Sven_Nice | 12.05.2014 12:15 | FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by cs (administrator) on CS-DESKTOP on 12-05-2014 12:10:27
Running from C:\Users\cs\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\cs\AppData\Roaming\Dropbox\bin\Dropbox.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2021161904-1769000886-1541131675-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2013-11-21] (TrueCrypt Foundation)
HKU\S-1-5-21-2021161904-1769000886-1541131675-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
Startup: C:\Users\cs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\cs\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\cs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk
ShortcutTarget: Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\cs\AppData\Roaming\Mozilla\Firefox\Profiles\rfcez7i8.default-1357573512611
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash and Video Download - C:\Users\cs\AppData\Roaming\Mozilla\Firefox\Profiles\rfcez7i8.default-1357573512611\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-04-25]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\cs\AppData\Roaming\Mozilla\Firefox\Profiles\rfcez7i8.default-1357573512611\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-21]
FF Extension: Image Download Ⅱ - C:\Users\cs\AppData\Roaming\Mozilla\Firefox\Profiles\rfcez7i8.default-1357573512611\Extensions\imagedownload@Merci.chao.xpi [2013-11-26]
FF Extension: NO Google Analytics - C:\Users\cs\AppData\Roaming\Mozilla\Firefox\Profiles\rfcez7i8.default-1357573512611\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2014-01-08]
FF Extension: NoScript - C:\Users\cs\AppData\Roaming\Mozilla\Firefox\Profiles\rfcez7i8.default-1357573512611\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-21]
FF Extension: Adblock Plus - C:\Users\cs\AppData\Roaming\Mozilla\Firefox\Profiles\rfcez7i8.default-1357573512611\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-21]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-23] (Disc Soft Ltd)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 rkhdrv40; C:\Windows\SysWow64\Drivers\rkhdrv40.sys [24448 2014-05-12] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-22] (Duplex Secure Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-11-29] (Oracle Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-11-21] (Acronis)
U3 a9kzbgcb; C:\Windows\System32\Drivers\a9kzbgcb.sys [0 ] (Advanced Micro Devices)
S3 catchme; \??\C:\ljksdhlkgjd\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\D474.tmp [X]
U3 uwdoakob; \??\C:\Users\cs\AppData\Local\Temp\uwdoakob.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-12 12:10 - 2014-05-12 12:10 - 00010637 _____ () C:\Users\cs\Desktop\FRST.txt
2014-05-12 12:10 - 2014-05-12 12:10 - 00000000 ____D () C:\FRST
2014-05-12 11:59 - 2014-05-12 12:00 - 02066944 _____ (Farbar) C:\Users\cs\Desktop\FRST64.exe
2014-05-12 03:48 - 2014-05-12 03:48 - 00000000 __SHD () C:\Users\cs\AppData\Local\EmieUserList
2014-05-12 03:48 - 2014-05-12 03:48 - 00000000 __SHD () C:\Users\cs\AppData\Local\EmieSiteList
2014-05-11 23:22 - 2014-05-11 23:22 - 00028672 _____ () C:\Users\cs\Downloads\catchme02.exe
2014-05-11 23:22 - 2014-05-11 23:22 - 00000377 _____ () C:\Users\cs\Downloads\catchme.log
2014-05-11 23:14 - 2014-05-11 23:15 - 26747104 _____ (Microsoft Corporation) C:\Users\cs\Downloads\Windows-KB890830-x64-V5.11.exe
2014-05-11 22:55 - 2014-05-12 02:02 - 00001282 _____ () C:\Users\cs\Desktop\catchme.log
2014-05-11 22:54 - 2014-05-11 22:54 - 00147456 _____ () C:\Users\cs\Downloads\catchme.exe
2014-05-11 22:41 - 2014-05-11 22:41 - 00002163 _____ () C:\Users\cs\Desktop\aswMBR.txt
2014-05-11 22:41 - 2014-05-11 22:41 - 00000512 _____ () C:\Users\cs\Desktop\MBR.dat
2014-05-11 22:37 - 2014-05-11 22:37 - 04745728 _____ (AVAST Software) C:\Users\cs\Downloads\aswMBR.exe
2014-05-11 22:06 - 2014-05-11 22:06 - 00370943 _____ () C:\Users\cs\Downloads\gmer.zip
2014-05-10 15:54 - 2014-05-10 16:46 - 00000000 ___RD () C:\Users\cs\Virtual Machines
2014-05-10 15:54 - 2014-05-09 14:27 - 00001523 _____ () C:\Users\cs\Desktop\Virtual Windows XP.lnk
2014-05-10 15:49 - 2014-05-10 15:50 - 00000000 ____D () C:\Program Files\Windows XP Mode
2014-05-10 03:49 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-05-10 01:51 - 2014-05-10 01:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 23:31 - 2014-05-09 23:31 - 00000000 _____ () C:\Users\cs\Sti_Trace.log
2014-05-09 22:15 - 2014-05-09 22:15 - 00002144 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-05-09 22:15 - 2014-05-09 22:15 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-05-09 22:15 - 2014-05-09 22:15 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-05-09 22:15 - 2014-05-09 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-05-09 22:04 - 2014-05-09 22:04 - 00000050 _____ () C:\Windows\system32\bridf08b.dat
2014-05-09 22:03 - 2014-05-09 22:03 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-05-09 22:03 - 2008-06-17 15:33 - 00167936 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2014-05-09 22:03 - 2007-12-13 22:16 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2014-05-09 22:03 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2014-05-09 22:03 - 2007-12-13 22:16 - 00003072 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2014-05-09 22:03 - 2006-12-28 13:39 - 00176128 ____N (Brother Industries, Ltd.) C:\Windows\SysWOW64\BroSNMP.dll
2014-05-09 14:23 - 2014-05-09 14:24 - 00000000 ____D () C:\Windows\system32\Drivers\tr-TR
2014-05-09 14:23 - 2014-05-09 14:24 - 00000000 ____D () C:\Windows\system32\Drivers\th-TH
2014-05-09 14:23 - 2014-05-09 14:24 - 00000000 ____D () C:\Windows\system32\Drivers\ro-RO
2014-05-09 14:23 - 2014-05-09 14:24 - 00000000 ____D () C:\Windows\system32\Drivers\he-IL
2014-05-09 14:23 - 2014-05-09 14:24 - 00000000 ____D () C:\Windows\system32\Drivers\ar-SA
2014-05-09 14:23 - 2014-05-09 14:23 - 00000000 ____D () C:\Program Files (x86)\Windows Virtual PC
2014-05-09 12:20 - 2010-11-20 15:34 - 00360832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcvmm.sys
2014-05-09 12:20 - 2010-11-20 15:34 - 00194944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpchbus.sys
2014-05-09 12:20 - 2010-11-20 15:27 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\vpchbuspipe.dll
2014-05-09 12:20 - 2010-11-20 15:25 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\vpc.exe
2014-05-09 12:20 - 2010-11-20 15:25 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\VPCWizard.exe
2014-05-09 12:20 - 2010-11-20 15:25 - 01369600 _____ (Microsoft Corporation) C:\Windows\system32\VPCSettings.exe
2014-05-09 12:20 - 2010-11-20 13:37 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\VMWindow.exe
2014-05-09 12:20 - 2010-11-20 13:37 - 00936448 _____ (Microsoft Corporation) C:\Windows\system32\vmsal.exe
2014-05-09 12:20 - 2010-11-20 13:35 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\VMCPropertyHandler.dll
2014-05-09 12:20 - 2010-11-20 13:35 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcusb.sys
2014-05-09 12:20 - 2010-11-20 13:35 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcnfltr.sys
2014-05-09 12:20 - 2010-11-20 12:52 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vmsal.exe
2014-05-09 12:19 - 2014-05-09 12:19 - 17091624 _____ () C:\Users\cs\Downloads\Windows6.1-KB958559-x64-RefreshPkg.msu
2014-05-09 12:17 - 2014-05-09 12:17 - 09591606 _____ () C:\Users\cs\Downloads\Windows6.1-KB958559-x86.msu
2014-05-06 03:12 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 03:12 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-03 03:00 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 03:00 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 03:00 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 03:00 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-20 00:27 - 2014-04-20 00:31 - 00000000 ____D () C:\Users\cs\AppData\Roaming\Notepad++
2014-04-20 00:27 - 2014-04-20 00:27 - 00000000 ____D () C:\Users\cs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-20 00:27 - 2014-04-20 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-20 00:27 - 2014-04-20 00:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-20 00:26 - 2014-04-20 00:26 - 07624808 _____ () C:\Users\cs\Downloads\npp.6.5.5.Installer.exe
2014-04-20 00:00 - 2014-05-12 11:11 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 00:00 - 2014-05-12 03:26 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 00:00 - 2014-05-07 21:06 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-20 00:00 - 2014-05-07 21:06 - 00003846 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-20 00:00 - 2014-04-20 00:01 - 00000000 ____D () C:\Users\cs\AppData\Local\Google
2014-04-20 00:00 - 2014-04-20 00:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-18 02:46 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-18 02:46 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-18 02:46 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-18 02:46 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-18 02:46 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-18 02:46 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-18 02:46 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-18 02:46 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-18 02:46 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-18 02:46 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-18 02:46 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-18 02:46 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-18 02:46 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-18 02:46 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-18 02:46 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-18 02:46 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-18 02:46 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-18 02:46 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-18 02:46 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-18 02:46 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-18 02:46 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-18 02:46 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-18 02:46 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-18 02:46 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-18 02:46 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-18 02:46 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-18 02:46 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-18 02:46 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-18 02:46 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-18 02:46 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-18 02:46 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-18 02:46 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-18 02:46 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-18 02:46 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-18 02:46 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-18 02:46 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-18 02:46 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-18 02:46 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-18 02:46 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-18 02:46 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-18 02:46 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-18 02:46 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-18 02:46 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-18 02:46 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-12 21:20 - 2014-04-12 21:20 - 00000070 _____ () C:\ProgramData\lxde.log
2014-04-12 21:06 - 2014-04-12 21:06 - 00000000 ____D () C:\Users\cs\AppData\Roaming\Lexmark Productivity Studio
==================== One Month Modified Files and Folders =======
2014-05-12 12:10 - 2014-05-12 12:10 - 00010637 _____ () C:\Users\cs\Desktop\FRST.txt
2014-05-12 12:10 - 2014-05-12 12:10 - 00000000 ____D () C:\FRST
2014-05-12 12:01 - 2013-11-23 16:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-12 12:00 - 2014-05-12 11:59 - 02066944 _____ (Farbar) C:\Users\cs\Desktop\FRST64.exe
2014-05-12 12:00 - 2013-11-21 12:28 - 00000000 ____D () C:\Users\cs\AppData\Roaming\.purple
2014-05-12 11:11 - 2014-04-20 00:00 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 04:26 - 2013-11-23 04:44 - 00000000 ____D () C:\Users\cs\AppData\Roaming\XnView
2014-05-12 04:00 - 2013-11-24 18:58 - 00000000 ____D () C:\Users\cs\AppData\Roaming\vlc
2014-05-12 03:48 - 2014-05-12 03:48 - 00000000 __SHD () C:\Users\cs\AppData\Local\EmieUserList
2014-05-12 03:48 - 2014-05-12 03:48 - 00000000 __SHD () C:\Users\cs\AppData\Local\EmieSiteList
2014-05-12 03:46 - 2009-07-14 06:45 - 00013248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 03:46 - 2009-07-14 06:45 - 00013248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 03:35 - 2014-05-12 03:35 - 00370943 _____ () C:\Users\cs\Downloads\gmer(1).zip
2014-05-12 03:30 - 2013-11-21 00:43 - 01902331 _____ () C:\Windows\WindowsUpdate.log
2014-05-12 03:28 - 2013-11-21 12:23 - 00000000 ____D () C:\Users\cs\AppData\Roaming\Dropbox
2014-05-12 03:27 - 2013-11-21 12:25 - 00000000 ___RD () C:\Users\cs\Dropbox
2014-05-12 03:27 - 2013-11-21 01:55 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-05-12 03:26 - 2014-04-20 00:00 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 03:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 03:26 - 2009-07-14 06:51 - 00035216 _____ () C:\Windows\setupact.log
2014-05-12 03:11 - 2013-11-21 01:00 - 01651262 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-12 03:11 - 2009-07-14 19:58 - 00703928 _____ () C:\Windows\system32\perfh007.dat
2014-05-12 03:11 - 2009-07-14 19:58 - 00150768 _____ () C:\Windows\system32\perfc007.dat
2014-05-12 03:05 - 2013-11-22 03:03 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-05-12 02:50 - 2014-05-12 02:36 - 00000000 ____D () C:\Windows\erdnt
2014-05-12 02:46 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-12 02:45 - 2013-11-21 01:04 - 00121446 _____ () C:\Windows\PFRO.log
2014-05-12 01:14 - 2014-05-12 01:14 - 526431920 _____ () C:\Windows\MEMORY.DMP
2014-05-12 01:14 - 2014-05-12 01:14 - 00000000 ____D () C:\Windows\Minidump
2014-05-12 00:35 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-12 00:27 - 2013-11-23 05:31 - 00007607 _____ () C:\Users\cs\AppData\Local\Resmon.ResmonCfg
2014-05-12 00:08 - 2014-05-12 00:07 - 12589848 _____ (Malwarebytes Corp.) C:\Users\cs\Downloads\mbar-1.07.0.1009.exe
2014-05-11 23:22 - 2014-05-11 23:22 - 00028672 _____ () C:\Users\cs\Downloads\catchme02.exe
2014-05-11 23:22 - 2014-05-11 23:22 - 00000377 _____ () C:\Users\cs\Downloads\catchme.log
2014-05-11 23:15 - 2014-05-11 23:14 - 26747104 _____ (Microsoft Corporation) C:\Users\cs\Downloads\Windows-KB890830-x64-V5.11.exe
2014-05-11 22:54 - 2014-05-11 22:54 - 00147456 _____ () C:\Users\cs\Downloads\catchme.exe
2014-05-11 22:41 - 2014-05-11 22:41 - 00002163 _____ () C:\Users\cs\Desktop\aswMBR.txt
2014-05-11 22:41 - 2014-05-11 22:41 - 00000512 _____ () C:\Users\cs\Desktop\MBR.dat
2014-05-11 22:37 - 2014-05-11 22:37 - 04745728 _____ (AVAST Software) C:\Users\cs\Downloads\aswMBR.exe
2014-05-11 22:14 - 2013-11-21 01:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 22:06 - 2014-05-11 22:06 - 00370943 _____ () C:\Users\cs\Downloads\gmer.zip
2014-05-10 16:46 - 2014-05-10 15:54 - 00000000 ___RD () C:\Users\cs\Virtual Machines
2014-05-10 04:31 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-10 03:52 - 2013-11-23 01:10 - 00000000 ____D () C:\Users\cs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-10 01:51 - 2014-05-10 01:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 23:31 - 2014-05-09 23:31 - 00000000 _____ () C:\Users\cs\Sti_Trace.log
2014-05-09 22:15 - 2014-05-09 22:15 - 00002144 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-05-09 22:15 - 2014-05-09 22:15 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-05-09 22:15 - 2014-05-09 22:15 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-05-09 22:15 - 2014-05-09 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-05-09 22:04 - 2014-05-09 22:04 - 00000050 _____ () C:\Windows\system32\bridf08b.dat
2014-05-09 22:03 - 2014-05-09 22:03 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-05-09 22:03 - 2013-11-21 01:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-09 22:02 - 2014-05-09 22:02 - 00000000 ____D () C:\ProgramData\Brother
2014-05-09 21:48 - 2013-11-21 15:43 - 00229771 _____ () C:\Windows\DirectX.log
2014-05-09 21:47 - 2014-05-09 21:47 - 00000000 ____D () C:\directx9
2014-05-09 21:47 - 2014-05-09 21:44 - 90435952 _____ (Microsoft Corporation) C:\Users\cs\Downloads\directx_nov2008_redist.exe
2014-05-09 21:21 - 2014-05-09 21:21 - 00315624 _____ (Microsoft Corporation) C:\Users\cs\Downloads\dxwebsetup.exe
2014-05-09 21:21 - 2013-12-24 14:46 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-05-09 21:15 - 2014-05-09 21:12 - 100273008 _____ (Microsoft Corporation) C:\Users\cs\Downloads\directx_Jun2010redist.exe
2014-05-09 15:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-09 14:27 - 2014-05-10 15:54 - 00001523 _____ () C:\Users\cs\Desktop\Virtual Windows XP.lnk
2014-05-09 14:27 - 2014-05-09 14:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2014-05-09 14:24 - 2014-05-09 14:23 - 00000000 ____D () C:\Windows\system32\Drivers\tr-TR
2014-05-09 14:24 - 2014-05-09 14:23 - 00000000 ____D () C:\Windows\system32\Drivers\th-TH
2014-05-09 14:24 - 2014-05-09 14:23 - 00000000 ____D () C:\Windows\system32\Drivers\ro-RO
2014-05-09 14:24 - 2014-05-09 14:23 - 00000000 ____D () C:\Windows\system32\Drivers\he-IL
2014-05-09 14:24 - 2014-05-09 14:23 - 00000000 ____D () C:\Windows\system32\Drivers\ar-SA
2014-05-09 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-05-09 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-05-09 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-05-09 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-05-09 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-05-09 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-05-09 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-05-09 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-05-09 14:23 - 2014-05-09 14:23 - 00000000 ____D () C:\Program Files (x86)\Windows Virtual PC
2014-05-09 14:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-05-09 14:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-05-09 12:19 - 2014-05-09 12:19 - 17091624 _____ () C:\Users\cs\Downloads\Windows6.1-KB958559-x64-RefreshPkg.msu
2014-05-09 12:17 - 2014-05-09 12:17 - 09591606 _____ () C:\Users\cs\Downloads\Windows6.1-KB958559-x86.msu
2014-05-09 12:14 - 2013-12-04 14:34 - 00000000 ____D () C:\Users\cs\VirtualBox VMs
2014-05-09 12:14 - 2013-12-04 14:34 - 00000000 ____D () C:\Users\cs\.VirtualBox
2014-05-09 12:06 - 2014-05-09 11:53 - 486678800 _____ (Microsoft Corporation) C:\Users\cs\Downloads\WindowsXPMode_de-de.exe
2014-05-07 21:06 - 2014-04-20 00:00 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 21:06 - 2014-04-20 00:00 - 00003846 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 01:59 - 2014-05-07 01:59 - 00001922 _____ () C:\Users\Public\Desktop\DOSBox 0.74.lnk
2014-05-07 01:59 - 2014-05-07 01:59 - 00000000 ____D () C:\Users\cs\AppData\Local\DOSBox
2014-05-07 01:59 - 2014-05-07 01:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2014-05-07 01:59 - 2014-05-07 01:59 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-04-29 16:01 - 2014-05-03 03:00 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 03:00 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-25 15:12 - 2014-01-14 17:25 - 00004598 _____ () C:\Users\cs\AppData\Roaming\LTspiceIV.ini
2014-04-25 02:54 - 2014-04-25 02:54 - 00144179 _____ () C:\Users\cs\Downloads\SolarPHP.zip
2014-04-24 13:16 - 2014-04-24 13:09 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-24 13:05 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-24 12:28 - 2014-04-24 12:27 - 00287194 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-04-24 02:37 - 2014-04-24 02:37 - 00289734 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-04-24 02:37 - 2014-04-24 02:37 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-04-20 00:31 - 2014-04-20 00:27 - 00000000 ____D () C:\Users\cs\AppData\Roaming\Notepad++
2014-04-20 00:27 - 2014-04-20 00:27 - 00000000 ____D () C:\Users\cs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-20 00:27 - 2014-04-20 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-20 00:27 - 2014-04-20 00:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-20 00:26 - 2014-04-20 00:26 - 07624808 _____ () C:\Users\cs\Downloads\npp.6.5.5.Installer.exe
2014-04-18 12:54 - 2013-11-23 16:41 - 00000000 ____D () C:\Users\cs\AppData\Local\Adobe
2014-04-18 12:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 22:55 - 2014-01-22 18:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 22:15 - 2014-04-16 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-16 22:15 - 2014-04-16 22:14 - 00004328 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-16 22:15 - 2014-01-20 00:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 02:04 - 2014-04-16 02:04 - 01085633 _____ (Solar Terrestrial Dispatch ) C:\Users\cs\Downloads\proplab-upgrade-1017.exe
2014-04-16 02:04 - 2014-04-16 02:04 - 00299184 _____ (Solar Terrestrial Dispatch ) C:\Users\cs\Downloads\proplab-upgrade.exe
2014-04-14 20:13 - 2014-04-16 22:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-16 22:15 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-16 22:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-16 22:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 16:09 - 2014-04-14 16:09 - 00002129 _____ () C:\Users\cs\Downloads\LM358.zip
2014-04-14 04:24 - 2014-05-06 03:12 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 03:12 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\cs\AppData\Local\Temp\avgnt.exe
C:\Users\cs\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfj6hs7.dll
C:\Users\cs\AppData\Local\Temp\sfamcc00001.dll
C:\Users\cs\AppData\Local\Temp\sfareca00001.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 15:10
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by cs at 2014-05-12 12:10:57
Running from C:\Users\cs\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Brother MFL-Pro Suite DCP-165C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Filter Design 4.5 (HKLM-x32\...\Filter Design 4.5_is1) (Version: 4.5 - Almost All Digital Electronics)
Fldigi 3.21.50 (HKLM-x32\...\Fldigi-3.21.50) (Version: 3.21.50 - Fldigi developers)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1025 - Foxit Corporation)
Geeks3D FurMark 1.12.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
mini dB-Rechner 1.3.2 (HKLM-x32\...\mini dB-Rechner_is1) (Version: - DL5SWB)
mini Ringkern-Rechner 1.2 (HKLM-x32\...\minirk12_is1) (Version: 1.2 - DL5SWB)
MMANA-GAL_Basic Version 3 (HKLM-x32\...\{93BC44A2-0A38-4144-A7EE-DC4AAF2B4099}_is1) (Version: 3 - GAL-ANA)
Morrowind (HKLM-x32\...\{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}) (Version: - )
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.4 (HKLM\...\{5FB568DF-207C-4B21-AC57-FC0CC2A0B113}) (Version: 4.3.4 - Oracle Corporation)
PC-HFDL 2.042 (HKLM-x32\...\PC-HFDL_is1) (Version: - Avila Electronics)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 1.9.10.7393 - Medixant)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stranglehold (HKLM-x32\...\Stranglehold_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TES Construction Set (HKLM-x32\...\{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}) (Version: - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Usb Network Joystick (HKLM-x32\...\{DEC7CD2E-2BB5-40C3-9592-078F64677EFF}) (Version: 1.00.0000 - )
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Restore Points =========================
09-05-2014 19:47:41 DirectX wurde installiert
09-05-2014 20:03:26 Installiert MFL-Pro Suite
10-05-2014 13:49:22 Windows XP Mode wird installiert
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-11-22 15:34 - 00566959 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 app.activetrail.com
127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1 cms.ad2click.nl
127.0.0.1 ad2games.com
127.0.0.1 ads.ad2games.com
127.0.0.1 content.ad20.net
127.0.0.1 core.ad20.net
127.0.0.1 banner.ad.nu
127.0.0.1 cl21.v4.adaction.se
127.0.0.1 adadvisor.net
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {031206D1-20C7-45F8-9A2D-471B19C945CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-20] (Google Inc.)
Task: {35F22653-B993-45BC-8A9A-046659EA1330} - System32\Tasks\Speedfan => C:\Program Files (x86)\SpeedFan\speedfan.exe [2013-03-15] (Almico Software (www.almico.com))
Task: {70ED827B-B388-4E11-A3D6-BDA8BA42C695} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {AE20EC58-72CB-47A3-BD5F-80F1366A4FBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-20] (Google Inc.)
Task: {EB645280-CACF-417D-B51D-5CA7770A2CD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: {F3F69440-7DA0-4C7C-970A-3D6AE20AE3BF} - System32\Tasks\Backup-Erinnerung
Task: {F427FEF7-FD9B-4613-9E51-7C49EB0109F8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-11-21 01:51 - 2010-08-11 12:32 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-11-21 01:51 - 2010-08-11 12:32 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-11-21 01:51 - 2010-08-11 12:32 - 00105584 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2013-11-21 01:51 - 2010-08-11 12:32 - 64643696 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2013-11-21 00:52 - 2013-10-31 20:25 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-05-12 03:27 - 2014-05-12 03:27 - 00041984 _____ () c:\users\cs\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfj6hs7.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\cs\AppData\Roaming\Dropbox\bin\libcef.dll
2013-02-13 06:44 - 2013-02-13 06:44 - 00028160 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll
2013-02-13 06:44 - 2013-02-13 06:44 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
2013-11-21 12:21 - 2013-11-21 12:21 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2013-11-21 12:21 - 2013-11-21 12:21 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2013-11-21 12:21 - 2013-11-21 12:21 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2013-11-21 12:21 - 2013-11-21 12:21 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2013-11-21 12:21 - 2013-11-21 12:21 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2013-11-21 12:21 - 2013-11-21 12:21 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2013-02-13 06:43 - 2013-02-13 06:43 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
2013-02-13 06:44 - 2013-02-13 06:44 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00310491 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00092874 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00209619 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00105620 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
2013-02-13 06:43 - 2013-02-13 06:43 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00373657 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00149933 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00106670 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00116583 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2013-02-13 06:43 - 2013-02-13 06:43 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00171090 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2013-02-13 06:43 - 2013-02-13 06:43 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2013-02-13 06:43 - 2013-02-13 06:43 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00055758 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00415553 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00228908 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00047391 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00069575 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00027811 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00023305 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2013-02-13 06:45 - 2013-02-13 06:45 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2013-02-13 06:43 - 2013-02-13 06:43 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2013-02-13 06:43 - 2013-02-13 06:43 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2013-02-13 06:43 - 2013-02-13 06:43 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2013-02-13 06:43 - 2013-02-13 06:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2013-02-13 06:43 - 2013-02-13 06:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2013-02-13 06:44 - 2013-02-13 06:44 - 00425984 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
2013-11-21 12:21 - 2013-11-21 12:21 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2014-05-12 03:17 - 2014-05-12 03:28 - 00158720 _____ () C:\Users\cs\AppData\Local\Temp\sfareca00001.dll
2014-05-12 02:47 - 2014-05-12 03:28 - 00192512 _____ () C:\Users\cs\AppData\Local\Temp\sfamcc00001.dll
2014-05-10 01:51 - 2014-05-10 01:51 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: lxdeCATSCustConnectService => 2
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: lxdeamon => "C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe"
MSCONFIG\startupreg: lxdemon.exe => "C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Seagate Scheduler2 Service => "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/12/2014 00:10:02 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/12/2014 03:43:58 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/12/2014 03:43:55 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/12/2014 01:37:41 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: gasgasd.exe, Version: 1.2.2.0, Zeitstempel: 0x46934211
Name des fehlerhaften Moduls: gasgasd.exe, Version: 1.2.2.0, Zeitstempel: 0x46934211
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000112d9
ID des fehlerhaften Prozesses: 0x1020
Startzeit der fehlerhaften Anwendung: 0xgasgasd.exe0
Pfad der fehlerhaften Anwendung: gasgasd.exe1
Pfad des fehlerhaften Moduls: gasgasd.exe2
Berichtskennung: gasgasd.exe3
Error: (05/12/2014 01:27:43 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Name des fehlerhaften Moduls: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000040cd
ID des fehlerhaften Prozesses: 0xa8
Startzeit der fehlerhaften Anwendung: 0xRootkitRevealer.exe0
Pfad der fehlerhaften Anwendung: RootkitRevealer.exe1
Pfad des fehlerhaften Moduls: RootkitRevealer.exe2
Berichtskennung: RootkitRevealer.exe3
Error: (05/12/2014 01:25:44 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Name des fehlerhaften Moduls: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000040cd
ID des fehlerhaften Prozesses: 0x1328
Startzeit der fehlerhaften Anwendung: 0xRootkitRevealer.exe0
Pfad der fehlerhaften Anwendung: RootkitRevealer.exe1
Pfad des fehlerhaften Moduls: RootkitRevealer.exe2
Berichtskennung: RootkitRevealer.exe3
Error: (05/12/2014 00:47:27 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Name des fehlerhaften Moduls: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000040cd
ID des fehlerhaften Prozesses: 0x12f0
Startzeit der fehlerhaften Anwendung: 0xRootkitRevealer.exe0
Pfad der fehlerhaften Anwendung: RootkitRevealer.exe1
Pfad des fehlerhaften Moduls: RootkitRevealer.exe2
Berichtskennung: RootkitRevealer.exe3
System errors:
=============
Error: (05/12/2014 02:44:09 AM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/12/2014 02:43:47 AM) (Source: Application Popup) (User: ) (EventID: 1060)
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ljksdhlkgjd\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (05/12/2014 02:41:07 AM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/12/2014 01:15:04 AM) (Source: BugCheck) (User: ) (EventID: 1001)
Description: 0x0000003b (0x00000000c0000005, 0xfffff88008d520e0, 0xfffff8800b9a6f90, 0x0000000000000000)C:\Windows\MEMORY.DMP051214-18142-01
Error: (05/12/2014 00:48:09 AM) (Source: Application Popup) (User: ) (EventID: 1060)
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\rkhdrv40.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (05/12/2014 00:32:15 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/12/2014 00:32:15 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/12/2014 00:32:15 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/12/2014 00:32:15 AM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-05-12 02:43:47.504
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ljksdhlkgjd\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-12 02:43:47.411
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ljksdhlkgjd\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-11 23:56:18.384
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\cs\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-11 23:56:18.304
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\cs\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-11 23:56:18.223
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\cs\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-11 23:56:18.143
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\cs\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-11 23:55:51.071
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\cs\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-11 23:55:50.988
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\cs\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-10 06:07:24.975
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D474.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-10 06:07:24.898
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\D474.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 8190.03 MB
Available physical RAM: 5572.06 MB
Total Pagefile: 20470.21 MB
Available Pagefile: 17818.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:304.27 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 9E7B3095)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Was ich zu den Logs selber schon sagen kann:
S3 MEMSWEEP2; \??\C:\Windows\system32\D474.tmp [X]
-> gehört wohl zu Sophos Anti Rootkit
U3 uwdoakob; \??\C:\Users\cs\AppData\Local\Temp\uwdoakob.sys [X]
-> GMER Treiber
Die Fehlermeldung mit "gasgasd.exe" stammt von Ice-Sword, also auch harmlos... |