 08:17 . 2013-08-06 08:18	--------	d-----w-	c:\programdata\InstallMate
2013-08-05 11:25 . 2011-11-24 07:17	166912	----a-w-	c:\windows\system32\powrprof.dll
2013-08-05 11:25 . 2011-11-24 06:22	145920	----a-w-	c:\windows\SysWow64\powrprof.dll
2013-08-05 10:07 . 2013-08-05 10:07	--------	d-----w-	c:\program files\CPUID
2013-08-04 14:25 . 2013-08-04 14:25	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2013-08-02 12:42 . 2013-08-09 10:52	--------	d-----w-	c:\users\NeroMediaHomeUser.4.Oliver-PC
2013-08-01 22:23 . 2013-08-01 22:24	--------	d-----w-	c:\program files (x86)\VirtualDJ
2013-07-31 14:45 . 2013-07-31 14:45	--------	d-----w-	C:\NvidiaLogging
2013-07-31 14:44 . 2013-05-14 19:28	39712	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2013-07-31 14:44 . 2013-05-14 19:27	29984	----a-w-	c:\windows\system32\nvaudcap64v.dll
2013-07-31 14:44 . 2013-05-14 19:27	28448	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2013-07-31 11:19 . 2013-07-15 23:30	19043	----a-w-	C:\Quarantine.reg
2013-07-31 11:14 . 2013-07-31 11:14	--------	d-----w-	c:\windows\SysWow64\BestPractices
2013-07-31 11:14 . 2013-07-31 11:14	--------	d-----w-	c:\windows\system32\BestPractices
2013-07-31 11:14 . 2013-07-31 11:14	--------	d-----w-	C:\inetpub
2013-07-31 11:01 . 2013-07-31 11:16	--------	d-----w-	c:\program files (x86)\TweakNow RegCleaner
2013-07-31 11:01 . 2013-07-31 11:01	--------	d-----w-	c:\users\Oliver\AppData\Roaming\TweakNow RegCleaner
2013-07-31 11:01 . 2013-07-31 11:01	--------	d-----w-	c:\users\Oliver\AppData\Roaming\TweakNow RegCleaner 2012
2013-07-31 11:00 . 2013-08-03 19:52	--------	d-----w-	c:\program files (x86)\RegCleaner
2013-07-29 08:58 . 2013-07-29 08:58	--------	d-----w-	c:\users\Oliver\AppData\Local\Apple Computer
2013-07-28 19:47 . 2013-07-31 11:16	--------	d-----w-	c:\users\Oliver\AppData\Local\Facebook
2013-07-25 16:33 . 2013-07-25 16:33	--------	d-----w-	c:\users\Oliver\Settings
2013-07-25 16:33 . 2013-07-25 16:33	--------	d-----w-	c:\users\Oliver\History
2013-07-25 16:33 . 2013-07-25 16:33	--------	d-----w-	c:\users\Oliver\Logs
2013-07-25 16:08 . 2013-07-25 16:08	--------	dc----w-	c:\programdata\{2A474181-642E-4924-82EE-418B25FB81F5}
2013-07-25 16:06 . 2013-07-25 16:06	--------	dc----w-	c:\programdata\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}
2013-07-25 16:06 . 2013-07-25 16:06	--------	dc----w-	c:\programdata\{F2610326-6A40-4BBC-9FBC-7F05356A912A}
2013-07-24 19:54 . 2013-08-09 10:50	--------	d-----w-	c:\program files (x86)\ASIO4ALL v2
2013-07-23 23:53 . 2013-08-09 10:50	--------	d-----w-	c:\users\Oliver\AppData\Roaming\GHISLER
2013-07-23 23:53 . 2013-07-31 11:16	--------	d-----w-	C:\totalcmd
2013-07-20 10:03 . 2013-07-20 10:03	--------	d-----w-	c:\users\Oliver\AppData\Local\SkinSoft
2013-07-20 10:03 . 2013-07-20 10:03	--------	d-----w-	c:\programdata\Ticketscript
2013-07-20 09:21 . 2013-07-20 09:21	--------	dc----w-	c:\programdata\{4682E4CB-7209-4099-8AA1-580ABCCCE731}
2013-07-19 18:30 . 2000-05-21 22:00	115920	----a-w-	c:\windows\SysWow64\MSInet.ocx
2013-07-19 18:30 . 2001-03-13 11:51	1066176	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2013-07-19 18:30 . 2001-03-13 11:49	140288	----a-w-	c:\windows\SysWow64\COMDLG32.OCX
2013-07-19 18:30 . 2001-03-13 11:48	118784	----a-w-	c:\windows\SysWow64\msstdfmt.dll
2013-07-19 18:30 . 2001-03-13 11:47	164112	----a-w-	c:\windows\SysWow64\temp.002
2013-07-19 18:30 . 2001-03-13 11:47	598288	----a-w-	c:\windows\SysWow64\temp.001
2013-07-19 18:30 . 2000-08-20 18:00	1388544	----a-w-	c:\windows\SysWow64\temp.000
2013-07-19 18:30 . 1999-05-27 22:30	208896	----a-w-	c:\windows\SysWow64\SoftGuard6.ocx
2013-07-19 16:33 . 2013-08-09 10:50	--------	d-----w-	c:\program files (x86)\MP3Diags
2013-07-19 16:25 . 2013-07-31 11:16	--------	d-----w-	c:\program files (x86)\Mp3DoctorPRO
2013-07-18 22:12 . 2013-07-18 22:12	--------	d-----w-	c:\program files\LatencyMon
2013-07-18 22:12 . 2013-02-07 17:37	23968	----a-w-	c:\windows\system32\drivers\rspLLL64.sys
2013-07-18 11:07 . 2013-03-04 18:14	43680	----a-r-	c:\windows\system32\drivers\SymIMV.sys
2013-07-17 18:24 . 2013-07-17 18:28	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-07-17 18:24 . 2013-07-17 18:28	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-07-17 18:22 . 2013-07-17 18:23	--------	d-----w-	c:\windows\system32\MRT
2013-07-17 13:08 . 2013-07-17 18:28	--------	d-----w-	c:\windows\system32\drivers\NISx64\1404000.028
2013-07-15 23:14 . 2013-08-09 10:50	--------	d-----w-	c:\program files (x86)\MSI Afterburner
2013-07-15 23:11 . 2013-07-31 11:16	--------	d-----w-	c:\program files (x86)\MSI Kombustor 2.5
2013-07-15 20:39 . 2013-07-26 23:39	2474256	----a-w-	c:\windows\PE_Rom.dll
2013-07-15 20:37 . 2013-07-15 20:37	--------	d-----w-	c:\programdata\ASUS OC Profiles
2013-07-15 20:35 . 2013-07-15 20:35	--------	d-----w-	c:\program files\ASUS
2013-07-15 20:35 . 2011-09-20 10:25	46152	----a-w-	c:\windows\SysWow64\drivers\ASUSFILTER.sys
2013-07-15 20:33 . 2010-08-03 11:21	14464	----a-w-	c:\windows\SysWow64\drivers\AsUpIO.sys
2013-07-15 20:33 . 2010-11-08 12:57	14464	----a-w-	c:\windows\system32\drivers\AiChargerPlus.sys
2013-07-15 20:33 . 2008-12-02 18:05	184320	----a-w-	c:\windows\SysWow64\drivers\UpdateHelper.dll
2013-07-15 20:33 . 2002-07-25 14:07	614532	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-07-15 20:33 . 2001-09-05 19:18	225280	------w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-07-15 20:33 . 2001-09-05 02:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-07-15 20:33 . 2001-09-05 02:14	176128	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-07-15 20:33 . 2001-09-05 02:13	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-07-15 20:32 . 2013-07-15 20:32	--------	d-----w-	c:\programdata\ASUS
2013-07-15 20:32 . 2013-07-15 20:33	--------	d-----w-	c:\program files (x86)\ASUS
2013-07-15 20:32 . 2010-08-24 13:16	13440	----a-w-	c:\windows\SysWow64\drivers\AsIO.sys
2013-07-15 20:32 . 2010-06-29 13:41	28672	----a-w-	c:\windows\SysWow64\AsIO.dll
2013-07-15 20:32 . 2008-01-04 11:34	11832	------w-	c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-07-15 20:32 . 2008-01-04 11:34	10216	------w-	c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-07-10 18:11 . 2013-06-11 23:25	19238912	----a-w-	c:\windows\system32\mshtml.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-27 07:16 . 2013-06-30 20:11	80896	----a-r-	c:\users\Oliver\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe
2013-07-17 13:08 . 2013-06-30 19:41	177312	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-15 20:38 . 2013-06-30 20:05	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 20:38 . 2013-06-30 20:05	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-06 09:58 . 2013-07-06 09:53	2836	----a-w-	c:\windows\system32\ASOROSet.bin
2013-07-06 09:33 . 2013-07-06 09:33	119808	----a-r-	c:\users\Oliver\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-07-03 18:20 . 2013-07-03 18:20	29696	----a-w-	c:\windows\system32\drivers\dtscsibus.sys
2013-06-30 20:11 . 2013-06-30 20:11	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-30 20:11 . 2013-06-30 20:12	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-30 20:11 . 2013-06-30 20:12	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-30 20:10 . 2012-07-17 12:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-23 22:57 . 2013-06-30 18:49	78277128	----a-w-	c:\windows\system32\MRT.exe
2013-06-21 12:06 . 2013-07-01 18:54	9239344	----a-w-	c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 18:54	7687592	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 18:54	7641832	----a-w-	c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 18:54	6324360	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 18:54	572704	----a-w-	c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-01 18:54	570656	----a-w-	c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-01 18:54	467232	----a-w-	c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-01 18:54	465184	----a-w-	c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-01 18:54	2953504	----a-w-	c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 18:54	27781920	----a-w-	c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-01 18:54	2777888	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 18:54	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 18:54	2363680	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 18:54	21102368	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-01 18:54	2002720	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 18:54	1832224	----a-w-	c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-01 18:54	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 18:54	15144928	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-07-01 18:54	1511712	----a-w-	c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-07-01 18:54	13411896	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-07-01 18:54	11235104	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-06-30 18:41	61216	----a-w-	c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2013-06-30 18:41	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2013-06-30 18:41	2936208	----a-w-	c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-06-30 18:41	2597856	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-06-30 18:41	12427240	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2009-07-13 21:59	15920536	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2013-06-30 18:41	6496544	----a-w-	c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-06-30 18:41	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-06-30 18:41	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-06-30 18:41	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-06-30 18:41	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2013-06-30 18:41	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-06-21 03:16 . 2013-06-21 03:16	566048	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-06-17 00:10 . 2013-06-30 18:36	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2846490-6779-455B-8F15-0B130A7B26E9}\mpengine.dll
2013-06-05 01:36 . 2013-06-30 18:39	3441992	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2013-06-04 23:08 . 2013-06-30 18:39	26987520	----a-w-	c:\windows\system32\RCoRes64.dat
2013-06-03 19:34 . 2013-06-30 18:39	142920	----a-w-	c:\windows\system32\RCoInstII64.dll
2013-05-30 17:59 . 2013-06-30 18:39	4810008	----a-w-	c:\windows\system32\RTKSMlfx.dll
2013-05-30 17:57 . 2013-06-30 18:39	758104	----a-w-	c:\windows\system32\RTKSMSettingsIPC.dll
2013-05-30 14:57 . 2013-06-30 18:39	946736	----a-w-	c:\windows\system32\SFSS_APO.dll
2013-05-22 15:24 . 2013-06-30 18:39	3744328	----a-w-	c:\windows\system32\RtkAPO64.dll
2013-05-20 20:16 . 2013-06-30 18:39	1003592	----a-w-	c:\windows\system32\RtkApi64.dll
2013-05-20 18:36 . 2013-06-30 18:39	2794056	----a-w-	c:\windows\system32\RtPgEx64.dll
2013-05-19 08:19 . 2013-05-19 08:19	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-05-19 08:19 . 2013-05-19 08:19	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-19 08:19 . 2013-05-19 08:19	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-19 08:19 . 2013-05-19 08:19	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-19 08:18 . 2013-05-19 08:18	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-05-19 08:18 . 2013-05-19 08:18	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-05-19 08:18 . 2013-05-19 08:18	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-05-19 08:18 . 2013-05-19 08:18	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-05-19 08:18 . 2013-05-19 08:18	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-05-19 08:18 . 2013-05-19 08:18	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-05-19 08:18 . 2013-05-19 08:18	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-19 08:18 . 2013-05-19 08:18	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-19 08:18 . 2013-05-19 08:18	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-05-19 08:18 . 2013-05-19 08:18	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-05-19 08:18 . 2013-05-19 08:18	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-05-19 08:18 . 2013-05-19 08:18	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-05-19 08:18 . 2013-05-19 08:18	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-05-19 08:18 . 2013-05-19 08:18	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-05-19 08:17 . 2013-05-19 08:17	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-05-19 08:17 . 2013-05-19 08:17	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-19 08:17 . 2013-05-19 08:17	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-05-19 08:17 . 2013-05-19 08:17	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-05-19 08:17 . 2013-05-19 08:17	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-05-19 08:17 . 2013-05-19 08:17	112640	----a-w-	c:\windows\system32\smss.exe
2013-05-19 08:17 . 2013-05-19 08:17	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-05-19 08:17 . 2013-05-19 08:17	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-19 08:17 . 2013-05-19 08:17	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-19 08:17 . 2013-05-19 08:17	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-19 08:17 . 2013-05-19 08:17	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-19 08:17 . 2013-05-19 08:17	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-19 08:17 . 2013-05-19 08:17	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-13 13:36 . 2013-05-13 13:36	50864	----a-w-	c:\windows\system32\drivers\point64.sys
2013-05-13 05:51 . 2013-06-30 18:36	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-30 18:36	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-30 18:36	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-30 18:36	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-30 18:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-30 18:36	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-30 18:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-30 18:36	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-30 18:36	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-30 18:36	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-12 21:42 . 2013-06-30 18:41	1832224	----a-w-	c:\windows\system32\nvdispco6432018.dll
2013-05-12 21:42 . 2013-06-30 18:41	1511712	----a-w-	c:\windows\system32\nvdispgenco6432018.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-03 05:35	1725128	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-03 05:35	1725128	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-03 05:35	1725128	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-06-30 138096]
"DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2013-06-25 3128352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-10-26 5178664]
.
c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Oliver\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130808.001_e93\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130808.001_e93\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [x]
S2 gearsec;gearsec;c:\windows\SysWOW64\gearsec.exe;c:\windows\SysWOW64\gearsec.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 a4djavs;Audio 4 DJ WDM Audio;c:\windows\system32\Drivers\a4djavs.sys;c:\windows\SYSNATIVE\Drivers\a4djavs.sys [x]
S3 a4djusb_svc;Audio 4 DJ;c:\windows\system32\Drivers\a4djusb.sys;c:\windows\SYSNATIVE\Drivers\a4djusb.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-30 20:38]
.
2013-08-07 c:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-07-06 09:49]
.
2013-08-03 c:\windows\Tasks\DLL-Files.Com Fixer_Updates.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-07-06 09:49]
.
2013-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-662309260-220568418-758730657-1000Core.job
- c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28 19:41]
.
2013-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-662309260-220568418-758730657-1000UA.job
- c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28 19:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-03 05:33	2328264	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-03 05:33	2328264	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-03 05:33	2328264	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-05-27 7188552]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-05-20 1308232]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-30 21:12; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-06-30 21:32; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
FF - ExtSQL: 2013-06-30 21:32; ich@maltegoetz.de; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\ich@maltegoetz.de
FF - ExtSQL: 2013-06-30 21:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-30 21:48; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn
FF - ExtSQL: 2013-06-30 21:49; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn
FF - ExtSQL: 2013-08-09 10:03; {94cd2cc3-083f-49ba-a218-4cda4b4829fd}; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
FF - ExtSQL: 2013-08-09 12:50; ffxtlbr@delta.com; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\ffxtlbr@delta.com
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=&q=
FF - user.js: extensions.mysearchdial.id - C8600022B2A81DBA
FF - user.js: extensions.mysearchdial.instlDay - 15888
FF - user.js: extensions.mysearchdial.vrsn - 
FF - user.js: extensions.mysearchdial.vrsni - 
FF - user.js: extensions.mysearchdial_i.vrsnTs - 15:34
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dnldmsd
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 
FF - user.js: extensions.mysearchdial.dfltLng - 
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1234704676
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q
FF - user.js: extensions.irmysearch.aflt - dnldmsd
FF - user.js: extensions.irmysearch.instlRef - 
FF - user.js: extensions.irmysearch.cr - 1234704676
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Birth of the Federation version 1.0.2 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-09  15:12:59
ComboFix-quarantined-files.txt  2013-08-09 13:12
.
Vor Suchlauf: 16 Verzeichnis(se), 116.194.062.336 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 115.757.629.440 Bytes frei
.
- - End Of File - - 380FE878B0FF6DE01909408E180B05BA
A36C5E4F47E84449FF07ED3517B43A31
         
__________________

Alt 09.08.2013, 14:25   #4
ryder
/// TB-Ausbilder
 
Win 7 64 Bit Trojan.0Access - Standard

Win 7 64 Bit Trojan.0Access



Kannst du mir vorher erklären, was das für eine Windows Version sein soll?

Zitat:
TRIBAL WINDOWS 7 ULTIMATE
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 09.08.2013, 14:27   #5
stec731
 
Win 7 64 Bit Trojan.0Access - Standard

Win 7 64 Bit Trojan.0Access



Zitat:
Zitat von ryder Beitrag anzeigen
Kannst du mir vorher erklären, was das für eine Windows Version sein soll?
eine modifizierte Windows Version mit God Modus und Deaktiviert wurden:
Mediacenter
TabletPC
Games
Minianwendungen

weil diese für mich unnötig sind


Alt 09.08.2013, 14:32   #6
ryder
/// TB-Ausbilder
 
Win 7 64 Bit Trojan.0Access - Standard

Win 7 64 Bit Trojan.0Access



Hoffen wir mal, dass diese auch mit einem legalen Key betrieben wird.


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstallation von Programmen
  • Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen
Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen (z.B. jDownloader).

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
Registry-Cleaner Software, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall (ist unnötig), McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle Varianten, Java 7 kann bleiben), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater,Advanced System Protector, RegClean Pro, Advanced System Optimizer, DriverCure, Uniblue DriverScanner, FireJump, SearchAnonymizer, SpeedMaxPC, Optimzer Pro, Webcake, OpenCandy, Zip Opener, WinZipper, Open It!

Ich persönlich empfehle auch alles zu deinstallieren, was mit Bing zu tun hat (Bing Desktop, -toolbar), aber das ist deine Entscheidung.


Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3:
AdwCleaner wiederholen
Die vorliegende Version der Werbeprogramme ist ziemlich hartnäckig und kann von AdwCleaner erfahrungsgemäss nur bei zweimaliger Anwendung entfernt werden. Also wiederhole diesen Schritt bitte und poste auch das Logfile.


Schritt 4:
Kontrolle nochmal mit Combofix.
__________________
--> Win 7 64 Bit Trojan.0Access

Alt 09.08.2013, 14:56   #7
stec731
 
Win 7 64 Bit Trojan.0Access - Standard

Win 7 64 Bit Trojan.0Access



So habe die Liste abgearbeitet:

Vorhandene Programme wurden deinstalliert.

Log 1 von Adwcleaner:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 09/08/2013 um 15:36:51 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Oliver - OLIVER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Oliver\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gefunden : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gefunden : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\foxydeal.sqlite
Datei Gefunden : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\searchplugins\Babylon.xml
Datei Gefunden : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\searchplugins\Mysearchdial.xml
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\BrowserDefender
Ordner Gefunden : C:\Users\Oliver\AppData\Roaming\BabSolution
Ordner Gefunden : C:\Users\Oliver\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\ffxtlbr@delta.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\mysearchdial
Schlüssel Gefunden : HKCU\Software\mysearchdial.com
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\Software\SP Global

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0CyDyEzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1234704676&ir=

-\\ Mozilla Firefox v23.0 (de)

Datei : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\prefs.js

Gefunden : user_pref("aol_toolbar.default.homepage.check", false);
Gefunden : user_pref("aol_toolbar.default.search.check", false);
Gefunden : user_pref("browser.search.order.1", "Mysearchdial");
Gefunden : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gefunden : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gefunden : user_pref("extensions.mysearchdial.aflt", "dnldmsd");
Gefunden : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Gefunden : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtBtB0BtB0AzztC0D0B0AtN0D0Tzu0Cy[...]
Gefunden : user_pref("extensions.mysearchdial.cntry", "DE");
Gefunden : user_pref("extensions.mysearchdial.cr", 1234704676);
Gefunden : user_pref("extensions.mysearchdial.dfltLng", "");
Gefunden : user_pref("extensions.mysearchdial.dfltSrch", true);
Gefunden : user_pref("extensions.mysearchdial.dnsErr", true);
Gefunden : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,6[...]
Gefunden : user_pref("extensions.mysearchdial.excTlbr", false);
Gefunden : user_pref("extensions.mysearchdial.hdrMd5", "A17EDC243CB74471816C946952E0EADF");
Gefunden : user_pref("extensions.mysearchdial.hmpg", true);
Gefunden : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyE[...]
Gefunden : user_pref("extensions.mysearchdial.id", "C8600022B2A81DBA");
Gefunden : user_pref("extensions.mysearchdial.instlDay", 15888);
Gefunden : user_pref("extensions.mysearchdial.instlRef", "");
Gefunden : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN[...]
Gefunden : user_pref("extensions.mysearchdial.lastVrsnTs", "15:34:11");
Gefunden : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2Xzu[...]
Gefunden : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Gefunden : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Gefunden : user_pref("extensions.mysearchdial.sg", "none");
Gefunden : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Gefunden : user_pref("extensions.mysearchdial.tlbrId", "base");
Gefunden : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2X[...]
Gefunden : user_pref("extensions.mysearchdial.vrsn", "");
Gefunden : user_pref("extensions.mysearchdial.vrsni", "");
Gefunden : user_pref("extensions.mysearchdial_i.hmpg", true);
Gefunden : user_pref("extensions.mysearchdial_i.newTab", false);
Gefunden : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Gefunden : user_pref("extensions.mysearchdial_i.vrsnTs", "15:34:11");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.2104] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=E8F7C8600022B2A8&affID=122471&tt=070813_wt4&tsp=4969",
Gefunden [l.2475] : urls_to_restore_on_startup ="session": {"restore_on_startup": 4,  [ "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=E8F7C8600022B2A8&affID=122471&tt=070813_wt4&tsp=4969" ]},

*************************

AdwCleaner[R1].txt - [6716 octets] - [09/08/2013 15:36:51]

########## EOF - C:\AdwCleaner[R1].txt - [6776 octets] ##########
         
--- --- ---


Log 2 von adwcleaner:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 09/08/2013 um 15:40:32 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Oliver - OLIVER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Oliver\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v23.0 (de)

Datei : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6843 octets] - [09/08/2013 15:36:51]
AdwCleaner[R2].txt - [934 octets] - [09/08/2013 15:40:32]
AdwCleaner[S1].txt - [7059 octets] - [09/08/2013 15:37:13]

########## EOF - C:\AdwCleaner[R2].txt - [1053 octets] ##########
         
--- --- ---


sowie Log von Combofix:

Code:
ATTFilter
ComboFix 13-08-07.01 - Oliver 09.08.2013  15:47:09.2.8 - x64
TRIBAL WINDOWS 7 ULTIMATE   6.1.7601.1.1252.49.1031.18.16329.14066 [GMT 2:00]
ausgeführt von:: c:\users\Oliver\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-09 bis 2013-08-09  ))))))))))))))))))))))))))))))
.
.
2013-08-09 13:51 . 2013-08-09 13:51	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-08-09 13:51 . 2013-08-09 13:51	--------	d-----w-	c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2013-08-09 13:51 . 2013-08-09 13:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-09 11:34 . 2013-08-09 11:34	27256	----a-w-	c:\windows\system32\drivers\FixZeroAccess.sys
2013-08-09 11:13 . 2013-08-09 11:13	--------	d-----w-	c:\programdata\Malwarebytes
2013-08-09 10:44 . 2013-08-09 10:50	--------	d-----w-	c:\program files\Unlocker
2013-08-09 08:13 . 2013-08-09 08:13	--------	d-----w-	c:\program files (x86)\Google
2013-08-09 08:04 . 2013-08-09 08:04	--------	d-----w-	c:\program files\Deskshare
2013-08-09 07:58 . 2013-08-09 10:22	--------	d-----w-	c:\programdata\firebird
2013-08-09 07:58 . 2013-08-09 10:23	--------	d-----w-	c:\users\Oliver\AppData\Local\DeskShare Data
2013-08-09 07:58 . 2013-08-09 07:58	--------	d-----w-	c:\users\Oliver\AppData\Local\Spoon
2013-08-06 08:18 . 2013-08-06 16:11	--------	d-----w-	c:\program files (x86)\SaveShare
2013-08-06 08:17 . 2013-08-06 08:18	--------	d-----w-	c:\programdata\InstallMate
2013-08-05 11:25 . 2011-11-24 07:17	166912	----a-w-	c:\windows\system32\powrprof.dll
2013-08-05 11:25 . 2011-11-24 06:22	145920	----a-w-	c:\windows\SysWow64\powrprof.dll
2013-08-05 10:07 . 2013-08-05 10:07	--------	d-----w-	c:\program files\CPUID
2013-08-04 14:25 . 2013-08-09 13:35	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2013-08-02 12:42 . 2013-08-09 10:52	--------	d-----w-	c:\users\NeroMediaHomeUser.4.Oliver-PC
2013-08-01 22:23 . 2013-08-01 22:24	--------	d-----w-	c:\program files (x86)\VirtualDJ
2013-07-31 14:45 . 2013-07-31 14:45	--------	d-----w-	C:\NvidiaLogging
2013-07-31 14:44 . 2013-05-14 19:28	39712	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2013-07-31 14:44 . 2013-05-14 19:27	29984	----a-w-	c:\windows\system32\nvaudcap64v.dll
2013-07-31 14:44 . 2013-05-14 19:27	28448	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2013-07-31 11:19 . 2013-07-15 23:30	19043	----a-w-	C:\Quarantine.reg
2013-07-31 11:14 . 2013-07-31 11:14	--------	d-----w-	c:\windows\SysWow64\BestPractices
2013-07-31 11:14 . 2013-07-31 11:14	--------	d-----w-	c:\windows\system32\BestPractices
2013-07-31 11:14 . 2013-07-31 11:14	--------	d-----w-	C:\inetpub
2013-07-31 11:01 . 2013-07-31 11:16	--------	d-----w-	c:\program files (x86)\TweakNow RegCleaner
2013-07-31 11:01 . 2013-07-31 11:01	--------	d-----w-	c:\users\Oliver\AppData\Roaming\TweakNow RegCleaner
2013-07-31 11:01 . 2013-07-31 11:01	--------	d-----w-	c:\users\Oliver\AppData\Roaming\TweakNow RegCleaner 2012
2013-07-31 11:00 . 2013-08-03 19:52	--------	d-----w-	c:\program files (x86)\RegCleaner
2013-07-29 08:58 . 2013-07-29 08:58	--------	d-----w-	c:\users\Oliver\AppData\Local\Apple Computer
2013-07-28 19:47 . 2013-07-31 11:16	--------	d-----w-	c:\users\Oliver\AppData\Local\Facebook
2013-07-25 16:33 . 2013-07-25 16:33	--------	d-----w-	c:\users\Oliver\Settings
2013-07-25 16:33 . 2013-07-25 16:33	--------	d-----w-	c:\users\Oliver\History
2013-07-25 16:33 . 2013-07-25 16:33	--------	d-----w-	c:\users\Oliver\Logs
2013-07-25 16:08 . 2013-07-25 16:08	--------	dc----w-	c:\programdata\{2A474181-642E-4924-82EE-418B25FB81F5}
2013-07-25 16:06 . 2013-07-25 16:06	--------	dc----w-	c:\programdata\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}
2013-07-25 16:06 . 2013-07-25 16:06	--------	dc----w-	c:\programdata\{F2610326-6A40-4BBC-9FBC-7F05356A912A}
2013-07-24 19:54 . 2013-08-09 10:50	--------	d-----w-	c:\program files (x86)\ASIO4ALL v2
2013-07-23 23:53 . 2013-08-09 10:50	--------	d-----w-	c:\users\Oliver\AppData\Roaming\GHISLER
2013-07-23 23:53 . 2013-07-31 11:16	--------	d-----w-	C:\totalcmd
2013-07-20 10:03 . 2013-07-20 10:03	--------	d-----w-	c:\users\Oliver\AppData\Local\SkinSoft
2013-07-20 10:03 . 2013-07-20 10:03	--------	d-----w-	c:\programdata\Ticketscript
2013-07-20 09:21 . 2013-07-20 09:21	--------	dc----w-	c:\programdata\{4682E4CB-7209-4099-8AA1-580ABCCCE731}
2013-07-19 18:30 . 2000-05-21 22:00	115920	----a-w-	c:\windows\SysWow64\MSInet.ocx
2013-07-19 18:30 . 2001-03-13 11:51	1066176	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2013-07-19 18:30 . 2001-03-13 11:49	140288	----a-w-	c:\windows\SysWow64\COMDLG32.OCX
2013-07-19 18:30 . 2001-03-13 11:48	118784	----a-w-	c:\windows\SysWow64\msstdfmt.dll
2013-07-19 18:30 . 2001-03-13 11:47	164112	----a-w-	c:\windows\SysWow64\temp.002
2013-07-19 18:30 . 2001-03-13 11:47	598288	----a-w-	c:\windows\SysWow64\temp.001
2013-07-19 18:30 . 2000-08-20 18:00	1388544	----a-w-	c:\windows\SysWow64\temp.000
2013-07-19 18:30 . 1999-05-27 22:30	208896	----a-w-	c:\windows\SysWow64\SoftGuard6.ocx
2013-07-19 16:33 . 2013-08-09 10:50	--------	d-----w-	c:\program files (x86)\MP3Diags
2013-07-19 16:25 . 2013-07-31 11:16	--------	d-----w-	c:\program files (x86)\Mp3DoctorPRO
2013-07-18 22:12 . 2013-07-18 22:12	--------	d-----w-	c:\program files\LatencyMon
2013-07-18 22:12 . 2013-02-07 17:37	23968	----a-w-	c:\windows\system32\drivers\rspLLL64.sys
2013-07-18 11:07 . 2013-03-04 18:14	43680	----a-r-	c:\windows\system32\drivers\SymIMV.sys
2013-07-17 18:24 . 2013-07-17 18:28	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-07-17 18:24 . 2013-07-17 18:28	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-07-17 18:22 . 2013-07-17 18:23	--------	d-----w-	c:\windows\system32\MRT
2013-07-17 13:08 . 2013-07-17 18:28	--------	d-----w-	c:\windows\system32\drivers\NISx64\1404000.028
2013-07-15 23:14 . 2013-08-09 10:50	--------	d-----w-	c:\program files (x86)\MSI Afterburner
2013-07-15 23:11 . 2013-07-31 11:16	--------	d-----w-	c:\program files (x86)\MSI Kombustor 2.5
2013-07-15 20:39 . 2013-07-26 23:39	2474256	----a-w-	c:\windows\PE_Rom.dll
2013-07-15 20:37 . 2013-07-15 20:37	--------	d-----w-	c:\programdata\ASUS OC Profiles
2013-07-15 20:35 . 2013-07-15 20:35	--------	d-----w-	c:\program files\ASUS
2013-07-15 20:35 . 2011-09-20 10:25	46152	----a-w-	c:\windows\SysWow64\drivers\ASUSFILTER.sys
2013-07-15 20:33 . 2010-08-03 11:21	14464	----a-w-	c:\windows\SysWow64\drivers\AsUpIO.sys
2013-07-15 20:33 . 2010-11-08 12:57	14464	----a-w-	c:\windows\system32\drivers\AiChargerPlus.sys
2013-07-15 20:33 . 2008-12-02 18:05	184320	----a-w-	c:\windows\SysWow64\drivers\UpdateHelper.dll
2013-07-15 20:33 . 2002-07-25 14:07	614532	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-07-15 20:33 . 2001-09-05 19:18	225280	------w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-07-15 20:33 . 2001-09-05 02:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-07-15 20:33 . 2001-09-05 02:14	176128	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-07-15 20:33 . 2001-09-05 02:13	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-07-15 20:32 . 2013-07-15 20:32	--------	d-----w-	c:\programdata\ASUS
2013-07-15 20:32 . 2013-07-15 20:33	--------	d-----w-	c:\program files (x86)\ASUS
2013-07-15 20:32 . 2010-08-24 13:16	13440	----a-w-	c:\windows\SysWow64\drivers\AsIO.sys
2013-07-15 20:32 . 2010-06-29 13:41	28672	----a-w-	c:\windows\SysWow64\AsIO.dll
2013-07-15 20:32 . 2008-01-04 11:34	11832	------w-	c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-07-15 20:32 . 2008-01-04 11:34	10216	------w-	c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-07-10 18:11 . 2013-06-11 23:25	19238912	----a-w-	c:\windows\system32\mshtml.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-27 07:16 . 2013-06-30 20:11	80896	----a-r-	c:\users\Oliver\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe
2013-07-17 13:08 . 2013-06-30 19:41	177312	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-15 20:38 . 2013-06-30 20:05	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 20:38 . 2013-06-30 20:05	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-06 09:58 . 2013-07-06 09:53	2836	----a-w-	c:\windows\system32\ASOROSet.bin
2013-07-06 09:33 . 2013-07-06 09:33	119808	----a-r-	c:\users\Oliver\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-07-03 18:20 . 2013-07-03 18:20	29696	----a-w-	c:\windows\system32\drivers\dtscsibus.sys
2013-06-30 20:11 . 2013-06-30 20:11	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-30 20:11 . 2013-06-30 20:12	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-30 20:11 . 2013-06-30 20:12	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-30 20:10 . 2012-07-17 12:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-23 22:57 . 2013-06-30 18:49	78277128	----a-w-	c:\windows\system32\MRT.exe
2013-06-21 12:06 . 2013-07-01 18:54	9239344	----a-w-	c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 18:54	7687592	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 18:54	7641832	----a-w-	c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 18:54	6324360	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 18:54	572704	----a-w-	c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-01 18:54	570656	----a-w-	c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-01 18:54	467232	----a-w-	c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-01 18:54	465184	----a-w-	c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-01 18:54	2953504	----a-w-	c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 18:54	27781920	----a-w-	c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-01 18:54	2777888	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 18:54	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 18:54	2363680	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 18:54	21102368	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-01 18:54	2002720	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 18:54	1832224	----a-w-	c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-01 18:54	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 18:54	15144928	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-07-01 18:54	1511712	----a-w-	c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-07-01 18:54	13411896	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-07-01 18:54	11235104	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-06-30 18:41	61216	----a-w-	c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2013-06-30 18:41	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2013-06-30 18:41	2936208	----a-w-	c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-06-30 18:41	2597856	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-06-30 18:41	12427240	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2009-07-13 21:59	15920536	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2013-06-30 18:41	6496544	----a-w-	c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-06-30 18:41	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-06-30 18:41	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-06-30 18:41	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-06-30 18:41	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2013-06-30 18:41	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-06-21 03:16 . 2013-06-21 03:16	566048	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-06-17 00:10 . 2013-06-30 18:36	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2846490-6779-455B-8F15-0B130A7B26E9}\mpengine.dll
2013-06-05 01:36 . 2013-06-30 18:39	3441992	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2013-06-04 23:08 . 2013-06-30 18:39	26987520	----a-w-	c:\windows\system32\RCoRes64.dat
2013-06-03 19:34 . 2013-06-30 18:39	142920	----a-w-	c:\windows\system32\RCoInstII64.dll
2013-05-30 17:59 . 2013-06-30 18:39	4810008	----a-w-	c:\windows\system32\RTKSMlfx.dll
2013-05-30 17:57 . 2013-06-30 18:39	758104	----a-w-	c:\windows\system32\RTKSMSettingsIPC.dll
2013-05-30 14:57 . 2013-06-30 18:39	946736	----a-w-	c:\windows\system32\SFSS_APO.dll
2013-05-22 15:24 . 2013-06-30 18:39	3744328	----a-w-	c:\windows\system32\RtkAPO64.dll
2013-05-20 20:16 . 2013-06-30 18:39	1003592	----a-w-	c:\windows\system32\RtkApi64.dll
2013-05-20 18:36 . 2013-06-30 18:39	2794056	----a-w-	c:\windows\system32\RtPgEx64.dll
2013-05-19 08:19 . 2013-05-19 08:19	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-05-19 08:19 . 2013-05-19 08:19	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-19 08:19 . 2013-05-19 08:19	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-19 08:19 . 2013-05-19 08:19	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-19 08:18 . 2013-05-19 08:18	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-05-19 08:18 . 2013-05-19 08:18	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-05-19 08:18 . 2013-05-19 08:18	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-05-19 08:18 . 2013-05-19 08:18	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-05-19 08:18 . 2013-05-19 08:18	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-05-19 08:18 . 2013-05-19 08:18	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-05-19 08:18 . 2013-05-19 08:18	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-19 08:18 . 2013-05-19 08:18	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-19 08:18 . 2013-05-19 08:18	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-05-19 08:18 . 2013-05-19 08:18	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-05-19 08:18 . 2013-05-19 08:18	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-05-19 08:18 . 2013-05-19 08:18	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-05-19 08:18 . 2013-05-19 08:18	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-05-19 08:18 . 2013-05-19 08:18	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-05-19 08:17 . 2013-05-19 08:17	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-05-19 08:17 . 2013-05-19 08:17	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-19 08:17 . 2013-05-19 08:17	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-05-19 08:17 . 2013-05-19 08:17	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-05-19 08:17 . 2013-05-19 08:17	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-05-19 08:17 . 2013-05-19 08:17	112640	----a-w-	c:\windows\system32\smss.exe
2013-05-19 08:17 . 2013-05-19 08:17	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-05-19 08:17 . 2013-05-19 08:17	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-19 08:17 . 2013-05-19 08:17	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-19 08:17 . 2013-05-19 08:17	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-19 08:17 . 2013-05-19 08:17	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-19 08:17 . 2013-05-19 08:17	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-19 08:17 . 2013-05-19 08:17	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-13 13:36 . 2013-05-13 13:36	50864	----a-w-	c:\windows\system32\drivers\point64.sys
2013-05-13 05:51 . 2013-06-30 18:36	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-30 18:36	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-30 18:36	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-30 18:36	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-30 18:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-30 18:36	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-30 18:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-30 18:36	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-30 18:36	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-30 18:36	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-12 21:42 . 2013-06-30 18:41	1832224	----a-w-	c:\windows\system32\nvdispco6432018.dll
2013-05-12 21:42 . 2013-06-30 18:41	1511712	----a-w-	c:\windows\system32\nvdispgenco6432018.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-03 05:35	1725128	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-03 05:35	1725128	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-03 05:35	1725128	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-06-30 138096]
"DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2013-06-25 3128352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-10-26 5178664]
.
c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Oliver\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130808.001_e93\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130808.001_e93\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [x]
S2 gearsec;gearsec;c:\windows\SysWOW64\gearsec.exe;c:\windows\SysWOW64\gearsec.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 a4djavs;Audio 4 DJ WDM Audio;c:\windows\system32\Drivers\a4djavs.sys;c:\windows\SYSNATIVE\Drivers\a4djavs.sys [x]
S3 a4djusb_svc;Audio 4 DJ;c:\windows\system32\Drivers\a4djusb.sys;c:\windows\SYSNATIVE\Drivers\a4djusb.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-30 20:38]
.
2013-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-662309260-220568418-758730657-1000Core.job
- c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28 19:41]
.
2013-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-662309260-220568418-758730657-1000UA.job
- c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28 19:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-03 05:33	2328264	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-03 05:33	2328264	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-03 05:33	2328264	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-05-27 7188552]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-05-20 1308232]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-30 21:12; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-06-30 21:32; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
FF - ExtSQL: 2013-06-30 21:32; ich@maltegoetz.de; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\ich@maltegoetz.de
FF - ExtSQL: 2013-06-30 21:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-30 21:48; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn
FF - ExtSQL: 2013-06-30 21:49; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn
FF - ExtSQL: 2013-08-09 10:03; {94cd2cc3-083f-49ba-a218-4cda4b4829fd}; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
FF - ExtSQL: 2013-08-09 12:50; ffxtlbr@delta.com; c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\7ggkqyzz.default\extensions\ffxtlbr@delta.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Birth of the Federation version 1.0.2 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-09  15:53:16
ComboFix-quarantined-files.txt  2013-08-09 13:53
ComboFix2.txt  2013-08-09 13:13
.
Vor Suchlauf: 17 Verzeichnis(se), 115.733.602.304 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 115.663.663.104 Bytes frei
.
- - End Of File - - 367DA6C2466257D10351FD8ED217CFAC
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 09.08.2013, 18:36   #8
ryder
/// TB-Ausbilder
 
Win 7 64 Bit Trojan.0Access - Standard

Win 7 64 Bit Trojan.0Access



Gut!

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)

Quick-Scan mit Malwarebytes
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 2:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte poste das Logfile hier oder teile mir mit, dass nichts gefunden wurde.
Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!


Schritt 3:

Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 09.08.2013, 23:04   #9
stec731
 
Win 7 64 Bit Trojan.0Access - Standard

Win 7 64 Bit Trojan.0Access



Erstmal danke für Deinen Support !!!!!

Letztlich habe ich doch die etwas kürzere Variante der Neuinstallation gewählt, erschien mir als die vernüftigere Lösung. Denke damit können wir den Treat hier beenden.

Ich danke für den tollen Support und die von Dir investizierte Zeit - Vielen Dank !!!

Alt 10.08.2013, 12:31   #10
ryder
/// TB-Ausbilder
 
Win 7 64 Bit Trojan.0Access - Standard

Win 7 64 Bit Trojan.0Access



Schön, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: Lob, Kritik und Wünsche - Trojaner-Board
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Antwort

Themen zu Win 7 64 Bit Trojan.0Access
administrator, adobe, bho, desktop, dsl, explorer, firefox, flash player, format, ftp, google, helper, helper.exe, installation, logfile, mozilla, mp3, nvidia, office 2013, plug-in, realtek, regcleaner, registry, safer networking, schannel.dll, security, senden, software, speedial, symantec, system




Ähnliche Themen: Win 7 64 Bit Trojan.0Access


  1. Probleme mit Trojan.0Access auf Windows 7
    Plagegeister aller Art und deren Bekämpfung - 25.06.2015 (6)
  2. Trojan.Siredef.C / Trojan.0Access / Rootkit.0Access
    Plagegeister aller Art und deren Bekämpfung - 12.05.2014 (9)
  3. 00000004.@ (Trojan.0Access) usw.
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (14)
  4. Vista: Trojan.Ransom.Gen; Trojan.0Access; Trojan.Agent; Firewall inaktiv
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (3)
  5. TR/ATRAPS.Gen und TR/Kazy durch Antivir gemeldet; ferner Trojan.Agent.MRGGen, Trojan.0Access, Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (10)
  6. Trojan.Banker, Trojan.0Access, Rootkit.0access in Malwarebytes- Log
    Log-Analyse und Auswertung - 24.10.2012 (5)
  7. Hilfe Virus! Internet tot!Trojan.Ransom.FGen Trojan.0Access
    Log-Analyse und Auswertung - 07.10.2012 (13)
  8. Trojan.Phex.THAGen6, RootKit.0Access, Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (29)
  9. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  10. Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen
    Log-Analyse und Auswertung - 19.09.2012 (9)
  11. RootKit.0Access/Trojan.Zaccess
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (2)
  12. Rootkit.0Access, Trojan.Sirefef, Trojan.Small Befall
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  13. Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen
    Log-Analyse und Auswertung - 05.07.2012 (23)
  14. trojan.small, trojan.sirefef, rootkit.0access
    Log-Analyse und Auswertung - 29.06.2012 (1)
  15. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  16. Probleme mit Trojan.Small, Trojan.Sirefef.AG.35, Rootkid.0Access,TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 28.06.2012 (23)
  17. Rootkit.0Access und Trojan.Agent
    Log-Analyse und Auswertung - 01.06.2012 (3)

Zum Thema Win 7 64 Bit Trojan.0Access - Hallo ich benötige eure Hilfe. Seit heute Morgen meldet mir Norton Dateiname: 80000000.@ Bedrohungsname: Trojan.Zeroaccess.C Vollständiger Pfad: c:\program files (x86)\google\desktop\install\{95ad3916-2136-e954-66ef-32d4d068a325}\ \...\*ﯹ๛\{95ad3916-2136-e954-66ef-32d4d068a325}\u\80000000.@ Ich habe bereits mbar durchlaufen lassen anbei das Logfile: - Win 7 64 Bit Trojan.0Access...
Archiv
Du betrachtest: Win 7 64 Bit Trojan.0Access auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.