Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Bluescreen dumping physical memory

Bluescreen dumping physical memory


Plagegeister aller Art und deren Bekämpfung: Bluescreen dumping physical memory

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.03.2014, 13:21   #1
Dump
 
Bluescreen dumping physical memory - Standard

Bluescreen dumping physical memory


Hallo,
ich bekomme seit heute morgen immer mal wieder Bluescreens
mit folgender Meldung.
blue screen dumping physical memory to Disk = 0,10,20,30...
und die Zahlsteigt.

Ich habe schon mit Memtest einen Ram test gemacht dabei stellte sich aber raus das die Rams Okay sind und Fehlerfrei sind.

Was könnte noch der fehler sein -_-
kaum Windows 7 Drauf schon Problem am laufenden Band.

MfG Dump
__________________
Ich habe mein ganzes Leben lang nur versucht, nach oben zu kommen in der Gesellschaft, wo es legal und ehrlich zugeht. Aber je höher ich aufsteige, umso verlogener und schlimmer wird alles.
Geändert von Dump (28.03.2014 um 13:41 Uhr)

Alt 28.03.2014, 13:30   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Bluescreen dumping physical memory - Standard

Bluescreen dumping physical memory


Hi,

Wird ein Minidump angelegt in C:\Windows\Minidump?


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 28.03.2014, 13:38   #3
Dump
 
Bluescreen dumping physical memory - Standard

Bluescreen dumping physical memory


Hallo Schrauber
Ja es wird ein Ornder Angelegt mit dem namen Minidump dort sind jetzt 6 Elemente drinne?


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Florian (administrator) on FLORIAN-PC on 28-03-2014 13:35:36
Running from C:\Users\Florian\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(NirSoft) C:\Program Files\NirSoft\BlueScreenView\BlueScreenView.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\system32\sfc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x74CEC8065A4ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\udwgqqcr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\udwgqqcr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-28]

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 Ph6xIB32; C:\Windows\System32\DRIVERS\Ph6xIB32.sys [1277952 2009-07-13] (NXP Semiconductors GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Florian\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 13:35 - 2014-03-28 13:36 - 00004725 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-03-28 13:35 - 2014-03-28 13:35 - 01145856 _____ (Farbar) C:\Users\Florian\Desktop\FRST.exe
2014-03-28 13:35 - 2014-03-28 13:35 - 00000000 ____D () C:\FRST
2014-03-28 13:25 - 2014-03-28 13:25 - 00157592 _____ () C:\Windows\Minidump\032814-28156-01.dmp
2014-03-28 13:17 - 2014-03-28 13:17 - 00158456 _____ () C:\Windows\Minidump\032814-23750-01.dmp
2014-03-28 13:15 - 2014-03-28 13:15 - 00001087 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-03-28 13:15 - 2014-03-28 13:15 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Opera Software
2014-03-28 13:15 - 2014-03-28 13:15 - 00000000 ____D () C:\Users\Florian\AppData\Local\Opera Software
2014-03-28 13:14 - 2014-03-28 13:15 - 00000000 ____D () C:\Program Files\Opera
2014-03-28 13:13 - 2014-03-28 13:13 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-03-28 13:13 - 2014-03-28 13:13 - 00000000 ____D () C:\Program Files\NirSoft
2014-03-28 13:12 - 2014-03-28 13:12 - 00154072 _____ () C:\Windows\Minidump\032814-22500-01.dmp
2014-03-28 13:10 - 2014-03-28 13:10 - 34734328 _____ (Opera Software ASA) C:\Users\Florian\Downloads\Opera_20.0.1387.82_Setup.exe
2014-03-28 13:08 - 2014-03-28 13:08 - 00151328 _____ () C:\Windows\Minidump\032814-22750-01.dmp
2014-03-28 12:02 - 2014-03-28 12:02 - 00141480 _____ () C:\Users\Florian\Downloads\bluescreenview_152setup.exe
2014-03-28 11:59 - 2014-03-28 11:59 - 00013507 _____ () C:\Users\Florian\Downloads\MemTest4.zip
2014-03-28 11:59 - 2014-03-28 11:59 - 00000000 ____D () C:\Users\Florian\Downloads\MemTest4
2014-03-28 11:57 - 2014-03-28 11:57 - 00154000 _____ () C:\Windows\Minidump\032814-29296-01.dmp
2014-03-28 11:51 - 2014-03-28 13:25 - 00000000 ____D () C:\Windows\Minidump
2014-03-28 11:51 - 2014-03-28 11:51 - 00154392 _____ () C:\Windows\Minidump\032814-33000-01.dmp
2014-03-28 11:50 - 2014-03-28 13:24 - 239226017 _____ () C:\Windows\MEMORY.DMP
2014-03-28 11:12 - 2014-03-28 11:23 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Nettalk
2014-03-28 11:08 - 2014-03-28 11:08 - 00002032 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-03-28 11:08 - 2014-03-28 11:08 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Thunderbird
2014-03-28 11:08 - 2014-03-28 11:08 - 00000000 ____D () C:\Users\Florian\AppData\Local\Thunderbird
2014-03-28 11:08 - 2014-03-28 11:08 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-28 11:07 - 2014-03-28 11:15 - 00000000 ____D () C:\Program Files\Nettalk6
2014-03-28 11:07 - 2014-03-28 11:07 - 02596807 _____ (Nicolas Kruse ) C:\Users\Florian\Downloads\setup.exe
2014-03-28 11:07 - 2014-03-28 11:07 - 00000958 _____ () C:\Users\Public\Desktop\Nettalk.lnk
2014-03-28 11:04 - 2014-03-28 11:04 - 21987424 _____ (Mozilla) C:\Users\Florian\Downloads\Thunderbird_Setup_de24.4.0.exe
2014-03-28 10:07 - 2014-03-28 10:07 - 00007168 _____ () C:\ComboFix.txt
2014-03-28 09:57 - 2014-03-28 10:07 - 00000000 ____D () C:\Qoobox
2014-03-28 09:57 - 2014-03-28 10:05 - 00000000 ____D () C:\Windows\erdnt
2014-03-28 09:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-28 09:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-28 09:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-28 09:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-28 09:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-28 09:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-28 09:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-28 09:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-28 09:54 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-03-28 09:54 - 2012-02-17 05:14 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-03-28 09:54 - 2012-02-17 05:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-03-28 09:53 - 2014-03-28 09:53 - 00001426 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-03-28 09:52 - 2014-03-28 09:53 - 00000000 ____D () C:\Program Files\LibreOffice 4
2014-03-28 09:50 - 2014-03-28 09:50 - 07624808 _____ () C:\Users\Florian\Downloads\npp.6.5.5.Installer.exe
2014-03-28 09:50 - 2014-03-28 09:50 - 00001027 _____ () C:\Users\UpdatusUser\Desktop\Notepad++.lnk
2014-03-28 09:50 - 2014-03-28 09:50 - 00001027 _____ () C:\Users\Florian\Desktop\Notepad++.lnk
2014-03-28 09:50 - 2014-03-28 09:50 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Notepad++
2014-03-28 09:50 - 2014-03-28 09:50 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-28 09:50 - 2014-03-28 09:50 - 00000000 ____D () C:\Program Files\Notepad++
2014-03-28 09:49 - 2014-03-28 09:51 - 220602368 _____ () C:\Users\Florian\Downloads\LibreOffice_4.2.2_Win_x86.msi
2014-03-28 09:46 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-03-28 09:46 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-03-28 09:46 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-03-28 09:46 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-03-28 09:46 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-03-28 09:46 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-03-28 09:46 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-03-28 09:46 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-03-28 09:46 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-03-28 09:41 - 2014-03-28 09:41 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 09:41 - 2014-03-28 09:41 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-28 09:41 - 2014-03-28 09:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 09:41 - 2014-03-28 09:41 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-03-28 09:41 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-28 09:41 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-28 09:41 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-28 09:40 - 2014-03-28 09:40 - 00001171 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk
2014-03-28 09:40 - 2014-03-28 09:40 - 00000000 ____D () C:\Program Files\Tracker Software
2014-03-28 09:39 - 2014-03-28 09:39 - 05192353 ____R (Swearware) C:\Users\Florian\Desktop\ComboFix.exe
2014-03-28 09:36 - 2014-01-19 08:32 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-28 09:35 - 2014-03-28 09:35 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-28 09:35 - 2014-03-28 09:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-28 09:32 - 2014-03-28 09:32 - 00309230 __RSH () C:\JHFSG
2014-03-28 09:17 - 2014-03-28 09:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-03-28 09:13 - 2014-03-28 09:13 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-03-28 09:12 - 2014-03-28 09:12 - 16587248 _____ (Tracker Software Products Ltd ) C:\Users\Florian\Downloads\PDFX142Vwer.exe
2014-03-28 09:09 - 2014-03-28 11:19 - 00069896 _____ () C:\Users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-28 09:04 - 2014-03-28 09:04 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-28 09:03 - 2014-03-28 09:03 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Macromedia
2014-03-28 09:03 - 2014-03-28 09:03 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Adobe
2014-03-28 09:03 - 2014-03-28 09:03 - 00000000 ____D () C:\Users\Florian\AppData\Local\Macromedia
2014-03-28 09:02 - 2014-03-28 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-28 09:02 - 2014-03-28 09:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-28 09:02 - 2014-03-28 09:02 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-28 08:54 - 2014-03-28 08:54 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Florian\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 08:52 - 2014-03-28 09:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-28 08:52 - 2014-03-28 08:52 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-28 08:52 - 2014-03-28 08:52 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Mozilla
2014-03-28 08:52 - 2014-03-28 08:52 - 00000000 ____D () C:\Users\Florian\AppData\Local\Mozilla
2014-03-28 08:48 - 2014-03-28 08:48 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-28 08:48 - 2013-01-31 10:01 - 03970848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-28 08:48 - 2013-01-31 10:01 - 02859296 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-03-28 08:48 - 2013-01-31 10:00 - 02557728 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-28 08:48 - 2013-01-31 10:00 - 00634656 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-28 08:48 - 2013-01-31 10:00 - 00108832 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-28 08:48 - 2013-01-31 10:00 - 00062752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-28 08:48 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-28 08:48 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-28 08:47 - 2014-03-28 08:47 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-28 08:47 - 2013-01-31 12:21 - 19915552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-03-28 08:47 - 2013-01-31 12:21 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-28 08:47 - 2013-01-31 12:21 - 10919200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-28 08:47 - 2013-01-31 12:21 - 07754560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-28 08:47 - 2013-01-31 12:21 - 06162704 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-28 08:47 - 2013-01-31 12:21 - 02577184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-28 08:47 - 2013-01-31 12:21 - 02446416 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-03-28 08:47 - 2013-01-31 12:21 - 01869088 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-28 08:47 - 2013-01-31 12:21 - 01010464 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2014-03-28 08:47 - 2013-01-31 12:21 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2014-03-28 08:47 - 2013-01-31 12:21 - 00053024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-03-28 08:47 - 2013-01-31 12:21 - 00012724 _____ () C:\Windows\system32\nvinfo.pb
2014-03-28 08:44 - 2014-03-28 08:48 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-28 08:43 - 2014-03-28 08:43 - 00000000 ____D () C:\NVIDIA
2014-03-28 08:40 - 2014-03-28 08:40 - 00001409 _____ () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-28 08:35 - 2014-03-28 11:12 - 00000000 ____D () C:\Users\Florian\AppData\Local\VirtualStore
2014-03-28 08:35 - 2014-03-28 08:36 - 00000000 ____D () C:\Users\Florian
2014-03-28 08:35 - 2014-03-28 08:35 - 00000020 ___SH () C:\Users\Florian\ntuser.ini
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\Startmenü
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\Netzwerkumgebung
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\Druckumgebung
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\Documents\Eigene Musik
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\Documents\Eigene Bilder
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\AppData\Local\Verlauf
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Programme
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 ____D () C:\Recovery
2014-03-28 08:35 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-28 08:35 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-28 08:30 - 2014-03-28 13:33 - 01837091 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 08:28 - 2014-03-28 08:31 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-03-28 08:26 - 2014-03-28 08:35 - 00000000 ____D () C:\Windows\Panther
2014-03-28 08:26 - 2014-03-28 08:26 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-03-28 08:26 - 2010-11-20 22:29 - 00383786 __RSH () C:\bootmgr
2014-02-27 16:37 - 2014-02-27 16:37 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-02-27 16:37 - 2014-02-27 16:37 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll

==================== One Month Modified Files and Folders =======

2014-03-28 13:36 - 2014-03-28 13:35 - 00004725 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-03-28 13:35 - 2014-03-28 13:35 - 01145856 _____ (Farbar) C:\Users\Florian\Desktop\FRST.exe
2014-03-28 13:35 - 2014-03-28 13:35 - 00000000 ____D () C:\FRST
2014-03-28 13:33 - 2014-03-28 08:30 - 01837091 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 13:32 - 2009-07-14 05:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 13:32 - 2009-07-14 05:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 13:30 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-28 13:25 - 2014-03-28 13:25 - 00157592 _____ () C:\Windows\Minidump\032814-28156-01.dmp
2014-03-28 13:25 - 2014-03-28 11:51 - 00000000 ____D () C:\Windows\Minidump
2014-03-28 13:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 13:25 - 2009-07-14 05:39 - 00022497 _____ () C:\Windows\setupact.log
2014-03-28 13:24 - 2014-03-28 11:50 - 239226017 _____ () C:\Windows\MEMORY.DMP
2014-03-28 13:17 - 2014-03-28 13:17 - 00158456 _____ () C:\Windows\Minidump\032814-23750-01.dmp
2014-03-28 13:15 - 2014-03-28 13:15 - 00001087 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-03-28 13:15 - 2014-03-28 13:15 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Opera Software
2014-03-28 13:15 - 2014-03-28 13:15 - 00000000 ____D () C:\Users\Florian\AppData\Local\Opera Software
2014-03-28 13:15 - 2014-03-28 13:14 - 00000000 ____D () C:\Program Files\Opera
2014-03-28 13:13 - 2014-03-28 13:13 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-03-28 13:13 - 2014-03-28 13:13 - 00000000 ____D () C:\Program Files\NirSoft
2014-03-28 13:12 - 2014-03-28 13:12 - 00154072 _____ () C:\Windows\Minidump\032814-22500-01.dmp
2014-03-28 13:10 - 2014-03-28 13:10 - 34734328 _____ (Opera Software ASA) C:\Users\Florian\Downloads\Opera_20.0.1387.82_Setup.exe
2014-03-28 13:08 - 2014-03-28 13:08 - 00151328 _____ () C:\Windows\Minidump\032814-22750-01.dmp
2014-03-28 12:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-28 12:02 - 2014-03-28 12:02 - 00141480 _____ () C:\Users\Florian\Downloads\bluescreenview_152setup.exe
2014-03-28 11:59 - 2014-03-28 11:59 - 00013507 _____ () C:\Users\Florian\Downloads\MemTest4.zip
2014-03-28 11:59 - 2014-03-28 11:59 - 00000000 ____D () C:\Users\Florian\Downloads\MemTest4
2014-03-28 11:57 - 2014-03-28 11:57 - 00154000 _____ () C:\Windows\Minidump\032814-29296-01.dmp
2014-03-28 11:51 - 2014-03-28 11:51 - 00154392 _____ () C:\Windows\Minidump\032814-33000-01.dmp
2014-03-28 11:44 - 2009-07-14 05:33 - 00321704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-28 11:43 - 2010-11-20 22:48 - 00006100 _____ () C:\Windows\PFRO.log
2014-03-28 11:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-28 11:23 - 2014-03-28 11:12 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Nettalk
2014-03-28 11:19 - 2014-03-28 09:09 - 00069896 _____ () C:\Users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-28 11:15 - 2014-03-28 11:07 - 00000000 ____D () C:\Program Files\Nettalk6
2014-03-28 11:12 - 2014-03-28 08:35 - 00000000 ____D () C:\Users\Florian\AppData\Local\VirtualStore
2014-03-28 11:08 - 2014-03-28 11:08 - 00002032 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-03-28 11:08 - 2014-03-28 11:08 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Thunderbird
2014-03-28 11:08 - 2014-03-28 11:08 - 00000000 ____D () C:\Users\Florian\AppData\Local\Thunderbird
2014-03-28 11:08 - 2014-03-28 11:08 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-28 11:07 - 2014-03-28 11:07 - 02596807 _____ (Nicolas Kruse ) C:\Users\Florian\Downloads\setup.exe
2014-03-28 11:07 - 2014-03-28 11:07 - 00000958 _____ () C:\Users\Public\Desktop\Nettalk.lnk
2014-03-28 11:04 - 2014-03-28 11:04 - 21987424 _____ (Mozilla) C:\Users\Florian\Downloads\Thunderbird_Setup_de24.4.0.exe
2014-03-28 10:07 - 2014-03-28 10:07 - 00007168 _____ () C:\ComboFix.txt
2014-03-28 10:07 - 2014-03-28 09:57 - 00000000 ____D () C:\Qoobox
2014-03-28 10:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-03-28 10:07 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-03-28 10:05 - 2014-03-28 09:57 - 00000000 ____D () C:\Windows\erdnt
2014-03-28 10:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-03-28 09:53 - 2014-03-28 09:53 - 00001426 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-03-28 09:53 - 2014-03-28 09:52 - 00000000 ____D () C:\Program Files\LibreOffice 4
2014-03-28 09:51 - 2014-03-28 09:49 - 220602368 _____ () C:\Users\Florian\Downloads\LibreOffice_4.2.2_Win_x86.msi
2014-03-28 09:50 - 2014-03-28 09:50 - 07624808 _____ () C:\Users\Florian\Downloads\npp.6.5.5.Installer.exe
2014-03-28 09:50 - 2014-03-28 09:50 - 00001027 _____ () C:\Users\UpdatusUser\Desktop\Notepad++.lnk
2014-03-28 09:50 - 2014-03-28 09:50 - 00001027 _____ () C:\Users\Florian\Desktop\Notepad++.lnk
2014-03-28 09:50 - 2014-03-28 09:50 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Notepad++
2014-03-28 09:50 - 2014-03-28 09:50 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-28 09:50 - 2014-03-28 09:50 - 00000000 ____D () C:\Program Files\Notepad++
2014-03-28 09:41 - 2014-03-28 09:41 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 09:41 - 2014-03-28 09:41 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-28 09:41 - 2014-03-28 09:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 09:41 - 2014-03-28 09:41 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-03-28 09:40 - 2014-03-28 09:40 - 00001171 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk
2014-03-28 09:40 - 2014-03-28 09:40 - 00000000 ____D () C:\Program Files\Tracker Software
2014-03-28 09:40 - 2014-03-28 08:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-28 09:39 - 2014-03-28 09:39 - 05192353 ____R (Swearware) C:\Users\Florian\Desktop\ComboFix.exe
2014-03-28 09:35 - 2014-03-28 09:35 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-28 09:35 - 2014-03-28 09:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-28 09:32 - 2014-03-28 09:32 - 00309230 __RSH () C:\JHFSG
2014-03-28 09:17 - 2014-03-28 09:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-03-28 09:13 - 2014-03-28 09:13 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-03-28 09:12 - 2014-03-28 09:12 - 16587248 _____ (Tracker Software Products Ltd ) C:\Users\Florian\Downloads\PDFX142Vwer.exe
2014-03-28 09:04 - 2014-03-28 09:04 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-28 09:03 - 2014-03-28 09:03 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Macromedia
2014-03-28 09:03 - 2014-03-28 09:03 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Adobe
2014-03-28 09:03 - 2014-03-28 09:03 - 00000000 ____D () C:\Users\Florian\AppData\Local\Macromedia
2014-03-28 09:02 - 2014-03-28 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-28 09:02 - 2014-03-28 09:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-28 09:02 - 2014-03-28 09:02 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-28 08:57 - 2009-07-14 05:53 - 00005168 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 08:57 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2014-03-28 08:54 - 2014-03-28 08:54 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Florian\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 08:52 - 2014-03-28 08:52 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-28 08:52 - 2014-03-28 08:52 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Mozilla
2014-03-28 08:52 - 2014-03-28 08:52 - 00000000 ____D () C:\Users\Florian\AppData\Local\Mozilla
2014-03-28 08:48 - 2014-03-28 08:48 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-03-28 08:48 - 2014-03-28 08:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-28 08:48 - 2014-03-28 08:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-28 08:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help
2014-03-28 08:47 - 2014-03-28 08:47 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-28 08:43 - 2014-03-28 08:43 - 00000000 ____D () C:\NVIDIA
2014-03-28 08:40 - 2014-03-28 08:40 - 00001409 _____ () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-28 08:36 - 2014-03-28 08:35 - 00000000 ____D () C:\Users\Florian
2014-03-28 08:35 - 2014-03-28 08:35 - 00000020 ___SH () C:\Users\Florian\ntuser.ini
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\Startmenü
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\Netzwerkumgebung
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\Druckumgebung
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\Documents\Eigene Musik
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\Documents\Eigene Bilder
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Florian\AppData\Local\Verlauf
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\Programme
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-03-28 08:35 - 2014-03-28 08:35 - 00000000 ____D () C:\Recovery
2014-03-28 08:35 - 2014-03-28 08:26 - 00000000 ____D () C:\Windows\Panther
2014-03-28 08:35 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-28 08:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-03-28 08:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2014-03-28 08:31 - 2014-03-28 08:28 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-03-28 08:28 - 2009-07-14 05:34 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-03-28 08:26 - 2014-03-28 08:26 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-03-28 08:26 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-03-28 08:26 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-03-05 09:26 - 2014-03-28 09:41 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-28 09:41 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-28 09:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-27 16:37 - 2014-02-27 16:37 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-02-27 16:37 - 2014-02-27 16:37 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-28 12:41

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Florian at 2014-03-28 13:36:38
Running from C:\Users\Florian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
LibreOffice 4.2.2.1 (HKLM\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
Nettalk 6.7 (HKLM\...\Nettalk_is1) (Version:  - Nicolas Kruse)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)

==================== Restore Points  =========================

28-03-2014 07:57:21 Windows Update
28-03-2014 08:36:38 Windows Update
28-03-2014 08:46:02 Windows Update
28-03-2014 08:51:57 Installed LibreOffice 4.2.2.1
28-03-2014 08:54:18 Windows Update
28-03-2014 10:40:40 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============


==================== Loaded Modules (whitelisted) =============

2014-03-28 08:48 - 2013-01-31 10:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2014-03-28 08:52 - 2014-03-15 09:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2014 01:35:38 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8007000e) festgestellt.

Error: (03/28/2014 01:34:49 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8007000e) festgestellt.

Error: (03/28/2014 01:29:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc225
Name des fehlerhaften Moduls: nvd3dum.dll, Version: 9.18.13.783, Zeitstempel: 0x510a1d8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0052e83d
ID des fehlerhaften Prozesses: 0x638
Startzeit der fehlerhaften Anwendung: 0xDwm.exe0
Pfad der fehlerhaften Anwendung: Dwm.exe1
Pfad des fehlerhaften Moduls: Dwm.exe2
Berichtskennung: Dwm.exe3

Error: (03/28/2014 01:26:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 01:19:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 01:14:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 01:13:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.783, Zeitstempel: 0x510a2910
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x740017c3
ID des fehlerhaften Prozesses: 0x9d0
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (03/28/2014 01:13:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc225
Name des fehlerhaften Moduls: dwmcore.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b815
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000860cc
ID des fehlerhaften Prozesses: 0x728
Startzeit der fehlerhaften Anwendung: 0xDwm.exe0
Pfad der fehlerhaften Anwendung: Dwm.exe1
Pfad des fehlerhaften Moduls: Dwm.exe2
Berichtskennung: Dwm.exe3

Error: (03/28/2014 01:13:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce796f3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x751f853d
ID des fehlerhaften Prozesses: 0x760
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (03/28/2014 01:09:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/28/2014 01:24:57 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

Error: (03/28/2014 01:25:06 PM) (Source: BugCheck) (User: )
Description: 0x0000008e (0xc0000005, 0x13af18e0, 0x9e5bd874, 0x00000000)C:\Windows\MEMORY.DMP032814-28156-01

Error: (03/28/2014 01:25:04 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎28.‎03.‎2014 um 13:22:37 unerwartet heruntergefahren.

Error: (03/28/2014 01:17:57 PM) (Source: BugCheck) (User: )
Description: 0x0000008e (0xc0000005, 0x13f818e0, 0x9cc3b874, 0x00000000)C:\Windows\MEMORY.DMP032814-23750-01

Error: (03/28/2014 01:17:56 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎28.‎03.‎2014 um 13:16:35 unerwartet heruntergefahren.

Error: (03/28/2014 01:12:41 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

Error: (03/28/2014 01:12:55 PM) (Source: BugCheck) (User: )
Description: 0x0000008e (0xc0000005, 0x13de18e0, 0x98b43874, 0x00000000)C:\Windows\MEMORY.DMP032814-22500-01

Error: (03/28/2014 01:12:53 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎28.‎03.‎2014 um 13:10:56 unerwartet heruntergefahren.

Error: (03/28/2014 01:08:02 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

Error: (03/28/2014 01:08:12 PM) (Source: BugCheck) (User: )
Description: 0x0000008e (0xc0000005, 0x13b618e0, 0x9a56f874, 0x00000000)C:\Windows\MEMORY.DMP032814-22750-01


Microsoft Office Sessions:
=========================
Error: (03/28/2014 01:35:38 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8007000e

Error: (03/28/2014 01:34:49 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8007000e

Error: (03/28/2014 01:29:59 PM) (Source: Application Error)(User: )
Description: Dwm.exe6.1.7600.163854a5bc225nvd3dum.dll9.18.13.783510a1d8ec00000050052e83d63801cf4a80c141e828C:\Windows\system32\Dwm.exeC:\Windows\system32\nvd3dum.dllacc7c054-b674-11e3-805a-0016e61fb86c

Error: (03/28/2014 01:26:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 01:19:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 01:14:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/28/2014 01:13:37 PM) (Source: Application Error)(User: )
Description: nvtray.exe7.17.13.783510a2910unknown0.0.0.000000000c0000005740017c39d001cf4a7f1395429dC:\Program Files\NVIDIA Corporation\Display\nvtray.exeunknown6376977a-b672-11e3-aadb-0016e61fb86c

Error: (03/28/2014 01:13:30 PM) (Source: Application Error)(User: )
Description: Dwm.exe6.1.7600.163854a5bc225dwmcore.dll6.1.7601.175144ce7b815c0000005000860cc72801cf4a7f0e88e1ecC:\Windows\system32\Dwm.exeC:\Windows\system32\dwmcore.dll5f6bdae6-b672-11e3-aadb-0016e61fb86c

Error: (03/28/2014 01:13:05 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175144ce796f3unknown0.0.0.000000000c0000005751f853d76001cf4a7f0e9e5716C:\Windows\Explorer.EXEunknown509ec9ad-b672-11e3-aadb-0016e61fb86c

Error: (03/28/2014 01:09:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 3326.55 MB
Available physical RAM: 2298.79 MB
Total Pagefile: 6651.39 MB
Available Pagefile: 5566.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:215.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 0003D58A)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 000795CB)
Partition 1: (Not Active) - (Size=233 GB) - (Type=06)

==================== End Of Log ============================
__________________
__________________
Alt 29.03.2014, 09:39   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Bluescreen dumping physical memory - Standard

Bluescreen dumping physical memory


den aktuellsten Dump zippen und anhängen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.03.2014, 11:32   #5
Dump
 
Bluescreen dumping physical memory - Standard

Bluescreen dumping physical memory


So nach 1000maligen rum probieren wie ich diese datein zippe.
Endlich schafft.
Der letzte Dump liegt als Angang bei.

MfG Dump

__________________
Ich habe mein ganzes Leben lang nur versucht, nach oben zu kommen in der Gesellschaft, wo es legal und ehrlich zugeht. Aber je höher ich aufsteige, umso verlogener und schlimmer wird alles.
Alt 31.03.2014, 09:37   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Bluescreen dumping physical memory - Standard

Bluescreen dumping physical memory


Hi,

schick mir heute nachmittag ab 17 Uhr bitte eine PM, ich kann auf Arbeit keine Dumps öffnen.
__________________
--> Bluescreen dumping physical memory

Antwort

Themen zu Bluescreen dumping physical memory
blue screen, bluescree, bluescreen, folge, folgender, heute, laufe, laufenden, memory, morgen, problem, ram, windows, windows 7


« Windows 8: Schwarzer Bildschirm mit beweglicher Maus | Windows 8.1 schwarzer Schirm Maus lässt sich bewegen »


Ähnliche Themen: Bluescreen dumping physical memory


  1. Bluescreen an attempt was made to write on read only memory
    Alles rund um Windows - 09.08.2015 (12)
  2. dumping physical memory
    Alles rund um Windows - 20.06.2015 (27)
  3. Bluescreen Problem-Anleitung für Bluescreen nicht anwenbar bei Bildschirm Freeze
    Alles rund um Windows - 04.04.2015 (18)
  4. Win7: Bluescreen-Physical Memory Dump - WhoCrashed-Log: mbamswissarmy.sys
    Log-Analyse und Auswertung - 21.09.2014 (5)
  5. Truecrypt heimlicher physical memory fresser?
    Alles rund um Windows - 05.11.2013 (11)
  6. Windows verschlüsselungstrojaner: out of memory?
    Log-Analyse und Auswertung - 21.06.2012 (1)
  7. Memory Optimizer entfernen
    Anleitungen, FAQs & Links - 20.01.2011 (2)
  8. Good Memory entfernen
    Anleitungen, FAQs & Links - 19.01.2011 (2)
  9. Bluescreen: Fehlerabbild-Datei (Memory Dump) und/oder (Mini-Dump/CrashDump)
    Anleitungen, FAQs & Links - 01.11.2010 (1)
  10. program too big to fit in memory
    Log-Analyse und Auswertung - 01.02.2010 (1)
  11. Was tun bei Trojaner auf Memory Stick?
    Plagegeister aller Art und deren Bekämpfung - 01.11.2009 (7)
  12. Bluescreen memory management
    Netzwerk und Hardware - 21.10.2009 (10)
  13. Setup: Program too big to fit in memory
    Log-Analyse und Auswertung - 12.05.2009 (22)
  14. Ricsi-831 Befall in MEMORY.DMP
    Log-Analyse und Auswertung - 31.10.2008 (1)
  15. Hijackthis = out of memory???
    Mülltonne - 12.08.2008 (0)
  16. Bluescreen durch smit fraud, einen tag später wieder bluescreen
    Log-Analyse und Auswertung - 05.02.2008 (3)
  17. Bluescreen - Special Pool Detected Memory Coruption
    Log-Analyse und Auswertung - 25.10.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bluescreen dumping physical memory - Hallo, ich bekomme seit heute morgen immer mal wieder Bluescreens mit folgender Meldung. blue screen dumping physical memory to Disk = 0,10,20,30... und die Zahlsteigt. Ich habe schon mit Memtest - Bluescreen dumping physical memory...
Archiv
Du betrachtest: Bluescreen dumping physical memory auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19