| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer hängt sich auf / bluescreen nach einer installtion und deinstalltion von bitdefenderWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.01.2013, 19:30
| #1 |
| |  Computer hängt sich auf / bluescreen nach einer installtion und deinstalltion von bitdefender bei pcwelt gab es ein Angebot kostenlos Bitdefender für ein jahr zu bekommen. Da ich nur die freeware von avira hab, hab ich eben zugeschlagen. Jedenfalls hat man bei der Installation von bitdefender auch die anderen antiviren programme deinstallieren müssen. Danach hat mein PC nur noch Probleme gemacht (Aufgehängt, abgestürzt etc). Also hab ich bitdefender wieder deinstalliert und avira wieder drauf gemacht. Aber PC hängt sich immer wieder auf. screen: hxxp://www.abload.de/img/20130130_190833kis32.jpg Bevor ich den restart knopf am pc gedrückt hab, kam noch diese Meldung: hxxp://www.abload.de/img/20130130_1909476us63.jpg Diese Meldung kam nach einem Neustart: Windows has recovered from an unexpected shutdown Code:
ATTFilter Windows can check online for a solution to the problem the next time you go online. --> "Check later" oder "Chancel" ?
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1031
Additional information about the problem:
BCCode: f4
BCP1: 0000000000000003
BCP2: FFFFFA801B6FA9E0
BCP3: FFFFFA801B6FACC0
BCP4: FFFFF800033CA510
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\013013-162896-01.dmp
D:\AppData\Local\Temp\WER-163738-0.sysdata.xml
Read our privacy statement online:
hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
Nach der installation der neusten malwarebyte, konnte ich einen quickscan machen ohne absturz. Ergebnis: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.30.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Thomas :: THOMMYNAT0R [Administrator] 30.01.2013 17:50:13 mbam-log-2013-01-30 (17-50-13).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228347 Laufzeit: 3 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich hab inzwischen auch eine neue SSD festplatte mal abgestöpselt. Computer ist trotzdem abgestürzt. Jetzt hab ich den OTL.exe Scan gemacht: Code:
ATTFilter OTL logfile created on: 30.01.2013 19:45:15 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 31,91 Gb Total Physical Memory | 29,24 Gb Available Physical Memory | 91,60% Memory free 63,83 Gb Paging File | 60,92 Gb Available in Paging File | 95,44% Paging File free Paging file location(s): d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 16,14 Gb Free Space | 13,54% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 61,87 Gb Free Space | 3,32% Space Free | Partition Type: NTFS Computer Name: THOMMYNAT0R | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (Macrovision Europe Ltd.) PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) PRC - D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Smart PC Cleaner\SPCSmartScan.exe (Avanquest Software) PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) PRC - D:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe () PRC - D:\Programme\Adobe Acrobat X\Acrobat x\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) PRC - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.) ========== Modules (No Company Name) ========== MOD - D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~de6248.tmp () MOD - D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7ade41f2c08fe2654323fddba67eee1d\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f62409df88e3dde635df0808c7177097\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c627e9b7f10b01db43645284e601f255\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\52088d89fd5da5e96df63b52efe70ab2\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\293b5e60e01e652ae1bf4096bc6e9f9e\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9471a54aa2b06e04f33b3e5dc9dc412a\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll () MOD - D:\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll () MOD - D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - D:\Programme\Adobe Acrobat X\Acrobat x\Acrobat\Locale\de_DE\AcroTray.DEU () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Windows\SysWOW64\OSD.dll () MOD - C:\Windows\SysWOW64\CmdRtr.DLL () ========== Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (CFD 2013 Server) -- D:\Program Files\Autodesk\Simulation CFD 2013\SimCFDServer.exe (Autodesk, Inc.) SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) SRV - (mi-raysat_3dsmax2013_64) -- D:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe () SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.) DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (VirtuWDDM) -- C:\Windows\SysNative\drivers\VirtuWDDM.sys (Lucidlogix Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 16 92 49 09 FF CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Programme\Adobe Acrobat X\Acrobat x\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Thomas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\gehrytechnologies.com/GTeam3DViewer: C:\Users\Thomas\AppData\Roaming\Gehry Technologies\GTeam3DViewer\plugin32\npGTeam3DViewer.dll (Gehry Technologies) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Programme\Adobe Acrobat X\Acrobat x\Acrobat\Browser\WCFirefoxExtn [2011.10.23 22:40:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 21:50:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.18 21:50:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 21:50:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.18 21:50:24 | 000,000,000 | ---D | M] [2011.07.08 21:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions [2012.08.28 17:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\2oxzvrhg.default\extensions [2013.01.28 14:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions [2012.04.25 17:13:12 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013.01.26 09:33:36 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013.01.28 14:58:51 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\foxyproxy@eric.h.jung [2012.07.04 15:06:11 | 000,000,000 | ---D | M] (Grooveshark Proxy) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\groovesharkProxy@DannieDarko [2012.09.15 08:32:26 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\ich@maltegoetz.de [2012.07.09 21:08:59 | 000,000,000 | ---D | M] (samfind Bookmarks Bar) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\sam@samfind.com [2012.12.20 19:59:11 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\zotero@chnm.gmu.edu [2013.01.27 18:50:19 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\zoteroWinWordIntegration@zotero.org [2011.09.17 08:48:58 | 000,608,840 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\2oxzvrhg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.25 20:32:18 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\artur.dubovoy@gmail.com.xpi [2012.11.14 11:01:40 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\groovesharkUnlocker@overlord1337.xpi [2012.03.22 18:29:18 | 000,129,384 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\SciLorsGrooveUnlocker@scilor.com.xpi [2012.06.15 23:21:48 | 000,154,252 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi [2012.11.24 10:09:11 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.13 07:18:12 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\lfu6w2xj.Thommynat0r\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.01.18 21:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.01.18 21:50:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.01.18 21:50:25 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.06.18 20:07:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 12:04:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.18 20:07:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 20:07:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 20:07:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 20:07:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.23 22:29:14 | 000,001,075 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 images.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 mermaidconsulting.dk # alcohol 120% O1 - Hosts: 127.0.0.1 195.137.236.101 O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [VIRTU] C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe () O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Programme\Adobe Acrobat X\Acrobat x\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Programme\Adobe Acrobat X\Acrobat x\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DR-2010C CaptureOnTouch] D:\Programme\Canon Electronics\DR2010C\TouchDR.exe (Canon Electronics Inc.) O4 - HKLM..\Run: [KiesTrayAgent] D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.) O4 - HKCU..\Run: [KiesHelper] D:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe (Avanquest Software) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2401D6F9-5233-4988-BDBA-70C385A986A5}: NameServer = 145.253.2.11,145.253.2.253 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.) O20 - AppInit_DLLs: (C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (UserInit.exe) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.18 21:56:33 | 000,000,000 | -H-D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2012.08.28 17:00:06 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2011.10.01 15:16:54 | 000,000,000 | ---D | M] - D:\AUTODESK_COM_FOLDER -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.30 18:03:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2013.01.30 17:47:52 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Programs [2013.01.28 16:13:00 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Avira [2013.01.28 16:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.28 16:07:46 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.28 16:07:46 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.28 16:07:46 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.28 16:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.28 14:09:11 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.01.28 14:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.28 14:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.28 12:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging [2013.01.28 12:03:23 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\QuickScan [2013.01.28 11:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2013.01.25 22:19:13 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\iconsred [2013.01.18 21:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.16 20:35:36 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\SOFiSTiK [2013.01.16 19:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SOFiSTiK ========== Files - Modified Within 30 Days ========== [2013.01.30 19:42:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.30 19:42:16 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\vwifibus.winsecurity [2013.01.30 19:42:15 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\winusb.winsecurity [2013.01.30 19:42:15 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\watchdog.winsecurity [2013.01.30 19:42:14 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\WdfLdr.winsecurity [2013.01.30 19:42:12 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock [2013.01.30 19:42:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.30 19:41:09 | 000,000,216 | ---- | M] () -- C:\Users\Thomas\defogger_reenable [2013.01.30 19:21:52 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 19:21:52 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 19:18:24 | 000,787,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.30 19:18:24 | 000,656,402 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.30 19:18:24 | 000,125,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.30 18:03:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2013.01.30 18:01:29 | 000,050,477 | ---- | M] () -- C:\Users\Thomas\Desktop\Defogger.exe [2013.01.30 17:59:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.30 17:48:24 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.28 15:51:25 | 000,225,116 | ---- | M] () -- C:\ProgramData\1359384623.bdinstall.bin [2013.01.28 14:17:28 | 000,764,734 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.28 14:09:11 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.01.28 12:10:17 | 000,735,639 | ---- | M] () -- C:\ProgramData\1359370864.bdinstall.bin [2013.01.28 12:09:08 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml [2013.01.28 12:08:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2013.01.27 21:19:29 | 000,119,172 | ---- | M] () -- C:\Users\Thomas\Desktop\rar_dateien__nicht__entpacken.dlc [2013.01.25 20:37:56 | 000,001,012 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.25 18:57:25 | 000,161,093 | ---- | M] () -- C:\Users\Thomas\Desktop\08_result.jpg [2013.01.25 18:57:13 | 000,232,993 | ---- | M] () -- C:\Users\Thomas\Desktop\06_All_portfolio_Categories.jpg [2013.01.25 18:56:43 | 000,139,332 | ---- | M] () -- C:\Users\Thomas\Desktop\05_category_of_portfolio.jpg [2013.01.25 18:56:07 | 000,139,843 | ---- | M] () -- C:\Users\Thomas\Desktop\03_options_of_portfolio.jpg [2013.01.25 18:55:33 | 000,257,114 | ---- | M] () -- C:\Users\Thomas\Desktop\02_page_Firmen.jpg [2013.01.25 18:55:15 | 000,189,578 | ---- | M] () -- C:\Users\Thomas\Desktop\01_pages.jpg [2013.01.25 11:07:57 | 000,184,944 | ---- | M] () -- C:\Users\Thomas\Desktop\7kunst.jpg [2013.01.25 11:07:57 | 000,003,971 | ---- | M] () -- C:\Users\Thomas\.recently-used.xbel [2013.01.22 17:12:34 | 000,080,352 | ---- | M] () -- C:\Users\Thomas\Desktop\umdruckzurvorlesungstahlbauiimss2009.pdf [2013.01.22 17:09:03 | 000,036,730 | ---- | M] () -- C:\Users\Thomas\Desktop\stahlbau1.pdf [2013.01.21 17:16:05 | 000,727,289 | ---- | M] () -- C:\Users\Thomas\Desktop\tateyama-kurobe-alpine-route-5.jpg [2013.01.19 14:20:10 | 000,134,254 | ---- | M] () -- C:\Users\Thomas\Desktop\Seiten aus DIN 1052_2008-12-2d.pdf [2013.01.19 14:15:23 | 000,118,790 | ---- | M] () -- C:\Users\Thomas\Desktop\Seiten aus DIN 1052_2008-12c.pdf [2013.01.18 11:20:20 | 000,139,946 | ---- | M] () -- C:\Users\Thomas\Desktop\Seiten aus DIN 1052_2008-12b.pdf [2013.01.17 17:02:18 | 000,143,255 | ---- | M] () -- C:\Users\Thomas\Desktop\Seiten aus DIN 1052_2008-12.pdf [2013.01.16 22:09:15 | 007,651,178 | ---- | M] () -- C:\Users\Thomas\Desktop\meta_98.jpg [2013.01.16 22:08:03 | 025,331,906 | ---- | M] () -- C:\Users\Thomas\Desktop\16012013220802.tif [2013.01.16 22:07:29 | 000,000,156 | ---- | M] () -- C:\Windows\setscan.ini [2013.01.16 21:57:57 | 008,642,784 | ---- | M] () -- C:\Users\Thomas\Desktop\erd5_98cesenatico.jpg [2013.01.16 21:52:55 | 050,435,575 | ---- | M] () -- C:\Users\Thomas\Desktop\16012013215255.tif [2013.01.16 19:43:17 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\SOFiCAD 2012 18.2 x64.lnk [2013.01.16 18:55:13 | 000,118,949 | ---- | M] () -- C:\Users\Thomas\Desktop\student-2013.WibuCmRaU [2013.01.14 12:58:52 | 000,027,109 | ---- | M] () -- C:\Users\Thomas\Desktop\mvv Fahrtauskunft.pdf [2013.01.13 07:52:06 | 000,643,748 | ---- | M] () -- C:\Users\Thomas\Desktop\messe_ticket_anna.pdf [2013.01.13 07:45:24 | 000,639,786 | ---- | M] () -- C:\Users\Thomas\Desktop\messe_ticket.pdf [2013.01.08 23:17:22 | 000,009,712 | ---- | M] () -- C:\Users\Thomas\Desktop\literatur.dlc ========== Files Created - No Company Name ========== [2013.01.30 19:42:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock [2013.01.30 19:41:09 | 000,000,216 | ---- | C] () -- C:\Users\Thomas\defogger_reenable [2013.01.30 18:01:29 | 000,050,477 | ---- | C] () -- C:\Users\Thomas\Desktop\Defogger.exe [2013.01.28 15:51:25 | 000,225,116 | ---- | C] () -- C:\ProgramData\1359384623.bdinstall.bin [2013.01.28 12:10:17 | 000,735,639 | ---- | C] () -- C:\ProgramData\1359370864.bdinstall.bin [2013.01.28 12:09:08 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml [2013.01.28 12:08:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2013.01.27 21:19:29 | 000,119,172 | ---- | C] () -- C:\Users\Thomas\Desktop\rar_dateien__nicht__entpacken.dlc [2013.01.25 18:52:32 | 000,161,093 | ---- | C] () -- C:\Users\Thomas\Desktop\08_result.jpg [2013.01.25 18:51:15 | 000,232,993 | ---- | C] () -- C:\Users\Thomas\Desktop\06_All_portfolio_Categories.jpg [2013.01.25 18:50:20 | 000,139,332 | ---- | C] () -- C:\Users\Thomas\Desktop\05_category_of_portfolio.jpg [2013.01.25 18:49:07 | 000,139,843 | ---- | C] () -- C:\Users\Thomas\Desktop\03_options_of_portfolio.jpg [2013.01.25 18:48:19 | 000,257,114 | ---- | C] () -- C:\Users\Thomas\Desktop\02_page_Firmen.jpg [2013.01.25 18:46:34 | 000,189,578 | ---- | C] () -- C:\Users\Thomas\Desktop\01_pages.jpg [2013.01.25 11:07:57 | 000,184,944 | ---- | C] () -- C:\Users\Thomas\Desktop\7kunst.jpg [2013.01.25 11:07:57 | 000,003,971 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel [2013.01.22 17:12:34 | 000,080,352 | ---- | C] () -- C:\Users\Thomas\Desktop\umdruckzurvorlesungstahlbauiimss2009.pdf [2013.01.22 17:09:03 | 000,036,730 | ---- | C] () -- C:\Users\Thomas\Desktop\stahlbau1.pdf [2013.01.21 17:16:04 | 000,727,289 | ---- | C] () -- C:\Users\Thomas\Desktop\tateyama-kurobe-alpine-route-5.jpg [2013.01.19 14:20:10 | 000,134,254 | ---- | C] () -- C:\Users\Thomas\Desktop\Seiten aus DIN 1052_2008-12-2d.pdf [2013.01.19 14:15:23 | 000,118,790 | ---- | C] () -- C:\Users\Thomas\Desktop\Seiten aus DIN 1052_2008-12c.pdf [2013.01.18 11:20:20 | 000,139,946 | ---- | C] () -- C:\Users\Thomas\Desktop\Seiten aus DIN 1052_2008-12b.pdf [2013.01.17 17:02:18 | 000,143,255 | ---- | C] () -- C:\Users\Thomas\Desktop\Seiten aus DIN 1052_2008-12.pdf [2013.01.16 22:09:14 | 007,651,178 | ---- | C] () -- C:\Users\Thomas\Desktop\meta_98.jpg [2013.01.16 22:08:02 | 025,331,906 | ---- | C] () -- C:\Users\Thomas\Desktop\16012013220802.tif [2013.01.16 21:57:56 | 008,642,784 | ---- | C] () -- C:\Users\Thomas\Desktop\erd5_98cesenatico.jpg [2013.01.16 21:52:55 | 050,435,575 | ---- | C] () -- C:\Users\Thomas\Desktop\16012013215255.tif [2013.01.16 19:43:17 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\SOFiCAD 2012 18.2 x64.lnk [2013.01.16 19:20:12 | 000,000,064 | RHS- | C] () -- C:\Windows\SysNative\drivers\watchdog.winsecurity [2013.01.16 19:20:11 | 000,000,064 | RHS- | C] () -- C:\Windows\SysNative\drivers\vwifibus.winsecurity [2013.01.16 19:03:29 | 000,118,949 | ---- | C] () -- C:\Users\Thomas\Desktop\student-2013.WibuCmRaU [2013.01.14 12:58:52 | 000,027,109 | ---- | C] () -- C:\Users\Thomas\Desktop\mvv Fahrtauskunft.pdf [2013.01.13 07:52:06 | 000,643,748 | ---- | C] () -- C:\Users\Thomas\Desktop\messe_ticket_anna.pdf [2013.01.13 07:45:24 | 000,639,786 | ---- | C] () -- C:\Users\Thomas\Desktop\messe_ticket.pdf [2013.01.08 23:17:22 | 000,009,712 | ---- | C] () -- C:\Users\Thomas\Desktop\literatur.dlc [2012.09.26 17:07:18 | 000,060,304 | ---- | C] () -- C:\Users\Thomas\g2mdlhlpx.exe [2012.06.04 20:00:04 | 000,008,704 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.26 21:27:59 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.12.28 13:30:33 | 000,000,156 | ---- | C] () -- C:\Windows\setscan.ini [2011.10.23 00:29:41 | 000,000,302 | ---- | C] () -- C:\Windows\SHISETUP.SYS [2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.08.19 08:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.08.19 08:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.08.19 08:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.07.13 20:41:02 | 000,001,818 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\ImperatorProfile0.dat [2011.07.09 00:17:17 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.07.09 00:10:29 | 000,764,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.08 21:04:41 | 000,002,265 | -H-- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2011.07.08 21:04:41 | 000,001,650 | -H-- | C] () -- C:\Windows\FF08_Capture.ini [2011.07.08 21:04:41 | 000,001,540 | -H-- | C] () -- C:\Windows\FF08_Render.ini [2011.07.08 21:04:30 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.07.08 21:04:30 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.07.08 20:49:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.07.08 20:31:41 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin [2011.07.01 20:59:38 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.07.14 13:52:13 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\3Dconnexion [2012.12.02 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Autodesk [2012.12.02 16:36:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Autodesk Navisworks Exporters 2013 [2012.12.02 16:35:32 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Autodesk Navisworks Freedom 2013 [2012.08.27 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Autodesk Navisworks Manage 2013 [2012.08.03 13:57:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Bigasoft AVCHD Converter [2012.03.02 22:41:53 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\calibre [2011.10.02 17:04:11 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Canneverbe Limited [2011.12.28 13:32:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Canon Electronics [2012.07.07 13:49:41 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Design Science [2011.07.16 12:14:40 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DeviceVm [2013.01.30 19:42:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox [2012.06.04 19:38:59 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DVDVideoSoft [2012.06.15 23:22:25 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\e-academy Inc [2012.08.06 19:51:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\EndNote [2012.09.23 17:26:46 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FileZilla [2011.07.18 15:34:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Foxit Software [2011.09.23 21:57:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Garmin [2012.08.16 12:44:06 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Gehry Technologies [2012.06.13 14:33:38 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\GrabPro [2013.01.25 11:07:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\gtk-2.0 [2012.08.06 14:38:40 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ICAClient [2012.11.15 17:28:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\IMAGINiT Technologies [2012.09.05 07:35:29 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\InfoRapid KnowledgeMap [2012.03.19 03:04:54 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ISIS Drivers [2012.02.16 09:55:06 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\JOSM [2012.03.12 00:38:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Mekentosj [2012.12.03 13:25:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Mumble [2012.08.28 17:34:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Orbit [2012.06.13 14:33:40 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ProgSense [2013.01.28 12:03:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\QuickScan [2012.12.27 11:14:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\RetroShare [2012.06.26 22:02:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Samsung [2012.05.26 21:57:16 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Smart PC Cleaner [2013.01.16 20:35:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SOFiSTiK [2012.06.27 16:39:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Temp [2012.03.19 03:04:54 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TS3Client [2011.07.18 16:10:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2011.10.23 01:29:53 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\WEKA [2012.05.04 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\X-Chat 2 [2012.08.07 15:00:16 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Zotero ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 32 bytes -> C:\Windows:CM_790fffcff23a328d3cc48e875ff64445d1b3d117284b4b3af5e1fed25fb2a876 @Alternate Data Stream - 32 bytes -> C:\Windows:CM_6b2aa27ca20226596c1dc014646cff31908105fef30a218b13629f7d56d9fbcb @Alternate Data Stream - 32 bytes -> C:\Windows:CM_65341cc1214a73798ca34e4dfa76b6e81c648d3b209ca5d6f167fd17241ca7ac @Alternate Data Stream - 32 bytes -> C:\Windows:CM_14a6d2d0f70e8a44b92b6ca9e5ce29afcee8e3aa480304222c7482009b99118c < End of report > Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-30 20:05:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 M4-CT128M4SSD2 rev.0002 119,24GB
Running: gmer_2.0.18454.exe; Driver: D:\AppData\Local\Temp\axdyyfoc.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[204] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[204] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[480] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[480] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1512] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1512] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1576] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1576] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text D:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe[1004] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text D:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe[1004] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1052] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1052] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077121401 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077121419 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077121431 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007712144a 2 bytes [12, 77]
.text ... * 9
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000771214dd 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000771214f5 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007712150d 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077121525 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007712153d 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077121555 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007712156d 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077121585 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007712159d 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000771215b5 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000771215cd 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000771216b2 2 bytes [12, 77]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2140] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000771216bd 2 bytes [12, 77]
.text C:\Program Files (x86)\Garmin\Training Center\gStart.exe[2636] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Garmin\Training Center\gStart.exe[2636] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\Smart PC Cleaner\SPCSmartScan.exe[2784] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Smart PC Cleaner\SPCSmartScan.exe[2784] C:\Windows\syswow64\shell32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077a8f85a 1 byte [C3]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll!getJit + 32 0000000071eb9380 4 bytes [C8, 10, 01, 10]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077121401 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077121419 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077121431 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007712144a 2 bytes [12, 77]
.text ... * 9
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771214dd 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771214f5 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007712150d 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077121525 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007712153d 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077121555 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007712156d 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077121585 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007712159d 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771215b5 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771215cd 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771216b2 2 bytes [12, 77]
.text D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771216bd 2 bytes [12, 77]
.text C:\Program Files (x86)\XFastUsb\XFastUsb.exe[2444] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\XFastUsb\XFastUsb.exe[2444] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] C:\Windows\syswow64\SHELL32.DLL!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?CreateDifferenceFile@CC2CDifferenceFile@@UAEGPAD00@Z 00000000667236bd 5 bytes JMP 0000000101e30060
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?RestoreOriginalFile@CC2CDifferenceFile@@UAEGPAD00@Z 0000000066723e40 5 bytes JMP 0000000101e30100
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?MakeAsciiDifferenceFile@CC2CDifferenceFile@@UAEGPAD0@Z 00000000667243c1 5 bytes JMP 0000000101e300b0
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?LoadJumpDbFromBuffer@CJumpRun@@UAEGKPAE@Z 000000006672a952 5 bytes JMP 0000000101e30150
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?LoadJumpDbFromBuffer@CJumpRun@@UAEGKPAE@Z + 126 000000006672a9d0 13 bytes [2A, 9D, FF, 95, 2E, C4, 1E, ...]
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?GetKeyData@CKeyBasic@@UAEGPAE@Z 000000006672e35f 5 bytes JMP 0000000101e303c0
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?PerformTransform@CTransformXor@@UAEGVCDataArea@@0@Z 000000006672ea2f 5 bytes JMP 0000000101e2f700
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?PerformTransform@CTransformXor@@UAEGVCDataArea@@0@Z + 768 000000006672ed2f 15 bytes [90, 6A, 23, E7, 76, 50, 88, ...]
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?PerformTransform@CTransformRandomAccumulate@@UAEGVCDataArea@@0@Z 000000006672ee42 5 bytes JMP 0000000101e2f490
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?PerformTransform@CTransformRandomAccumulate@@UAEGVCDataArea@@0@Z + 850 000000006672f194 5 bytes JMP 0000000101e2b980
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?LoadModuleDetails@CModuleMonitor@@QAEGPAD@Z 0000000066733ce7 5 bytes JMP 0000000101e30da0
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?ScanModule@CModuleMonitor@@QAEGKG@Z 00000000667342f0 5 bytes JMP 0000000101e2f220
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?IsModuleChecksumOkay@CModuleMonitor@@QAEGXZ 0000000066734a23 5 bytes JMP 0000000101e308a0
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?IsModuleWithinLimits@CModuleMonitor@@QAEGKKK@Z 0000000066734a59 5 bytes JMP 0000000101e30b10
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?SetupInterruptHandler@CAltAsc@@QAEGPAX00PAK1@Z 00000000667590d5 5 bytes JMP 0000000101e31300
.text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[1272] D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0224\~df394b.tmp!?RestoreInterruptHandler@CAltAsc@@QAEGXZ 0000000066759569 5 bytes JMP 0000000101e31090
.text C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe[1304] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe[1304] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe[2852] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe[2852] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text D:\Programme\Adobe Acrobat X\Acrobat x\Acrobat\acrotray.exe[3408] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text D:\Programme\Adobe Acrobat X\Acrobat x\Acrobat\acrotray.exe[3408] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3600] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3600] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3632] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3632] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001[2632] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text D:\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001[2632] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe[4492] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe[4492] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[7088] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[7088] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1244] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1244] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6704] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6704] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
.text C:\Users\Thomas\Desktop\gmer_2.0.18454.exe[6676] C:\Windows\SysWOW64\ntdll.dll!LdrQueryImageFileExecutionOptionsEx 0000000077a510b9 5 bytes JMP 000000007efa0000
.text C:\Users\Thomas\Desktop\gmer_2.0.18454.exe[6676] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075151df6 5 bytes JMP 000000007ef90000
---- Threads - GMER 2.0 ----
Thread C:\Windows\SysWOW64\ntdll.dll [3712:3716] 00000000000649bf
Thread C:\Windows\SysWOW64\ntdll.dll [3712:2588] 00000000669a8d07
Thread C:\Windows\SysWOW64\ntdll.dll [3712:2724] 00000000669a8fdc
Thread C:\Windows\SysWOW64\ntdll.dll [3712:2700] 00000000669a88f0
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDF 0xDB 0xDF 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD0 0xA6 0xB7 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x2D 0xF8 0xA7 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x42 0x2F 0xEB 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xE9 0x4F 0x8E 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg46
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg46@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg47
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg47@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg48
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg48@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg49
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg49@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDF 0xDB 0xDF 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD0 0xA6 0xB7 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x2D 0xF8 0xA7 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x42 0x2F 0xEB 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xE9 0x4F 0x8E 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg46 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg46@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg47 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg47@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg48 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg48@ujdew 0x98 0x00 0x69 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg49 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg49@ujdew 0x98 0x00 0x69 0x97 ...
---- EOF - GMER 2.0 ----
Geändert von Thommynat0r (30.01.2013 um 20:10 Uhr) |
|
31.01.2013, 13:15
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Computer hängt sich auf / bluescreen nach einer installtion und deinstalltion von bitdefenderZitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Zitat:
 Diese Einträge in der Hosts dienen dazu, raubkopierte (gecrackte) Software lauffähig zu machen  Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Geändert von cosinus (31.01.2013 um 13:20 Uhr) |
|
31.01.2013, 13:23
| #3 |
| | Computer hängt sich auf / bluescreen nach einer installtion und deinstalltion von bitdefender die gab es vom microsoft fuer studenten kostenlos. das ist mein privat pc den ich hochgeruestet hab fuer meine abschlussarbeit. ich muss nur noch den abschlussvortrag halten und wenn sich der pc jetzt immer aufhaengt wird das schwer
__________________ meinst du das es ein hardware problem ist? den arbeitsspeicher hab ich teilweise rausgenommen und auch mal gewechselt. ich svjreib grad vom handy, sry fuer die scjreibfehler |
|
31.01.2013, 13:45
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer hängt sich auf / bluescreen nach einer installtion und deinstalltion von bitdefenderZitat:
 Von Microsoft gibt es neuerdings Software von Alcohol und Adobe neuerdings kostenlos  Ne bessere Ausrede fällt dir nicht ein?? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.01.2013, 13:54
| #5 |
| | Computer hängt sich auf / bluescreen nach einer installtion und deinstalltion von bitdefender die Antwort bezog sich auf deine Antwort, bevor du deinen Beitrag editiert hattest. Mein Computer hat nicht mal ein cd brenner oder laufwerk. Ja ich hab alcohol drauf und ja adobe professional ist mir zu teuer und ich nutze es nichtmal sondern den foxit. aber sonst ist alles original. danke trotzdem |
|
31.01.2013, 14:05
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer hängt sich auf / bluescreen nach einer installtion und deinstalltion von bitdefenderZitat:
 Wie auch immer, Hilfe gibt es nur noch bei der Datensicherung und Neuinstallation von Windows
__________________ --> Computer hängt sich auf / bluescreen nach einer installtion und deinstalltion von bitdefender |
|
31.01.2013, 14:22
| #7 |
| | Computer hängt sich auf / bluescreen nach einer installtion und deinstalltion von bitdefender den thread hier dann bitte löschen, bzw meine Beiträge |
|
31.01.2013, 14:23
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer hängt sich auf / bluescreen nach einer installtion und deinstalltion von bitdefender Nein, wir löschen keine Logs und erst Recht keine ganzen Themen Siehe http://www.trojaner-board.de/108422-...tml#post758384
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Computer hängt sich auf / bluescreen nach einer installtion und deinstalltion von bitdefender |
| administrator, application/pdf:, autostart, avira, bitdefender, bluescreen, canon, check, computer, dateien, defender, explorer, festplatte, help, hängt, installation, kis, kostenlos, limited.com/facebook, malwarebytes, minidump, neue, neustart, ntdll.dll, pc hängt, plug-in, programme, ssd festplatte, system, system32, temp, tracker, visual studio, windows |
Linear-Darstellung
