Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 Bitdefender scheint deaktiviert, Netstat schließt sich von alleine (https://www.trojaner-board.de/156273-windows-7-bitdefender-scheint-deaktiviert-netstat-schliesst-alleine.html)

Windoof02 09.07.2014 12:46
Windows 7 Bitdefender scheint deaktiviert, Netstat schließt sich von alleine
 
Einen Guten Tag an alle,

ich habe ein Problem mit Windows und Bitdefender.

"Achtung kritische Probleme" wird angezeigt.
In der Taskbar steht, das Bitdefender im Autopilotmodus arbeitet.
Im Bitdefenderfenster steht allerdings "Benutzermodus".

Klickt man auf Probleme steht dort "Zugriff-Scans deaktiviert" Nur Administratoren.
Klickt man dan auf Statusberechtigungen konfigurieren und stellt den Virenschutzstatus auf OFF, sind angeblich alle Probleme behoben.Updates funkionieren auch nicht mehr.

Windows zeigt in der Taskleiste den Wartungscenter und sagt:"Bitdender Antivirus aktivieren".
Klickt man auf aktivieren, arbeitet Windows kurz und es passiert garnichts.


Dazu kommt, das Netstat von Windows sich nur kurz öffnen lässt, und dann von alleine wieder zupopt.
Man kann nur ganz kurz einige Verbindungen sehen und das wars.Mit Glück schafft man es das Fenster mit der Pausetaste offen zu halten, wobei nicht alle Verbindungen angezeigt werden, da Windows diese ja gerade noch auflistet.


Könnt ihr mir da irgendwie helfen?


Gruß Jürgen

schrauber 09.07.2014 13:07
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307


Und die Addition.txt von FRST bitte auch posten.

Windoof02 09.07.2014 17:32
Entschuldigung, das ich das falsch gemacht habe.
Jetzt sollte es richtig sein.


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by ***** (administrator) on RUMPELKISTE on 09-07-2014 12:57:13
Running from C:\Users\*****\Downloads\Virus entfernung
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-05-29] (Bitdefender)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-29] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-05-29] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-05-29] (Bitdefender)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-20] (Microsoft Corporation)
HKU\S-1-5-21-515958047-510650339-1647490138-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-29] (Bitdefender)
HKU\S-1-5-21-515958047-510650339-1647490138-1000\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-05-29] (Bitdefender)
HKU\S-1-5-21-515958047-510650339-1647490138-1000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-05-29] (Bitdefender)
HKU\S-1-5-21-515958047-510650339-1647490138-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-515958047-510650339-1647490138-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-515958047-510650339-1647490138-1000\...\Policies\Explorer: [NoResolveSearch] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spybot-S&D Start Center.lnk
ShortcutTarget: Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEB4A2347DD15CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\6boc8hrt.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tea Timer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\6boc8hrt.default\Extensions\ttimer@addons.mozilla.org.xpi [2014-01-20]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-20]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Bitdefender Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-01-20]
CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR HKLM-x32\...\Chrome\Extension: [958047-510650339-1647490138-1002] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-31]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-31]

==================== Services (Whitelisted) =================

R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2014-01-21] (Macrovision Europe Ltd.) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-14] (SurfRight B.V.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1526800 2014-05-29] (Bitdefender)

==================== Drivers (Whitelisted) ====================

S3 ADIHdAudAddService; No ImagePath
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-03-01] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-03-01] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-04-14] ()
R3 libusb0; C:\Windows\System32\drivers\libusb0.sys [52832 2014-04-28] (hxxp://libusb-win32.sourceforge.net)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [268800 2014-04-28] (Jungo Connectivity) [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-09 12:26 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 12:26 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 12:26 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 12:26 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 12:26 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 12:26 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 12:26 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 12:26 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 12:26 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 12:26 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 12:26 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 12:26 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 12:26 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 12:26 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 12:26 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 12:26 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 12:26 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 12:26 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 12:26 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 12:26 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 12:26 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 12:26 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 12:26 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 12:26 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 12:26 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 12:26 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 12:26 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 12:26 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 12:26 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 12:26 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 12:26 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 12:26 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 12:26 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 12:26 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 12:26 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 12:26 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 12:26 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 12:26 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 12:26 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 12:26 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 12:26 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 12:26 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 12:26 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 12:26 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 12:26 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 12:26 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 12:26 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 12:26 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 12:26 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 12:26 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 12:26 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 12:26 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 12:26 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 12:26 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 12:26 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 12:26 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 12:26 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 12:26 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 12:26 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 12:26 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 12:26 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 12:26 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 12:26 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 12:26 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 12:26 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 12:26 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 12:26 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 12:26 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 12:26 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 12:26 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 12:26 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 12:26 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 12:26 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 12:26 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 12:26 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 12:26 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 12:26 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 12:26 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 12:25 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 12:25 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 12:25 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-07 21:46 - 2014-07-07 21:46 - 00000000 ____D () C:\ProgramData\bdch
2014-07-04 12:54 - 2014-07-04 12:54 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-04 12:54 - 2014-07-04 12:54 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-04 12:54 - 2014-07-04 12:54 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-04 12:54 - 2014-07-04 12:54 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-04 12:54 - 2014-07-04 12:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-04 12:53 - 2014-07-04 12:54 - 00000000 ____D () C:\Program Files\Java
2014-07-04 12:53 - 2014-07-04 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-03 17:08 - 2014-07-03 17:08 - 00000000 ____D () C:\Users\*****\Documents\GitHub
2014-07-03 17:06 - 2014-07-03 17:06 - 00000000 ____D () C:\Users\*****\.ssh
2014-07-03 16:58 - 2014-07-03 17:16 - 00000000 ____D () C:\Users\*****\AppData\Local\GitHub
2014-07-03 16:58 - 2014-07-03 17:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\GitHub
2014-07-03 16:58 - 2014-07-03 16:58 - 00002140 _____ () C:\Users\*****\Desktop\Git Shell.lnk
2014-07-03 16:58 - 2014-07-03 16:58 - 00000308 _____ () C:\Users\*****\Desktop\GitHub.appref-ms
2014-07-03 16:58 - 2014-07-03 16:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2014-07-03 16:56 - 2014-07-03 17:08 - 00000000 ____D () C:\Users\*****\AppData\Local\Deployment
2014-07-03 16:56 - 2014-07-03 16:56 - 00000000 ____D () C:\Users\*****\AppData\Local\Apps\2.0
2014-07-02 13:52 - 2014-07-02 13:58 - 00000000 ____D () C:\Users\*****\Documents\Atmel Studio
2014-07-02 13:52 - 2014-07-02 13:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VisualAssistAtmel
2014-07-02 13:52 - 2014-07-02 13:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Atmel
2014-07-02 13:52 - 2014-07-02 13:52 - 00000000 ____D () C:\Users\*****\AppData\Local\VisualAssistAtmel
2014-07-02 13:52 - 2014-07-02 13:52 - 00000000 ____D () C:\Users\*****\AppData\Local\IsolatedStorage
2014-07-02 13:52 - 2014-07-02 13:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Atmel
2014-07-02 11:09 - 2014-07-02 11:09 - 00218775 _____ () C:\Users\*****\Desktop\Durchlichtwinlkel_doppelt.dxf
2014-07-02 11:09 - 2014-07-02 11:08 - 00028426 _____ () C:\Users\*****\Desktop\Durchlichtwinlkel_doppelt.brd
2014-07-02 11:05 - 2014-07-09 12:49 - 00296296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-02 11:05 - 2014-07-09 12:49 - 00002184 _____ () C:\Windows\setupact.log
2014-07-02 11:05 - 2014-07-02 11:05 - 00000640 _____ () C:\Windows\PFRO.log
2014-07-02 11:05 - 2014-07-02 11:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 18:30 - 2014-06-30 18:30 - 01852683 _____ () C:\Users\*****\Downloads\avrcalc.zip
2014-06-30 18:24 - 2014-06-30 18:32 - 00000000 ____D () C:\Users\*****\Desktop\Flashen
2014-06-30 17:26 - 2014-06-30 17:26 - 00003234 _____ () C:\Users\*****\Desktop\CFile1.c
2014-06-30 16:40 - 2014-06-30 18:06 - 00000373 _____ () C:\Users\*****\Desktop\counter16bit.eep
2014-06-30 16:37 - 2014-06-30 16:37 - 00001241 _____ () C:\Users\*****\Desktop\notepad - Verknüpfung.lnk
2014-06-30 16:37 - 2007-02-18 09:17 - 00003234 _____ () C:\Users\*****\Desktop\counter16bit.hex
2014-06-30 16:31 - 2014-06-30 16:31 - 00001673 _____ () C:\Users\*****\Desktop\atmelstudio - Verknüpfung.lnk
2014-06-30 16:21 - 2014-06-30 16:23 - 128738380 _____ () C:\Users\*****\Downloads\as-asf-msi-6.2.1277-win32.win32.x86.msi
2014-06-30 16:08 - 2014-06-30 16:08 - 00025088 _____ () C:\Users\*****\Desktop\installer_x64.exe
2014-06-30 16:08 - 2014-06-30 16:08 - 00004588 _____ () C:\Users\*****\Desktop\AVRISP_mkII.cat
2014-06-30 16:08 - 2014-06-30 16:08 - 00000446 __RSH () C:\ProgramData\ntuser.pol
2014-06-30 16:08 - 2014-06-30 16:08 - 00000000 ____D () C:\Users\*****\Desktop\x86
2014-06-30 16:08 - 2014-06-30 16:08 - 00000000 ____D () C:\Users\*****\Desktop\license
2014-06-30 16:08 - 2014-06-30 16:08 - 00000000 ____D () C:\Users\*****\Desktop\ia64
2014-06-30 16:08 - 2014-06-30 16:08 - 00000000 ____D () C:\Users\*****\Desktop\amd64
2014-06-30 16:07 - 2014-06-30 16:07 - 00913186 _____ () C:\Users\*****\Downloads\libusb-win32-bin-1.2.6.0.zip
2014-06-30 16:07 - 2014-06-30 16:07 - 00000000 ____D () C:\Users\*****\Downloads\libusb-win32-bin-1.2.6.0
2014-06-30 15:26 - 2014-06-30 15:26 - 00026948 _____ () C:\Users\*****\Desktop\bookmarks-2014-06-30.json
2014-06-30 15:04 - 2014-06-30 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibUSB-Win32
2014-06-30 15:04 - 2014-06-30 16:01 - 00000000 ____D () C:\Program Files\LibUSB-Win32
2014-06-30 14:51 - 2014-07-02 13:52 - 00000202 _____ () C:\Users\*****\Documents\timer.aws
2014-06-30 14:48 - 2014-07-02 13:49 - 00002627 _____ () C:\Users\*****\Documents\timer.aps
2014-06-30 14:48 - 2014-06-30 14:50 - 00003234 _____ () C:\Users\*****\Documents\timer.asm
2014-06-30 13:54 - 2014-06-30 13:54 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1390222602
2014-06-30 13:51 - 2014-06-30 13:51 - 00000000 ____D () C:\Users\*****\AppData\Local\Secunia PSI
2014-06-28 23:15 - 2014-06-28 23:15 - 00000000 ____D () C:\ProgramData\VS
2014-06-27 10:37 - 2014-06-27 10:30 - 00075541 _____ () C:\Users\*****\Desktop\PT4115 klein.brd
2014-06-27 10:36 - 2014-06-27 10:34 - 00075574 _____ () C:\Users\*****\Desktop\PT4115 standard.brd
2014-06-24 19:43 - 2014-06-24 19:43 - 00000000 ____D () C:\Users\*****\Desktop\Verlnüpfungen Browser
2014-06-24 19:40 - 2014-06-24 19:42 - 00000000 ____D () C:\Users\*****\Desktop\Verknüpfungen Platine
2014-06-24 13:44 - 2014-06-24 13:44 - 00076303 _____ () C:\Users\*****\Desktop\Gmer.log
2014-06-24 11:44 - 2014-06-24 11:44 - 00057124 _____ () C:\Users\*****\Desktop\FRST.txt
2014-06-24 11:40 - 2014-06-24 11:40 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-06-24 10:15 - 2014-06-24 10:15 - 00001241 _____ () C:\Users\*****\Desktop\netstat -a - Verknüpfung.lnk
2014-06-24 10:12 - 2014-06-24 10:12 - 00001104 _____ () C:\Users\*****\Desktop\netstat - Verknüpfung.lnk
2014-06-23 20:34 - 2014-06-23 20:36 - 00006930 _____ () C:\Windows\wininit.ini
2014-06-21 16:14 - 2014-06-21 16:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 22:31 - 2014-06-30 17:40 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-06-18 17:57 - 2014-07-09 12:57 - 00000000 ____D () C:\FRST
2014-06-18 17:46 - 2014-06-18 17:46 - 00000278 _____ () C:\Windows\system32\GfLstC71.dat
2014-06-18 17:45 - 2014-07-04 12:54 - 00000000 ____D () C:\Users\*****\AppData\Temp
2014-06-18 17:45 - 2014-06-18 17:45 - 00000000 ____D () C:\Users\*****\AppData\Temp
2014-06-18 17:45 - 2014-06-18 17:21 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-18 17:22 - 2014-06-18 22:31 - 00027246 _____ () C:\zoek-results.log
2014-06-18 17:20 - 2014-06-18 17:37 - 00000000 ____D () C:\zoek_backup
2014-06-18 17:10 - 2014-06-18 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 16:55 - 2014-07-09 12:57 - 00000000 ____D () C:\Users\*****\Downloads\Virus entfernung
2014-06-18 16:54 - 2014-06-18 16:54 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 16:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-18 16:45 - 2014-06-18 17:50 - 00000000 ____D () C:\AdwCleaner
2014-06-18 14:28 - 2014-06-18 14:28 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-06-18 14:28 - 2014-06-18 14:28 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-06-18 13:52 - 2014-06-18 13:52 - 00001759 _____ () C:\Users\*****\Desktop\AVRStudio - Verknüpfung.lnk
2014-06-18 12:32 - 2014-07-01 18:25 - 00000000 ____D () C:\Users\*****\AppData\Local\VisualAssistAtmel
2014-06-18 12:32 - 2014-07-01 17:44 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VisualAssistAtmel
2014-06-18 12:28 - 2014-05-15 01:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-06-18 12:26 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-18 12:26 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-18 12:26 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-18 12:23 - 2014-06-18 12:34 - 00000000 ____D () C:\Users\*****\Documents\Atmel Studio
2014-06-18 12:23 - 2014-06-18 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atmel
2014-06-18 12:23 - 2014-06-18 12:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Atmel
2014-06-18 12:23 - 2014-06-18 12:23 - 00000000 ____D () C:\Users\*****\AppData\Local\Atmel
2014-06-18 12:15 - 2014-06-18 12:15 - 00000000 ____D () C:\Users\*****\Downloads\AVR1913
2014-06-18 12:00 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-18 12:00 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-06-18 12:00 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-06-18 12:00 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-06-18 11:57 - 2014-06-18 11:57 - 00000000 ____D () C:\Users\*****\Documents\Visual Studio 2010
2014-06-18 11:56 - 2014-06-18 11:56 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-18 11:56 - 2014-06-18 11:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-06-18 11:41 - 2014-06-18 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atmel AVR Tools
2014-06-18 11:41 - 2009-07-07 07:31 - 00290904 _____ () C:\Windows\SysWOW64\vc6-re200l.dll
2014-06-18 11:41 - 2009-07-07 07:31 - 00073728 _____ (Rogue Wave Software Inc) C:\Windows\SysWOW64\RWUXThemeS.dll
2014-06-18 11:41 - 2009-05-20 11:46 - 05752320 _____ (BCGSoft Ltd) C:\Windows\SysWOW64\BCGCBPRO103090.dll
2014-06-18 11:41 - 2009-01-29 16:25 - 04419584 _____ (BCGSoft Ltd) C:\Windows\SysWOW64\BCGCBPRO10180.dll
2014-06-18 11:41 - 2002-01-05 02:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-06-16 20:52 - 2014-06-16 20:52 - 00000000 ____D () C:\Users\*****\IGC
2014-06-16 20:52 - 2014-06-16 20:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\IGC
2014-06-16 20:51 - 2014-06-16 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer
2014-06-16 20:51 - 2014-06-16 20:51 - 00000000 ____D () C:\Program Files (x86)\IGC
2014-06-16 20:45 - 2014-06-16 20:45 - 00008640 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-06-11 17:16 - 2014-06-11 17:16 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atmel AVR Tools
2014-06-11 16:49 - 2014-06-30 14:50 - 00000327 _____ () C:\Users\*****\Documents\AvrBuild.bat
2014-06-11 16:42 - 2014-06-11 16:42 - 00000000 ____D () C:\ProgramData\Atmel
2014-06-11 16:33 - 2009-07-14 09:07 - 00143360 _____ (Jungo) C:\Windows\SysWOW64\wdapi1002.dll
2014-06-11 16:33 - 2009-05-14 12:21 - 00157184 _____ (Jungo) C:\Windows\SysWOW64\wdapi1001.dll
2014-06-11 16:33 - 2006-10-18 14:39 - 00102400 _____ (Jungo) C:\Windows\SysWOW64\wdapi811.dll
2014-06-11 15:44 - 2014-06-11 15:44 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-06-11 15:37 - 2014-06-18 12:24 - 00000000 ____D () C:\Program Files (x86)\Atmel
2014-06-11 15:37 - 2014-06-11 15:37 - 00000000 ____D () C:\Program Files\DIFX
2014-06-11 15:37 - 2014-04-28 09:28 - 00151552 _____ (Jungo Connectivity) C:\Windows\SysWOW64\wdapi1150.dll
2014-06-11 15:37 - 2014-04-28 09:28 - 00151552 _____ (Jungo Connectivity) C:\Windows\SysWOW64\wdapi1140.dll
2014-06-11 15:37 - 2014-04-28 09:28 - 00143360 _____ (Jungo) C:\Windows\SysWOW64\wdapi1010.dll
2014-06-11 15:37 - 2014-04-28 09:28 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi1100.dll
2014-06-11 15:37 - 2014-04-28 09:28 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi102.dll
2014-06-11 15:37 - 2014-04-28 09:28 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi1011.dll
2014-06-11 15:37 - 2014-04-28 09:26 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2014-06-11 15:37 - 2014-04-28 09:26 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2014-06-11 15:37 - 2014-04-28 09:26 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2014-06-11 14:59 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 14:59 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 14:59 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 14:59 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 14:59 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 14:59 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 14:59 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 14:59 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 14:59 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 14:59 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 14:59 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 14:59 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 14:59 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 14:59 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-09 12:57 - 2014-06-18 17:57 - 00000000 ____D () C:\FRST
2014-07-09 12:57 - 2014-06-18 16:55 - 00000000 ____D () C:\Users\*****\Downloads\Virus entfernung
2014-07-09 12:55 - 2014-01-20 15:43 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 12:55 - 2009-07-14 19:58 - 00702562 _____ () C:\Windows\system32\perfh007.dat
2014-07-09 12:55 - 2009-07-14 19:58 - 00151278 _____ () C:\Windows\system32\perfc007.dat
2014-07-09 12:55 - 2009-07-14 07:13 - 01630080 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 12:54 - 2009-07-14 06:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-09 12:54 - 2009-07-14 06:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-09 12:53 - 2014-01-20 14:35 - 01890174 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 12:49 - 2014-07-02 11:05 - 00296296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 12:49 - 2014-07-02 11:05 - 00002184 _____ () C:\Windows\setupact.log
2014-07-09 12:49 - 2014-01-20 15:43 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-09 12:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-09 12:48 - 2014-04-30 13:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 12:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 12:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 12:47 - 2014-01-20 15:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 12:46 - 2014-01-20 15:44 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 21:46 - 2014-07-07 21:46 - 00000000 ____D () C:\ProgramData\bdch
2014-07-07 21:11 - 2014-05-14 21:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 18:07 - 2014-04-08 15:13 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-07 18:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-06 13:36 - 2014-03-10 01:13 - 00004146 _____ () C:\Users\*****\AppData\Roaming\LTspiceIV.ini
2014-07-04 12:54 - 2014-07-04 12:54 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-04 12:54 - 2014-07-04 12:54 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-04 12:54 - 2014-07-04 12:54 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-04 12:54 - 2014-07-04 12:54 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-04 12:54 - 2014-07-04 12:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-04 12:54 - 2014-07-04 12:53 - 00000000 ____D () C:\Program Files\Java
2014-07-04 12:54 - 2014-06-18 17:45 - 00000000 ____D () C:\Users\*****\AppData\Temp
2014-07-04 12:53 - 2014-07-04 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-04 12:53 - 2014-04-29 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-03 17:16 - 2014-07-03 16:58 - 00000000 ____D () C:\Users\*****\AppData\Local\GitHub
2014-07-03 17:08 - 2014-07-03 17:08 - 00000000 ____D () C:\Users\*****\Documents\GitHub
2014-07-03 17:08 - 2014-07-03 16:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\GitHub
2014-07-03 17:08 - 2014-07-03 16:56 - 00000000 ____D () C:\Users\*****\AppData\Local\Deployment
2014-07-03 17:06 - 2014-07-03 17:06 - 00000000 ____D () C:\Users\*****\.ssh
2014-07-03 17:06 - 2014-01-21 11:33 - 00000000 ____D () C:\Users\*****
2014-07-03 16:58 - 2014-07-03 16:58 - 00002140 _____ () C:\Users\*****\Desktop\Git Shell.lnk
2014-07-03 16:58 - 2014-07-03 16:58 - 00000308 _____ () C:\Users\*****\Desktop\GitHub.appref-ms
2014-07-03 16:58 - 2014-07-03 16:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2014-07-03 16:56 - 2014-07-03 16:56 - 00000000 ____D () C:\Users\*****\AppData\Local\Apps\2.0
2014-07-03 16:39 - 2014-03-02 22:39 - 00000000 ____D () C:\Users\*****\Documents\eagle
2014-07-02 13:58 - 2014-07-02 13:52 - 00000000 ____D () C:\Users\*****\Documents\Atmel Studio
2014-07-02 13:53 - 2014-07-02 13:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VisualAssistAtmel
2014-07-02 13:52 - 2014-07-02 13:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Atmel
2014-07-02 13:52 - 2014-07-02 13:52 - 00000000 ____D () C:\Users\*****\AppData\Local\VisualAssistAtmel
2014-07-02 13:52 - 2014-07-02 13:52 - 00000000 ____D () C:\Users\*****\AppData\Local\IsolatedStorage
2014-07-02 13:52 - 2014-07-02 13:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Atmel
2014-07-02 13:52 - 2014-06-30 14:51 - 00000202 _____ () C:\Users\*****\Documents\timer.aws
2014-07-02 13:49 - 2014-06-30 14:48 - 00002627 _____ () C:\Users\*****\Documents\timer.aps
2014-07-02 11:09 - 2014-07-02 11:09 - 00218775 _____ () C:\Users\*****\Desktop\Durchlichtwinlkel_doppelt.dxf
2014-07-02 11:08 - 2014-07-02 11:09 - 00028426 _____ () C:\Users\*****\Desktop\Durchlichtwinlkel_doppelt.brd
2014-07-02 11:05 - 2014-07-02 11:05 - 00000640 _____ () C:\Windows\PFRO.log
2014-07-02 11:05 - 2014-07-02 11:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-02 11:05 - 2014-01-20 21:47 - 00000000 ____D () C:\Program Files (x86)\BleachBit
2014-07-01 18:25 - 2014-06-18 12:32 - 00000000 ____D () C:\Users\*****\AppData\Local\VisualAssistAtmel
2014-07-01 17:44 - 2014-06-18 12:32 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VisualAssistAtmel
2014-06-30 18:32 - 2014-06-30 18:24 - 00000000 ____D () C:\Users\*****\Desktop\Flashen
2014-06-30 18:30 - 2014-06-30 18:30 - 01852683 _____ () C:\Users\*****\Downloads\avrcalc.zip
2014-06-30 18:06 - 2014-06-30 16:40 - 00000373 _____ () C:\Users\*****\Desktop\counter16bit.eep
2014-06-30 17:40 - 2014-06-18 22:31 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-06-30 17:26 - 2014-06-30 17:26 - 00003234 _____ () C:\Users\*****\Desktop\CFile1.c
2014-06-30 16:37 - 2014-06-30 16:37 - 00001241 _____ () C:\Users\*****\Desktop\notepad - Verknüpfung.lnk
2014-06-30 16:31 - 2014-06-30 16:31 - 00001673 _____ () C:\Users\*****\Desktop\atmelstudio - Verknüpfung.lnk
2014-06-30 16:23 - 2014-06-30 16:21 - 128738380 _____ () C:\Users\*****\Downloads\as-asf-msi-6.2.1277-win32.win32.x86.msi
2014-06-30 16:08 - 2014-06-30 16:08 - 00025088 _____ () C:\Users\*****\Desktop\installer_x64.exe
2014-06-30 16:08 - 2014-06-30 16:08 - 00004588 _____ () C:\Users\*****\Desktop\AVRISP_mkII.cat
2014-06-30 16:08 - 2014-06-30 16:08 - 00000446 __RSH () C:\ProgramData\ntuser.pol
2014-06-30 16:08 - 2014-06-30 16:08 - 00000000 ____D () C:\Users\*****\Desktop\x86
2014-06-30 16:08 - 2014-06-30 16:08 - 00000000 ____D () C:\Users\*****\Desktop\license
2014-06-30 16:08 - 2014-06-30 16:08 - 00000000 ____D () C:\Users\*****\Desktop\ia64
2014-06-30 16:08 - 2014-06-30 16:08 - 00000000 ____D () C:\Users\*****\Desktop\amd64
2014-06-30 16:08 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-30 16:07 - 2014-06-30 16:07 - 00913186 _____ () C:\Users\*****\Downloads\libusb-win32-bin-1.2.6.0.zip
2014-06-30 16:07 - 2014-06-30 16:07 - 00000000 ____D () C:\Users\*****\Downloads\libusb-win32-bin-1.2.6.0
2014-06-30 16:01 - 2014-06-30 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibUSB-Win32
2014-06-30 16:01 - 2014-06-30 15:04 - 00000000 ____D () C:\Program Files\LibUSB-Win32
2014-06-30 15:57 - 2014-01-20 14:41 - 00000000 ____D () C:\Users\*****
2014-06-30 15:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-30 15:26 - 2014-06-30 15:26 - 00026948 _____ () C:\Users\*****\Desktop\bookmarks-2014-06-30.json
2014-06-30 14:50 - 2014-06-30 14:48 - 00003234 _____ () C:\Users\*****\Documents\timer.asm
2014-06-30 14:50 - 2014-06-11 16:49 - 00000327 _____ () C:\Users\*****\Documents\AvrBuild.bat
2014-06-30 13:58 - 2014-01-20 16:13 - 00000000 ____D () C:\Users\*****\Downloads\installiert
2014-06-30 13:56 - 2014-04-11 21:07 - 00000000 ____D () C:\Python27
2014-06-30 13:56 - 2014-04-11 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2014-06-30 13:55 - 2014-04-11 21:08 - 00000000 ____D () C:\Python34
2014-06-30 13:55 - 2014-04-11 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-06-30 13:54 - 2014-06-30 13:54 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1390222602
2014-06-30 13:54 - 2014-01-20 14:56 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-30 13:51 - 2014-06-30 13:51 - 00000000 ____D () C:\Users\*****\AppData\Local\Secunia PSI
2014-06-30 04:09 - 2014-07-09 12:26 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 12:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 23:39 - 2014-01-20 16:07 - 00000975 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-28 23:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-28 23:15 - 2014-06-28 23:15 - 00000000 ____D () C:\ProgramData\VS
2014-06-27 13:54 - 2014-04-30 15:51 - 00001578 _____ () C:\Users\*****\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-06-27 10:34 - 2014-06-27 10:36 - 00075574 _____ () C:\Users\*****\Desktop\PT4115 standard.brd
2014-06-27 10:30 - 2014-06-27 10:37 - 00075541 _____ () C:\Users\*****\Desktop\PT4115 klein.brd
2014-06-25 21:50 - 2014-01-20 15:43 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 21:50 - 2014-01-20 15:43 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 19:43 - 2014-06-24 19:43 - 00000000 ____D () C:\Users\*****\Desktop\Verlnüpfungen Browser
2014-06-24 19:43 - 2014-03-02 22:30 - 00000000 ___RD () C:\Users\*****\Eagle Projekte
2014-06-24 19:42 - 2014-06-24 19:40 - 00000000 ____D () C:\Users\*****\Desktop\Verknüpfungen Platine
2014-06-24 13:44 - 2014-06-24 13:44 - 00076303 _____ () C:\Users\*****\Desktop\Gmer.log
2014-06-24 11:44 - 2014-06-24 11:44 - 00057124 _____ () C:\Users\*****\Desktop\FRST.txt
2014-06-24 11:40 - 2014-06-24 11:40 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-06-24 11:35 - 2014-03-02 22:43 - 00001054 _____ () C:\Users\*****\Desktop\Eagle Projekte in eigene Dokumente.lnk
2014-06-24 10:15 - 2014-06-24 10:15 - 00001241 _____ () C:\Users\*****\Desktop\netstat -a - Verknüpfung.lnk
2014-06-24 10:12 - 2014-06-24 10:12 - 00001104 _____ () C:\Users\*****\Desktop\netstat - Verknüpfung.lnk
2014-06-24 09:22 - 2014-01-20 14:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-23 20:36 - 2014-06-23 20:34 - 00006930 _____ () C:\Windows\wininit.ini
2014-06-21 16:14 - 2014-06-21 16:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 22:14 - 2014-07-09 12:26 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 12:26 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 03:39 - 2014-07-09 12:26 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 12:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 12:26 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 12:26 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 12:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 12:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 12:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 12:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 12:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 12:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 12:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 12:26 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 12:26 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 12:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 12:26 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 12:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 12:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 12:26 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 12:26 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 12:26 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 12:26 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 12:26 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 12:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 12:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 12:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 12:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 12:26 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 12:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 12:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 12:26 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 12:26 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 12:26 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 12:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 12:26 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 12:26 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 12:26 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 12:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 12:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 12:26 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 12:26 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 12:26 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 12:26 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 12:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 12:26 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 12:26 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 12:26 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 12:26 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 12:26 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 12:26 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 12:26 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 12:26 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 22:31 - 2014-06-18 17:22 - 00027246 _____ () C:\zoek-results.log
2014-06-18 17:50 - 2014-06-18 16:45 - 00000000 ____D () C:\AdwCleaner
2014-06-18 17:46 - 2014-06-18 17:46 - 00000278 _____ () C:\Windows\system32\GfLstC71.dat
2014-06-18 17:45 - 2014-06-18 17:45 - 00000000 ____D () C:\Users\*****\AppData\Temp
2014-06-18 17:37 - 2014-06-18 17:20 - 00000000 ____D () C:\zoek_backup
2014-06-18 17:21 - 2014-06-18 17:45 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-18 17:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-06-18 17:10 - 2014-06-18 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 16:54 - 2014-06-18 16:54 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 16:32 - 2014-01-21 11:34 - 00000000 ____D () C:\Users\*****\AppData\Local\NVIDIA Corporation
2014-06-18 15:06 - 2014-01-20 16:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-18 14:58 - 2014-05-23 14:36 - 00000000 _____ () C:\Users\*****\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-06-18 14:28 - 2014-06-18 14:28 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-06-18 14:28 - 2014-06-18 14:28 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-06-18 13:52 - 2014-06-18 13:52 - 00001759 _____ () C:\Users\*****\Desktop\AVRStudio - Verknüpfung.lnk
2014-06-18 12:34 - 2014-06-18 12:23 - 00000000 ____D () C:\Users\*****\Documents\Atmel Studio
2014-06-18 12:28 - 2014-01-20 18:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-18 12:25 - 2014-06-18 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atmel
2014-06-18 12:24 - 2014-06-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Atmel
2014-06-18 12:23 - 2014-06-18 12:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Atmel
2014-06-18 12:23 - 2014-06-18 12:23 - 00000000 ____D () C:\Users\*****\AppData\Local\Atmel
2014-06-18 12:23 - 2014-05-23 13:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\inkscape
2014-06-18 12:23 - 2014-01-20 18:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-18 12:15 - 2014-06-18 12:15 - 00000000 ____D () C:\Users\*****\Downloads\AVR1913
2014-06-18 12:00 - 2014-01-20 18:39 - 00000000 ____D () C:\Users\*****\AppData\Local\NVIDIA Corporation
2014-06-18 12:00 - 2014-01-20 18:05 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-18 12:00 - 2014-01-20 15:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-18 12:00 - 2014-01-20 15:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-18 11:59 - 2014-01-20 18:06 - 00000000 ____D () C:\Users\*****\AppData\Local\NVIDIA
2014-06-18 11:57 - 2014-06-18 11:57 - 00000000 ____D () C:\Users\*****\Documents\Visual Studio 2010
2014-06-18 11:57 - 2014-01-20 22:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-06-18 11:56 - 2014-06-18 11:56 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-18 11:56 - 2014-06-18 11:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-06-18 11:56 - 2014-01-20 22:49 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-06-18 11:41 - 2014-06-18 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atmel AVR Tools
2014-06-18 04:18 - 2014-07-09 12:26 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 12:26 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 12:26 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-16 21:19 - 2014-05-23 14:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\inkscape
2014-06-16 20:52 - 2014-06-16 20:52 - 00000000 ____D () C:\Users\*****\IGC
2014-06-16 20:52 - 2014-06-16 20:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\IGC
2014-06-16 20:51 - 2014-06-16 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer
2014-06-16 20:51 - 2014-06-16 20:51 - 00000000 ____D () C:\Program Files (x86)\IGC
2014-06-16 20:45 - 2014-06-16 20:45 - 00008640 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-06-16 19:51 - 2014-01-20 15:44 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-15 17:46 - 2014-06-02 09:41 - 00000367 _____ () C:\Users\*****\Sti_Trace.log
2014-06-15 16:50 - 2014-03-01 15:20 - 00000000 ____D () C:\Users\*****\Downloads\PCB
2014-06-13 15:20 - 2014-05-14 21:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-13 15:20 - 2014-01-20 15:43 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-13 15:20 - 2014-01-20 15:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-11 18:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 17:16 - 2014-06-11 17:16 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atmel AVR Tools
2014-06-11 16:42 - 2014-06-11 16:42 - 00000000 ____D () C:\ProgramData\Atmel
2014-06-11 15:44 - 2014-06-11 15:44 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-06-11 15:37 - 2014-06-11 15:37 - 00000000 ____D () C:\Program Files\DIFX
2014-06-10 15:32 - 2009-07-14 04:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-182502.backup

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-30 20:57

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Und der Zweite:

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-09 13:07:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port4Path0Target0Lun0 KINGSTON rev.503A 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\+++++\AppData\Local\Temp\uwdirpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                fffff96000144000 7 bytes [00, 93, F3, FF, 01, A0, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                            fffff96000144008 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Bitdefender\Bitdefender\vsserv.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      0000000077041570 6 bytes [48, B8, F0, 12, 8E, 01]
.text  C:\Program Files\Bitdefender\Bitdefender\vsserv.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                  0000000077041578 4 bytes [00, 00, 50, C3]
.text  C:\Program Files\Bitdefender\Bitdefender\vsserv.exe[964] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1                                          0000000076f6b7e1 11 bytes [B8, F0, 12, B0, 01, 00, 00, ...]
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1056] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1056] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                    00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1056] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                  00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                            * 2
.text  C:\Windows\system32\nvvsvc.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                      0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\nvvsvc.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                          0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\nvvsvc.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\nvvsvc.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\System32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\System32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\System32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\System32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\servicing\TrustedInstaller.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                          0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\servicing\TrustedInstaller.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                              0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\servicing\TrustedInstaller.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                            00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\servicing\TrustedInstaller.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                        00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\System32\spoolsv.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                      0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                          0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\svchost.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[1032] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                  00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[1032] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                      00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[1032] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                  00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                      0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                          0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                            00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                            00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\System32\svchost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\System32\svchost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\System32\svchost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\System32\svchost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2120] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                      00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2120] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                          00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2120] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2120] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                    00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2120] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                  00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                        00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                            00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                          00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                            * 2
.text  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                      0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                          0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                        00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                    00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                  0000000077041570 6 bytes [48, B8, F0, 12, 8E, 01]
.text  C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                              0000000077041578 4 bytes [00, 00, 50, C3]
.text  C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                              00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                          00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2336] C:\Windows\system32\KERNEL32.dll!UnhandledExceptionFilter + 1                                      0000000076f6b7e1 11 bytes [B8, F0, 12, AA, 01, 00, 00, ...]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                    00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                        00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                              00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                  00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                              00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                    00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                        00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                            0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                            00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                        00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\nvvsvc.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                      0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\nvvsvc.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                          0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\nvvsvc.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\nvvsvc.exe[3464] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\System32\svchost.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\System32\svchost.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\System32\svchost.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\System32\svchost.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\taskhost.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\taskhost.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\taskhost.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                    00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\taskhost.exe[3236] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\Dwm.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                        0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\Dwm.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                            0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\Dwm.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                          00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\Dwm.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                      00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\Explorer.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                            0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\Explorer.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\Explorer.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                              00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\Explorer.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                          00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\taskeng.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\taskeng.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\taskeng.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\taskeng.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                    00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                  00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3792] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                              00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3792] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                  00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3792] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                              00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files\Windows Sidebar\sidebar.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                        0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Program Files\Windows Sidebar\sidebar.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                            0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Program Files\Windows Sidebar\sidebar.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                        00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Program Files\Windows Sidebar\sidebar.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                    00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                    00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                        00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                      00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4112] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory  00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4112] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory      00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4112] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory  00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                    00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                        00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                    00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                              00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                          00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\conhost.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\conhost.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\conhost.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\conhost.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Windows\system32\SearchIndexer.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                              0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\SearchIndexer.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                  0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\SearchIndexer.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\SearchIndexer.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                            00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\Bitdefender\Bitdefender\seccenter.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Program Files\Bitdefender\Bitdefender\seccenter.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Program Files\Bitdefender\Bitdefender\seccenter.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                  0000000077041570 6 bytes [48, B8, F0, 12, E7, 03]
.text  C:\Program Files\Bitdefender\Bitdefender\seccenter.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                              0000000077041578 4 bytes [00, 00, 50, C3]
.text  C:\Program Files\Bitdefender\Bitdefender\seccenter.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                              00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Program Files\Bitdefender\Bitdefender\seccenter.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                          00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files\Bitdefender\Bitdefender\seccenter.exe[2812] C:\Windows\system32\KERNEL32.dll!UnhandledExceptionFilter + 1                                      0000000076f6b7e1 11 bytes [B8, F0, 12, 0E, 04, 00, 00, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi.exe[6112] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                          00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Secunia\PSI\psi.exe[6112] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                              00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Secunia\PSI\psi.exe[6112] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                          00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files (x86)\Secunia\PSI\psi.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                            * 2
.text  C:\Windows\system32\DllHost.exe[5200] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077041430 5 bytes JMP 00000000771a0010
.text  C:\Windows\system32\DllHost.exe[5200] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077041490 5 bytes JMP 00000000771a0028
.text  C:\Windows\system32\DllHost.exe[5200] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      00000000770417b0 1 byte JMP 00000000771a0040
.text  C:\Windows\system32\DllHost.exe[5200] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  00000000770417b2 3 bytes {JMP 0x15e890}
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[6016] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                          00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[6016] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                              00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[6016] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                          00000000771f0038 5 bytes JMP 0000000174918d80
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                            * 2
.text  C:\Users\+++++\Downloads\Virus entfernung\Gmer-19357.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                            00000000771efac0 5 bytes JMP 0000000174918cf0
.text  C:\Users\+++++\Downloads\Virus entfernung\Gmer-19357.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                00000000771efb58 5 bytes JMP 0000000174918ea0
.text  C:\Users\+++++\Downloads\Virus entfernung\Gmer-19357.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                            00000000771f0038 5 bytes JMP 0000000174918d80

---- EOF - GMER 2.1 ----

Gruß Jürgen

Windoof02 10.07.2014 12:09
Hier noch die Addition Datei.

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by ++++ at 2014-07-10 14:01:44
Running from C:\Users\++++\Downloads\Virus entfernung
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Bitdefender Antivirus (Disabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Disabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 14 Plugin (HKLM-x32\...\{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Anti-Twin (Installation 10.05.2014) (HKLM-x32\...\Anti-Twin 2014-05-10 15.21.20) (Version:  - Joerg Rosenthal, Germany)
Atmel ARM GNU Toolchain (HKLM-x32\...\{08B03F6C-2739-4178-85FB-AAC67B4E51F6}) (Version: 4.8.1426 - Atmel)
Atmel AVR (32 bit) GNU Toolchain (HKLM-x32\...\{7BEE75D3-B4D8-428B-A619-0A717EB7AA7E}) (Version: 3.4.1057 - Atmel)
Atmel AVR (8 bit) GNU Toolchain (HKLM-x32\...\{132C587D-2A0B-494C-86FB-7383D48EB850}) (Version: 3.4.1056 - Atmel)
Atmel JungoUSB (x32 Version: 6.2.86 - Atmel) Hidden
Atmel Kits (HKLM-x32\...\{6AA7B5AC-161F-4FEB-B559-AA81AA141BBF}) (Version: 6.2.39 - Atmel)
Atmel LibUSB (x32 Version: 6.2.38 - Atmel) Hidden
Atmel SeggerUSB (x32 Version: 6.2.22 - Atmel) Hidden
Atmel Studio 6.2 (HKLM-x32\...\{D64E2610-CFBA-4EA0-9EC3-00EB134B04A1}) (Version: 6.2.1153 - Atmel)
Atmel Studio Backend (HKLM-x32\...\{8D623996-B0EF-448A-BE23-9E3198C806A5}) (Version: 1.11.412 - Atmel Corporation)
Atmel Studio InfFiles (x32 Version: 6.2.80 - Atmel Corporation) Hidden
Atmel Studio Memory Logger (HKLM-x32\...\{612F3078-C59F-40DA-B649-491CE9522DDF}) (Version: 6.2.167 - Atmel)
Atmel USB Driver Package (HKLM-x32\...\{0b919373-80a6-47d9-8542-540e14f914dc}) (Version: 6.2.241 - Atmel)
Atmel WinUSB (x32 Version: 6.2.22 - Atmel) Hidden
AtmelSoftwareFramework (HKLM-x32\...\{9720DF63-65D1-446E-8F7C-5257C21E54D3}) (Version: 3.18.1277 - Atmel)
AVR LCD Visualizer (HKLM-x32\...\{075C20B8-A09B-41AB-9B06-5BA7E103910F}) (Version: 1.1.37 - Atmel)
AVR macro Assembler (HKLM-x32\...\{F416CF32-64E4-4E86-BB0E-1FF6891004E7}) (Version: 2.1.1117 - Atmel)
AVR-Brenner  0.9d (HKLM-x32\...\{F206CACF-CAB5-4183-B968-84F75B18FA5E}) (Version:  - Jens Gürtler)
AVRStudio4 (HKLM-x32\...\{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}) (Version: 4.18.700 - Atmel)
AVRStudio4 (x32 Version: 4.18.684 - Atmel) Hidden
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 17.23.0.996 - Bitdefender)
BleachBit (HKLM-x32\...\BleachBit) (Version:  - BleachBit)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CanoScan LiDE 700F Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq9601) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Code Composer Studio 5.5.0 (HKLM-x32\...\Code Composer Studio 5.5.0) (Version: 5.5.0.00077 - Texas Instruments)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
DesignSpark Mechanical 1.0 (HKLM\...\{724120B5-FF8C-4337-A7EF-3C1E0FB6B92F}) (Version: 8.1.2 - RS Components)
DesignSpark PCB 6.0 (x32 Version: 6.0 - RS Components) Hidden
DesignSpark PCB Version 6.0 (HKLM-x32\...\InstallShield_{D50600AA-D25A-463B-98BF-E09585325711}) (Version: 6.0 - RS Components)
EAGLE 6.6.0 (HKLM-x32\...\EAGLE 6.6.0) (Version: 6.6.0 - CadSoft Computer GmbH)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free DWG Viewer 7.2 (HKLM-x32\...\{90751489-B709-4D2F-8634-FEE00BFEC41A}) (Version: 7.2.0.69 - IGC)
GC-Prevue (HKLM\...\{B5812218-60F6-434A-A9B8-A7673631E72B}) (Version: 22.1.8 - GraphiCode)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
KiCad 2013.07.07 (HKLM-x32\...\KiCad) (Version: 2013.07.07 - )
LibUSB-Win32-1.2.6.0 (HKLM\...\LibUSB-Win32_is1) (Version: 1.2.6.0 - LibUSB-Win32)
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET and Web Tools 2012.3 - Visual Studio 2012 - deu (HKLM-x32\...\{E02793D2-41F7-4CF3-A5BA-147A01064C7A}) (Version: 1.4.41009.0 - Microsoft Corporation)
Microsoft ASP.NET and Web Tools 2012.3 - Visual Studio Express 2012 for Web - deu (HKLM-x32\...\{DAB26093-AA5C-4DCC-8B03-A4A654E5BF0B}) (Version: 1.4.41009.0 - Microsoft Corporation)
Microsoft ASP.NET and Web Tools 2013.1 - Visual Studio 2013 - deu (HKLM-x32\...\{FA679AF5-CB26-456B-91F1-299D11BF5752}) (Version: 2.1.41009.0 - Microsoft Corporation)
Microsoft ASP.NET and Web Tools 2013.1 - Visual Studio Express 2013 for Web - deu (HKLM-x32\...\{88C82FE5-E3C7-4076-ADB7-8E2BEF3A6FC6}) (Version: 2.1.41009.0 - Microsoft Corporation)
Microsoft C++ REST SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio Express 2013 for Windows Desktop (x32 Version: 2.7.40911.287 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Team Foundation Server 2013 Object Model (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2013-Objektmodell Sprachpaket (x64) - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x86 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 32bit Compilers - DEU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Core Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86-x64 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50325 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2013 Express Prerequisites x64 - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell-(Mindest)-Ressourcen (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Team Explorer Sprachpaket - DEU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013-Vorbereitung (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2013 for Windows Desktop (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (HKLM-x32\...\{31e4d2a5-b246-4c2d-a7fb-aee157c26b02}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer deu Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
paint.net 4.0 Pre-Release (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
PC Fresh (HKLM-x32\...\PC Fresh_is1) (Version: 2014 - (Abelssoft) Ascora GmbH)
Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
Python 2.7.7 (HKLM-x32\...\{049CA433-77A0-4e48-AC76-180A282C4E10}) (Version: 2.7.7150 - Python Software Foundation)
Python 3.4.0 (64-bit) (HKLM\...\{863162a8-ecc2-35ea-bdf7-e09ac456e164}) (Version: 3.4.150 - Python Software Foundation)
Python 3.4.1 (HKLM-x32\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)
RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 3.50 - Philipp Winterberg)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SSD Fresh (HKLM-x32\...\SSD Fresh_is1) (Version: 2014 - Abelssoft)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12442 - Widevine Technologies)
WinAVR 20100110 (remove only) (HKLM-x32\...\WinAVR-20100110) (Version: 20100110 - )
Windows Azure Authoring Tools - v2.2 (HKLM\...\{863C94A6-E432-4C88-9C68-FB668AE66621}) (Version: 2.2.6492.2 - Microsoft Corporation)
Windows Azure Emulator - v2.2 (HKLM\...\Windows Azure Emulator - v2.2) (Version: 2.2.6492.2 - Microsoft Corporation)
Windows Azure Emulator - v2.2 (Version: 2.2.6492.2 - Microsoft Corporation) Hidden
Windows Azure Libraries for .NET – v2.2 (HKLM\...\{0DCF275C-3D88-48CC-B374-ACA7365EF966}) (Version: 2.2.0924.200 - Microsoft Corporation)
Windows Azure Storage Tools - v2.2 (HKLM-x32\...\{E7FCA9E4-CDCB-472B-B168-567B16088E89}) (Version: 2.2.0.0 - Microsoft Corporation)
Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.2 (x32 Version: 2.2.11002.1601 - Microsoft) Hidden
Windows Azure Tools für LightSwitch für Visual Studio 2013 - $(var.OOBPublishVersion) (DEU) (x32 Version: 2.2.11002.1601 - Microsoft) Hidden
Windows Azure Tools für Microsoft LightSwitch für Visual Studio 2013 (DEU) - v2.2 (HKLM-x32\...\{65b1736c-b378-4fa5-83c8-42177d0cecdf}) (Version: 2.2.11002.1601 - Microsoft Corporation)
Windows Software Development Kit (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Segger (jlink) USB  (04/11/2012 2.6.8.2) (HKLM\...\419546AE8E4244C647A348987F769803F43B9C4F) (Version: 04/11/2012 2.6.8.2 - Segger)
Windows-Treiberpaket - SEGGER (usbser) Ports  (01/25/2012 6.0.2600.4) (HKLM\...\BD6BF8BBF7BE0D0091163F649A1A423B7EB9D4F1) (Version: 01/25/2012 6.0.2600.4 - SEGGER)
Wings 3D 1.5.2 (HKLM-x32\...\Wings 3D 1.5.2) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-07-01 18:25 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {04B297D8-9F71-4C94-ACAB-3BBE5F34A4CA} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {131E36FC-3DF3-4649-BBEE-7022946ADA21} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {24C60635-57F3-4B47-A302-36FE84A5A2DB} - System32\Tasks\Opera scheduled Autoupdate 1390222602 => C:\Program Files (x86)\Opera\launcher.exe [2014-06-16] (Opera Software)
Task: {6443EBC5-2EEB-413C-BCD0-FC7AA2B40CF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {6991699C-BD56-4AA8-BAA0-74E7CE00BDDA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {8A8572EB-2D67-44F8-B5A2-703EAD5CE29B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {ABA404BA-03E6-458C-A88D-1D5B55600FE5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-13] (Adobe Systems Incorporated)
Task: {E17B22F4-5754-46B6-B620-F6B14AB8602C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {F6C09A26-BDE3-4009-ACDE-D8D91E96151A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 15:07 - 2013-06-19 12:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-01-20 15:07 - 2013-11-28 13:49 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-06-18 11:19 - 2014-06-18 11:19 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00046_009\ashttpbr.mdl
2014-06-18 11:19 - 2014-06-18 11:19 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00046_009\ashttpdsp.mdl
2014-06-18 11:19 - 2014-06-18 11:19 - 02599584 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00046_009\ashttpph.mdl
2014-06-18 11:19 - 2014-06-18 11:19 - 01322896 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00046_009\ashttprbl.mdl
2014-01-20 18:05 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-21 12:22 - 2014-05-21 12:22 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-01-20 15:07 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
2014-05-29 18:37 - 2014-05-29 18:37 - 00468496 _____ () C:\Program Files\Bitdefender\Bitdefender\bdidntconp.dll
2014-05-29 18:37 - 2014-05-29 18:37 - 00203264 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\bdidntconp.ui
2014-01-20 16:27 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-20 16:27 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-20 16:27 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-20 16:27 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-20 16:27 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-06-21 16:14 - 2014-06-21 16:14 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2014 00:50:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SDWelcome.exe, Version: 2.2.21.129, Zeitstempel: 0x51dd1105
Name des fehlerhaften Moduls: wship6.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a5bdb56
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74001414
ID des fehlerhaften Prozesses: 0x134c
Startzeit der fehlerhaften Anwendung: 0xSDWelcome.exe0
Pfad der fehlerhaften Anwendung: SDWelcome.exe1
Pfad des fehlerhaften Moduls: SDWelcome.exe2
Berichtskennung: SDWelcome.exe3

Error: (07/09/2014 00:49:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SDTray.exe, Version: 2.1.21.129, Zeitstempel: 0x51f0ed9e
Name des fehlerhaften Moduls: wship6.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a5bdb56
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74001414
ID des fehlerhaften Prozesses: 0xe68
Startzeit der fehlerhaften Anwendung: 0xSDTray.exe0
Pfad der fehlerhaften Anwendung: SDTray.exe1
Pfad des fehlerhaften Moduls: SDTray.exe2
Berichtskennung: SDTray.exe3

Error: (07/09/2014 00:49:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SDWelcome.exe, Version: 2.2.21.129, Zeitstempel: 0x51dd1105
Name des fehlerhaften Moduls: wship6.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a5bdb56
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74001414
ID des fehlerhaften Prozesses: 0xc94
Startzeit der fehlerhaften Anwendung: 0xSDWelcome.exe0
Pfad der fehlerhaften Anwendung: SDWelcome.exe1
Pfad des fehlerhaften Moduls: SDWelcome.exe2
Berichtskennung: SDWelcome.exe3

Error: (07/07/2014 06:48:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/06/2014 02:37:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: eagle.exe, Version: 0.0.0.0, Zeitstempel: 0x538c70ea
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x15d576bd
ID des fehlerhaften Prozesses: 0x160c
Startzeit der fehlerhaften Anwendung: 0xeagle.exe0
Pfad der fehlerhaften Anwendung: eagle.exe1
Pfad des fehlerhaften Moduls: eagle.exe2
Berichtskennung: eagle.exe3

Error: (07/05/2014 02:33:13 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/04/2014 01:28:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/03/2014 06:36:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {203bf555-3c10-445a-a51b-6ad6546f6cbf}

Error: (07/03/2014 04:34:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/03/2014 02:15:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


System errors:
=============
Error: (07/10/2014 01:59:57 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/10/2014 01:55:43 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{fd967262-81ce-11e3-b06e-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (07/09/2014 06:22:20 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{fd967262-81ce-11e3-b06e-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (07/09/2014 00:49:09 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{fd967262-81ce-11e3-b06e-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (07/09/2014 00:24:44 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/09/2014 00:19:23 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{fd967262-81ce-11e3-b06e-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (07/07/2014 09:46:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/07/2014 05:58:31 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{fd967262-81ce-11e3-b06e-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (07/06/2014 01:05:53 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{fd967262-81ce-11e3-b06e-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (07/05/2014 06:11:14 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{fd967262-81ce-11e3-b06e-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.


Microsoft Office Sessions:
=========================
Error: (07/09/2014 00:50:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWelcome.exe2.2.21.12951dd1105wship6.dll_unloaded0.0.0.04a5bdb56c000000574001414134c01cf9b6395ce8750C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exewship6.dlld3af7076-0756-11e4-a92e-00261894339e

Error: (07/09/2014 00:49:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDTray.exe2.1.21.12951f0ed9ewship6.dll_unloaded0.0.0.04a5bdb56c000000574001414e6801cf9b637db4988aC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exewship6.dllbfe13d6f-0756-11e4-a92e-00261894339e

Error: (07/09/2014 00:49:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWelcome.exe2.2.21.12951dd1105wship6.dll_unloaded0.0.0.04a5bdb56c000000574001414c9401cf9b637dafd5c9C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exewship6.dllbc0ee7de-0756-11e4-a92e-00261894339e

Error: (07/07/2014 06:48:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/06/2014 02:37:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eagle.exe0.0.0.0538c70eaunknown0.0.0.000000000c000000515d576bd160c01cf990d98e8a4beC:\Program Files (x86)\EAGLE-6.6.0\bin\eagle.exeunknown3f9b7d03-050a-11e4-9fb4-00261894339e

Error: (07/05/2014 02:33:13 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/04/2014 01:28:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/03/2014 06:36:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {203bf555-3c10-445a-a51b-6ad6546f6cbf}

Error: (07/03/2014 04:34:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/03/2014 02:15:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


CodeIntegrity Errors:
===================================
  Date: 2014-07-10 13:55:55.992
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 18:28:36.191
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 18:22:33.491
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 13:34:56.376
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 13:19:16.451
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 12:49:23.453
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 12:47:15.977
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-09 12:19:35.695
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-07 18:37:30.082
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-07 18:05:55.628
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 24567.11 MB
Available physical RAM: 21364.09 MB
Total Pagefile: 61415.29 MB
Available Pagefile: 58209.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.76 GB) (Free:10.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: B7135197)
Partition 1: (Active) - (Size=32 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 11.07.2014 08:26
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Windoof02 11.07.2014 15:25
Hoffe ist im richtigen Format.

Code:
ComboFix 14-07-11.04 - +++++ 11.07.2014  17:00:38.1.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.24567.22465 [GMT 2:00]
ausgeführt von:: c:\users\+++++\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Outdated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Spyware-Schutz *Disabled/Outdated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\programdata\1390222981.bdinstall.bin
c:\users\+++++\AppData\Roaming\FoxitReaderUpdateInfo.txt
c:\users\+++++\AppData\Roaming\FoxitReaderUpdateInfo.txt
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-06-11 bis 2014-07-11  ))))))))))))))))))))))))))))))
.
.
2014-07-11 15:04 . 2014-07-11 15:04        --------        d-----w-        c:\users\+++++\AppData\Local\temp
2014-07-11 14:43 . 2014-06-05 10:54        10779000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B1DD085-5F3B-436E-A1A3-44C603F63763}\mpengine.dll
2014-07-09 11:14 . 2014-07-09 11:14        --------        d-sh--w-        c:\users\+++++\AppData\Local\EmieUserList
2014-07-09 11:14 . 2014-07-09 11:14        --------        d-sh--w-        c:\users\+++++\AppData\Local\EmieSiteList
2014-07-09 11:07 . 2014-07-09 11:07        --------        d-----w-        c:\users\+++++\AppData\Local\Apps
2014-07-09 10:25 . 2014-06-05 14:45        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-07-09 10:25 . 2014-06-05 14:26        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-07-09 10:25 . 2014-06-05 14:25        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-07-07 19:46 . 2014-07-07 19:46        --------        d-----w-        c:\programdata\bdch
2014-07-07 16:06 . 2014-07-07 16:06        --------        d-----w-        c:\users\+++++\AppData\Local\Diagnostics
2014-07-04 10:54 . 2014-07-04 10:54        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-07-04 10:54 . 2014-07-04 10:54        --------        d-----w-        c:\programdata\Oracle
2014-07-04 10:54 . 2014-07-04 10:54        313256        ----a-w-        c:\windows\system32\javaws.exe
2014-07-04 10:54 . 2014-07-04 10:54        191400        ----a-w-        c:\windows\system32\javaw.exe
2014-07-04 10:54 . 2014-07-04 10:54        190888        ----a-w-        c:\windows\system32\java.exe
2014-07-04 10:54 . 2014-07-04 10:54        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2014-07-04 10:53 . 2014-07-04 10:54        --------        d-----w-        c:\program files\Java
2014-07-03 15:06 . 2014-07-03 15:06        --------        d-----w-        c:\users\+++++\.ssh
2014-07-03 14:58 . 2014-07-03 15:16        --------        d-----w-        c:\users\+++++\AppData\Local\GitHub
2014-07-03 14:58 . 2014-07-03 15:08        --------        d-----w-        c:\users\+++++\AppData\Roaming\GitHub
2014-07-03 14:56 . 2014-07-03 15:08        --------        d-----w-        c:\users\+++++\AppData\Local\Deployment
2014-07-03 14:56 . 2014-07-03 14:56        --------        d-----w-        c:\users\+++++\AppData\Local\Apps
2014-07-02 11:52 . 2014-07-02 11:52        --------        d-----w-        c:\users\+++++\AppData\Local\IsolatedStorage
2014-07-02 11:52 . 2014-07-02 11:53        --------        d-----w-        c:\users\+++++\AppData\Roaming\VisualAssistAtmel
2014-07-02 11:52 . 2014-07-02 11:52        --------        d-----w-        c:\users\+++++\AppData\Local\VisualAssistAtmel
2014-07-02 11:52 . 2014-07-02 11:52        --------        d-----w-        c:\users\+++++\AppData\Roaming\Atmel
2014-07-02 11:52 . 2014-07-02 11:52        --------        d-----w-        c:\users\+++++\AppData\Local\Atmel
2014-07-02 10:16 . 2014-07-02 10:16        --------        d-----w-        c:\users\+++++\AppData\Local\Programs
2014-06-30 13:04 . 2014-06-30 14:01        --------        d-----w-        c:\program files\LibUSB-Win32
2014-06-30 11:51 . 2014-06-30 11:51        --------        d-----w-        c:\users\+++++\AppData\Local\Secunia PSI
2014-06-28 21:15 . 2014-06-28 21:15        --------        d-----w-        c:\programdata\VS
2014-06-18 20:31 . 2014-06-30 15:40        --------        d-----w-        c:\users\+++++\AppData\Local\VirtualStore
2014-06-18 15:57 . 2014-07-10 12:02        --------        d-----w-        C:\FRST
2014-06-18 15:45 . 2014-06-18 15:21        24064        ----a-w-        c:\windows\zoek-delete.exe
2014-06-18 15:45 . 2014-07-11 15:04        --------        d-----w-        c:\users\+++++\AppData\Local\Temp
2014-06-18 15:20 . 2014-06-18 15:37        --------        d-----w-        C:\zoek_backup
2014-06-18 15:10 . 2014-06-18 15:10        --------        d-----w-        c:\programdata\Malwarebytes
2014-06-18 14:54 . 2014-06-18 14:54        --------        d-----w-        c:\windows\ERUNT
2014-06-18 14:46 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-06-18 14:45 . 2014-06-18 15:50        --------        d-----w-        C:\AdwCleaner
2014-06-18 10:32 . 2014-07-01 15:44        --------        d-----w-        c:\users\+++++\AppData\Roaming\VisualAssistAtmel
2014-06-18 10:32 . 2014-07-01 16:25        --------        d-----w-        c:\users\+++++\AppData\Local\VisualAssistAtmel
2014-06-18 10:28 . 2014-05-14 23:49        3774821        ----a-w-        c:\windows\system32\nvcoproc.bin
2014-06-18 10:23 . 2014-06-18 10:23        --------        d-----w-        c:\users\+++++\AppData\Roaming\Atmel
2014-06-18 10:23 . 2014-06-18 10:23        --------        d-----w-        c:\users\+++++\AppData\Local\Atmel
2014-06-18 10:00 . 2014-05-29 23:07        1291232        ----a-w-        c:\windows\SysWow64\nvspbridge.dll
2014-06-18 10:00 . 2014-05-29 23:07        1715176        ----a-w-        c:\windows\system32\nvspbridge64.dll
2014-06-18 10:00 . 2014-03-31 16:42        40392        ----a-w-        c:\windows\system32\drivers\nvvad64v.sys
2014-06-18 10:00 . 2014-03-31 16:42        34760        ----a-w-        c:\windows\SysWow64\nvaudcap32v.dll
2014-06-18 09:57 . 2014-06-28 21:26        84448        ----a-w-        c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-06-18 09:56 . 2014-06-18 09:56        --------        d-----w-        c:\program files (x86)\Microsoft Visual Studio 10.0
2014-06-18 09:56 . 2014-06-18 09:56        --------        d-----w-        c:\windows\PCHEALTH
2014-06-18 09:41 . 2009-07-07 05:31        290904        ----a-w-        c:\windows\SysWow64\vc6-re200l.dll
2014-06-18 09:41 . 2009-07-07 05:31        73728        ----a-w-        c:\windows\SysWow64\RWUXThemeS.dll
2014-06-18 09:41 . 2009-05-20 09:46        5752320        ----a-w-        c:\windows\SysWow64\BCGCBPRO103090.dll
2014-06-18 09:41 . 2009-01-29 14:25        4419584        ----a-w-        c:\windows\SysWow64\BCGCBPRO10180.dll
2014-06-18 09:41 . 2002-01-05 00:37        344064        ----a-w-        c:\windows\SysWow64\msvcr70.dll
2014-06-16 18:52 . 2014-06-16 18:52        --------        d-----w-        c:\users\+++++\IGC
2014-06-16 18:52 . 2014-06-16 18:52        --------        d-----w-        c:\users\+++++\AppData\Roaming\IGC
2014-06-16 18:51 . 2014-06-16 18:51        --------        d-----w-        c:\program files (x86)\IGC
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 12:28 . 2014-05-29 16:58        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-07-09 10:46 . 2014-01-20 13:44        96441528        ----a-w-        c:\windows\system32\MRT.exe
2014-06-13 13:20 . 2014-01-20 13:43        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-13 13:20 . 2014-01-20 13:43        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-01 12:17 . 2014-06-01 12:17        2452992        ----a-w-        c:\windows\SysWow64\python27.dll
2014-05-29 23:07 . 2014-01-20 16:07        1122312        ----a-w-        c:\windows\SysWow64\nvspcap.dll
2014-05-29 23:07 . 2014-01-20 16:07        1279480        ----a-w-        c:\windows\system32\nvspcap64.dll
2014-05-29 22:34 . 2014-04-30 19:24        48392        ----a-w-        c:\windows\SysWow64\certsentry.dll
2014-05-29 22:33 . 2014-01-20 14:58        57096        ----a-w-        c:\windows\system32\certsentry.dll
2014-05-20 02:44 . 2014-03-01 13:58        16003912        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-01-20 15:51        3109248        ----a-w-        c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2014-01-20 15:51        2730208        ----a-w-        c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2014-01-20 15:25        61216        ----a-w-        c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2014-01-20 15:25        52056        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2014-05-20 02:44 . 2013-10-27 08:12        18531568        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2013-10-27 08:12        17480432        ----a-w-        c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2013-10-27 08:12        14434704        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2014-05-20 01:25 . 2014-01-20 16:05        6769096        ----a-w-        c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2014-01-20 16:05        3514144        ----a-w-        c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2014-01-20 16:05        927520        ----a-w-        c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2014-01-20 16:05        62808        ----a-w-        c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2014-01-20 16:05        387528        ----a-w-        c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2014-01-20 16:05        2560968        ----a-w-        c:\windows\system32\nvsvcr.dll
2014-05-18 08:38 . 2014-05-18 08:38        2734592        ----a-w-        c:\windows\SysWow64\python34.dll
2014-05-18 08:37 . 2014-05-18 08:37        102400        ----a-w-        c:\windows\py.exe
2014-05-18 08:37 . 2014-05-18 08:37        102912        ----a-w-        c:\windows\pyw.exe
2014-05-08 09:32 . 2014-06-11 12:59        3178496        ----a-w-        c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 12:59        16384        ----a-w-        c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-28 07:28 . 2014-06-11 13:37        151552        ----a-w-        c:\windows\SysWow64\wdapi1150.dll
2014-04-28 07:28 . 2014-06-11 13:37        151552        ----a-w-        c:\windows\SysWow64\wdapi1140.dll
2014-04-28 07:28 . 2014-06-11 13:37        143360        ----a-w-        c:\windows\SysWow64\wdapi1010.dll
2014-04-28 07:28 . 2014-06-11 13:37        110592        ----a-w-        c:\windows\SysWow64\wdapi1100.dll
2014-04-28 07:28 . 2014-06-11 13:37        110592        ----a-w-        c:\windows\SysWow64\wdapi102.dll
2014-04-28 07:28 . 2014-06-11 13:37        110592        ----a-w-        c:\windows\SysWow64\wdapi1011.dll
2014-04-28 07:28 . 2014-04-28 07:28        268800        ----a-w-        c:\windows\system32\drivers\windrvr6.sys
2014-04-28 07:27 . 2014-04-28 07:27        1721576        ----a-w-        c:\windows\SysWow64\WdfCoInstaller01009.dll
2014-04-28 07:27 . 2014-04-28 07:27        1002728        ----a-w-        c:\windows\SysWow64\winusbcoinstaller2.dll
2014-04-28 07:26 . 2014-06-11 13:37        76384        ----a-w-        c:\windows\system32\libusb0.dll
2014-04-28 07:26 . 2014-06-11 13:37        67680        ----a-w-        c:\windows\SysWow64\libusb0.dll
2014-04-28 07:26 . 2014-06-11 13:37        52832        ----a-w-        c:\windows\system32\drivers\libusb0.sys
2014-04-25 02:34 . 2014-06-11 12:59        801280        ----a-w-        c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 12:59        626688        ----a-w-        c:\windows\SysWow64\usp10.dll
2014-04-14 18:13 . 2014-03-01 12:40        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-14 14:05 . 2014-04-13 17:07        93144        ----a-w-        c:\windows\system32\drivers\hmpalert.sys
2014-04-14 14:05 . 2014-04-13 17:07        548424        ----a-w-        c:\windows\system32\hmpalert.dll
2014-04-14 14:05 . 2014-04-13 17:07        477008        ----a-w-        c:\windows\SysWow64\hmpalert.dll
2014-01-27 14:02 . 2014-01-27 14:02        431888        ----a-r-        c:\program files (x86)\Common Files\riched20.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender-Geldbörse-Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-05-29 568400]
"Bitdefender-Geldbörse"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-05-29 1002048]
"Bitdefender-Geldbörse-Anwendungs-Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2014-05-29 614744]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender-Geldbörse-Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-05-29 568400]
"Bitdefender-Geldbörse"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-05-29 1002048]
"Bitdefender-Geldbörse-Anwendungs-Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2014-05-29 614744]
.
c:\users\+++++\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spybot-S&D Start Center.lnk - c:\program files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe [2014-1-20 6214480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VsEtwService120;Visual Studio ETW-Ereignisauflistungsdienst;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R4 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-16 17:50        1091912        ----a-w-        c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-20 13:20]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 13:43]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 13:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2014-05-29 1743088]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\+++++\AppData\Roaming\Mozilla\Firefox\Profiles\6boc8hrt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{0b919373-80a6-47d9-8542-540e14f914dc} - c:\programdata\Package Cache\{0b919373-80a6-47d9-8542-540e14f914dc}\AtmelUSBInstaller.exe
AddRemove-{31e4d2a5-b246-4c2d-a7fb-aee157c26b02} - c:\programdata\Package Cache\{31e4d2a5-b246-4c2d-a7fb-aee157c26b02}\wdexpress_full.exe
AddRemove-{65b1736c-b378-4fa5-83c8-42177d0cecdf} - c:\programdata\Package Cache\{65b1736c-b378-4fa5-83c8-42177d0cecdf}\WindowsAzureTools.LightSwitch.vs120.de-de.exe
AddRemove-{8e70e4e1-06d7-470b-9f74-a51bef21088e} - c:\programdata\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2898869 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2901126 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2931368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{b341426f-8543-4e0d-96c3-e976f8ec5ab6} - c:\programdata\Package Cache\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}\vcredist_x64.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-11  17:05:19
ComboFix-quarantined-files.txt  2014-07-11 15:05
.
Vor Suchlauf: 30 Verzeichnis(se), 10.579.030.016 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 10.390.298.624 Bytes frei
.
- - End Of File - - D4B736C3AF58BDD65D301B307CCBADEA

schrauber 12.07.2014 15:37
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Windoof02 14.07.2014 13:58
Hatte malewarebytes irgendwann schon mal installiert, daher war der Testzeitraum abgelaufen.
Ich hoffe das stellt kein Problem da.

Code:
<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2014/07/14 14:24:02 +0200</date>

<logfile>mbam-log-2014-07-14 (14-24-01).xml</logfile>

<isadmin>no</isadmin>

</header>


-<engine>

<version>2.00.2.1012</version>

<malware-database>v2014.07.14.04</malware-database>

<rootkit-database>v2014.07.09.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>++++</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>cancelled</result>

<objects>67200</objects>

<time>35</time>

<processes>0</processes>

<modules>0</modules>

<keys>0</keys>

<values>0</values>

<datas>0</datas>

<folders>0</folders>

<files>0</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>enabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

<items> </items>

</mbam-log>

Code:
# AdwCleaner v3.215 - Bericht erstellt am 14/07/2014 um 14:29:44
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : **** - ****
# Gestartet von : C:\Users\****\Downloads\adwcleaner_3.215.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\m1jm4x3e.default\prefs.js ]


[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6boc8hrt.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[S2].txt - [1564 octets] - [14/07/2014 14:26:21]

########## EOF - \AdwCleaner\AdwCleaner[R3].txt - [1429 octets] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by ****on 14.07.2014 at 14:34:56,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.07.2014 at 14:42:46,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 14.07.2014 18:04

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Windoof02 16.07.2014 10:43
Hallo Schrauber,
erst ein mal möchte ich mich für Deine Hilfe bedanken.
Danke das Du so tatkräftig hilfst!

Eset online Scanner kann keine Verbindung nach aussen herstellen.Über einen Proxy lässt es sich auch nicht dazu überreden.
Da ich immer noch Probleme mit Bitdefender habe -Update geht nicht,braucht mitlerweile ewig bis es nach Windowsstart geladen ist. Netstat bleibt jetzt ein wenig länger offen und schließt sich dann aber trotzdem wieder automatisch.
Daher habe ich mich dazu entschlossen das ganze System komplett neu aufzusetzen.
Ich habe kein Vertrauen mehr in dieses.

Nun habe ich noch ein paar Fragen bezüglich des neuaufetzens des Betriebssystems.

Kannst Du mir Programme empfehlen, um die SSD komplett platt zu machen, so das keine Schädilinge mehr vorhanden sind?
Und kann es sein das sich in der Firmware der Platte etwas eingenistet hat?
Und was kann ich machen um das zu überprüfen?

Gruß
Jürgen

schrauber 16.07.2014 19:21
Normales Formatieren der Platte bei Neuinstallation des BS reicht vollkommen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55