|
Log-Analyse und Auswertung: Dauerhafter Fehler im Log "Abbildintegrität mit Hinweis auf beschädigte / schädigende Datei"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.07.2014, 19:19 | #1 |
| Dauerhafter Fehler im Log "Abbildintegrität mit Hinweis auf beschädigte / schädigende Datei" Liebes Trojaner-Board-Team, ich habe seit langer Zeit einen immer wiederkehrenden Fehler in meinen Logs, der sich vollständig wie folgt liest: Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Oscar\Desktop\NTools\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Ich bin mir als IT - affiner Mensch eigentlich recht sicher, dass es keine Schadsoftware auf das System geschafft hat, aber auch nach unzähligen Bemühungen das Problem zu analysieren taucht der Fehler immer wieder auf aus meinem Toolbaukasten. Vielleicht eine einfache Inkompatibilität? Oder habe ich da doch etwas Ernsteres vorliegen? Das System ist nicht unbedingt eine Standardkonfiguration, da ich primär selbst viel direkt im System arbeite und auch von der einen oder anderen manuellen Änderung in der Registry bewusst nicht zurückschrecke. Eigentlich hatte ich die Hoffnung das Problem selbst identifizieren / lösen zu können aber es mag einfach nicht gelingen. So überlasse ich Euch nun meine Systemlogs, denn vielleicht weiß Jemand die genaue Fehlerursache und ich habe es im Wald vor lauter Bäumen eventuell einfach nicht bemerkt / gesehen. Nun die Logs Gruß Aluhut Hijackthis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 17:29:01, on 09.07.2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17126) FIREFOX: 28.0 (de) Boot mode: Normal Running processes: C:\Program Files\TrueCrypt\TrueCrypt.exe C:\Program Files (x86)\FreePDF_XP\fpassist.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Users\Oscar\Desktop\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.startpage.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startpage.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 6707 bytes AdwCleaner Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 09/07/2014 um 18:11:41 # Aktualisiert 09/07/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Oscar - G3J9OGC # Gestartet von : C:\Users\Oscar\Desktop\adwcleaner_3.215.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\pdwv1fzb.default-1393544953782\prefs.js ] ************************* AdwCleaner[R0].txt - [1157 octets] - [09/07/2014 17:15:15] AdwCleaner[R1].txt - [744 octets] - [09/07/2014 18:11:41] AdwCleaner[S0].txt - [1218 octets] - [09/07/2014 17:19:20] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [863 octets] ######## FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014 Ran by Oscar (administrator) on G3J9OGC on 09-07-2014 18:54:35 Running from C:\Users\Oscar\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (The Wireshark developer community, hxxp://www.wireshark.org/) C:\Program Files\Wireshark\Wireshark.exe (The Wireshark developer community) C:\Program Files\Wireshark\dumpcap.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-12-13] (Realtek Semiconductor) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-04] (Microsoft Corporation) HKU\S-1-5-21-1210512344-1695762847-87065752-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-04-28] (TrueCrypt Foundation) HKU\S-1-5-21-1210512344-1695762847-87065752-1001\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-1210512344-1695762847-87065752-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKU\S-1-5-21-1210512344-1695762847-87065752-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1 HKU\S-1-5-21-1210512344-1695762847-87065752-1001\...\MountPoints2: {16cee22e-062f-11e4-9622-74d43596c00b} - V:\dvdcheck.exe HKU\S-1-5-21-1210512344-1695762847-87065752-1001\...\MountPoints2: {16cee36c-062f-11e4-9622-74d43596c00b} - V:\dvdcheck.exe HKU\S-1-5-21-1210512344-1695762847-87065752-1001\...\MountPoints2: {92621961-edd8-11e3-86a3-806e6f6e6963} - D:\setup.exe BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== ProxyServer: localhost:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startpage.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x92876A6B70D9CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope {37792BC5-F480-40B4-A4F8-FB0BF6C7DF21} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\pdwv1fzb.default-1393544953782 FF NewTab: user_pref("browser.newtab.url", ""); FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", ""); FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", ""); FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Homepage: www.startpage.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\pdwv1fzb.default-1393544953782\Extensions\artur.dubovoy@gmail.com [2014-05-09] FF Extension: Ghostery - C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\pdwv1fzb.default-1393544953782\Extensions\firefox@ghostery.com.xpi [2014-02-28] FF Extension: NoScript - C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\pdwv1fzb.default-1393544953782\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-28] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed] S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] () S4 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-11-04] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed] S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 PORTMON; C:\Users\Oscar\Desktop\NTools\PORTMSYS.SYS [28656 2014-07-07] (Systems Internals) [File not signed] R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics) S4 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] () S3 ALSysIO; \??\C:\Users\Oscar\AppData\Local\Temp\ALSysIO64.sys [X] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] S3 cpuz137; \??\C:\Users\Oscar\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] S4 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys 342156AF1FED5ED3A5D3FBB3D87F48E8 C:\Windows\System32\DRIVERS\atikmpag.sys 9DCA2AFEABF1D109FB2C229491C9F293 C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\DRIVERS\amd_sata.sys 172C69FE64D07BDF5CE24146274F8CB8 C:\Windows\System32\DRIVERS\amd_xata.sys A8FD2F5F3E70BE8FF66D2AFC6B6FB051 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87 C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys 1FDE3302A17928B999E6BBA6D346F7DB C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AppleCharger.sys E4D0F0D5EB374D8BACF40E30E9771D60 C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtihdW76.sys C22D4905DDDF73EB0349D3B0604234A2 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys 326E77EA6E9BF27C7CD2837D65DB96C7 C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\CT20XUT.SYS 148C9C111291C41D6B2ABFB6FBB43856 C:\Windows\System32\drivers\CT20XUT.SYS 148C9C111291C41D6B2ABFB6FBB43856 C:\Windows\System32\drivers\ctac32k.sys 397FBD4454E5B2FB77E55D1013DF548C C:\Windows\System32\drivers\ctaud2k.sys 50A8CD4DF066FE57D0C473A2645988CC C:\Windows\System32\drivers\CTEXFIFX.SYS 6F9C3C6C78F5296F4BC7102FB0F7CB65 C:\Windows\System32\drivers\CTEXFIFX.SYS 6F9C3C6C78F5296F4BC7102FB0F7CB65 C:\Windows\System32\drivers\CTHWIUT.SYS AE78CA7EE865A28AC841211DB655ACF3 C:\Windows\System32\drivers\CTHWIUT.SYS AE78CA7EE865A28AC841211DB655ACF3 C:\Windows\System32\drivers\ctprxy2k.sys 757776E207CA5E71E4A16BD1260AE1F2 C:\Windows\System32\drivers\ctsfm2k.sys 9B111EE2F488A8D9C21A13ED4C777795 C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52 C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\System32\drivers\emupia2k.sys 683DCAF0D4EFC3F95A32E8924849202D C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\EtronHub3.sys FD291A75ECAF197F07BD2040C2A7322A C:\Windows\System32\Drivers\EtronXHCI.sys DDE9068F9BAC0210195F217AA39B9276 C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\drivers\ha20x22k.sys 076F366B87575ADC7D152C7A34ACB3DC C:\Windows\System32\drivers\ha20x2k.sys 4A7533EB52DC9D1847E7F78DEE1CE322 C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys 7A3585C4000C8340AE6B7FA08F9EF50F C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\MpFilter.sys 9EB89625A82AC961F25E7C865947BF9A C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NisDrvWFP.sys C3E0696C3B42F694C5822776AA6FFFDF C:\Windows\System32\drivers\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\System32\drivers\ctoss2k.sys A29A80A1CF63D0DC27EEFCAF27D34664 C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Users\Oscar\Desktop\NTools\PORTMSYS.SYS C58AE9881CD83BB1662A7E062E11CBD6 C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\drivers\RtHDMIVX.sys C435AC77704EB16E85C9D630F4D4B4F7 C:\Windows\System32\DRIVERS\Rt64win7.sys 7F4F11527AF5A7E4526CB6A146B3E40C C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB C:\Windows\SysWOW64\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\drivers\truecrypt.sys 370A6907DDF79532A39319492B1FA38A C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\System32\DRIVERS\UsbCharger.sys 84A8E67E6CB15B070A2A7A0B3A9F1609 C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-09 18:21 - 2014-07-09 18:54 - 00027835 _____ () C:\Users\Oscar\Desktop\FRST.txt 2014-07-09 18:17 - 2014-07-09 18:17 - 00000942 _____ () C:\Users\Oscar\Desktop\AdwCleaner[R1].txt 2014-07-09 18:05 - 2014-07-09 17:14 - 01348263 _____ () C:\Users\Oscar\Desktop\adwcleaner_3.215.exe 2014-07-09 17:29 - 2014-07-09 17:29 - 00006708 _____ () C:\Users\Oscar\Desktop\hijackthis.log 2014-07-09 17:14 - 2014-07-09 18:11 - 00000000 ____D () C:\AdwCleaner 2014-07-09 16:05 - 2014-07-09 18:10 - 00000000 __SHD () C:\Users\Oscar\AppData\Local\EmieUserList 2014-07-09 16:05 - 2014-07-09 18:10 - 00000000 __SHD () C:\Users\Oscar\AppData\Local\EmieSiteList 2014-07-09 15:33 - 2014-07-09 18:54 - 00000000 ____D () C:\FRST 2014-07-09 15:33 - 2014-07-09 17:28 - 00017306 ____N () C:\Windows\WindowsUpdate.log 2014-07-09 15:16 - 2014-07-09 15:16 - 02084352 _____ (Farbar) C:\Users\Oscar\Desktop\FRST64.exe 2014-07-09 14:12 - 2014-07-09 14:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Oscar\Desktop\hijackthis.exe 2014-07-09 12:43 - 2014-07-09 12:43 - 00001110 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-07-09 12:43 - 2014-07-09 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-07-09 12:43 - 2014-07-09 12:43 - 00000000 ____D () C:\Program Files (x86)\Emsisoft HiJackFree 2014-07-09 02:12 - 2014-07-09 17:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-09 02:12 - 2014-07-09 02:12 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-09 02:12 - 2014-07-09 02:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-09 02:12 - 2014-07-09 02:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-09 02:12 - 2014-07-09 02:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-09 02:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-09 02:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-09 02:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-08 21:21 - 2014-07-08 21:21 - 00067420 _____ () C:\Windows\SysWOW64\CCCInstall_201407082121038232.log 2014-07-08 21:21 - 2014-07-08 21:21 - 00000000 ____D () C:\ProgramData\ATI 2014-07-08 21:21 - 2014-07-08 21:21 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-07-08 21:20 - 2014-07-08 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-07-08 21:20 - 2014-07-08 21:20 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2014-07-08 21:19 - 2014-07-08 21:20 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-07-08 21:15 - 2014-07-08 21:15 - 00061236 _____ () C:\Windows\SysWOW64\CCCInstall_201407082115355834.log 2014-07-08 20:53 - 2014-07-08 20:53 - 00000000 ____D () C:\Users\Oscar\AppData\Local\CrashRpt 2014-07-08 19:37 - 2014-07-08 19:37 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga 2014-07-08 19:37 - 2014-07-08 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga 2014-07-08 19:31 - 2014-07-08 19:37 - 00000000 ____D () C:\Program Files (x86)\Wing Commander Saga 2014-07-08 19:30 - 2014-07-08 19:30 - 00000000 ____D () C:\Users\Oscar\Documents\Volition 2014-07-08 13:27 - 2014-07-08 13:27 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-07-07 22:34 - 2014-07-07 22:35 - 00000000 ____D () C:\Users\Oscar\Desktop\Progs 2014-07-07 16:20 - 2014-07-07 17:28 - 00008704 _____ () C:\Users\Oscar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-07 16:14 - 2014-07-07 16:14 - 00000000 ____D () C:\Users\Oscar\AppData\Local\TechSmith 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\Windows\SysWOW64\QuickTime 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\Users\Oscar\Documents\Camtasia Studio 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\ProgramData\TechSmith 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-07-07 16:13 - 2010-03-04 17:27 - 00411480 _____ (TechSmith Corporation) C:\Windows\SysWOW64\tsccvid.dll 2014-07-07 15:07 - 2014-07-07 15:07 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\MPC-HC 2014-07-07 15:05 - 2014-07-07 15:05 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.6.5 2014-07-07 15:05 - 2014-07-07 15:05 - 00000000 ____D () C:\Program Files\X Codec Pack 2014-07-07 15:00 - 2014-07-07 15:06 - 00004580 _____ () C:\Users\Oscar\AppData\Roaming\CamStudio.cfg 2014-07-07 15:00 - 2014-07-07 15:06 - 00000408 _____ () C:\Users\Oscar\AppData\Roaming\CamShapes.ini 2014-07-07 15:00 - 2014-07-07 15:06 - 00000408 _____ () C:\Users\Oscar\AppData\Roaming\CamLayout.ini 2014-07-07 15:00 - 2014-07-07 15:06 - 00000107 _____ () C:\Users\Oscar\AppData\Roaming\Camdata.ini 2014-07-07 14:35 - 2014-07-07 14:58 - 00000000 ____D () C:\Users\Oscar\Documents\My CamStudio Temp Files 2014-07-07 14:29 - 2014-07-07 15:05 - 00000096 _____ () C:\Users\Oscar\AppData\Roaming\version2.xml 2014-07-07 14:24 - 2014-07-07 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7 2014-07-07 14:24 - 2014-07-07 14:24 - 00000000 ____D () C:\Program Files\CamStudio 2.7 2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Stellarium 2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\Oscar\AppData\Local\stellarium 2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium 2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Program Files\Stellarium 2014-07-05 18:10 - 2014-07-05 18:10 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-07-04 14:18 - 2014-07-04 14:18 - 00000000 ____D () C:\ProgramData\Razer 2014-07-02 17:54 - 2014-07-02 17:54 - 00003825 _____ () C:\Users\Oscar\Desktop\myProfile.xml 2014-07-02 12:03 - 2014-07-05 23:30 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-07-02 11:54 - 2014-07-02 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu 2014-07-02 11:54 - 2014-07-02 11:54 - 00000000 ____D () C:\Program Files (x86)\WinCDEmu 2014-07-01 20:18 - 2014-07-08 21:34 - 00000000 ____D () C:\Users\Oscar\Desktop\Spiele 2014-07-01 09:29 - 2014-07-05 17:35 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\MAXON 2014-06-30 10:27 - 2014-06-30 10:27 - 00000000 ____D () C:\Users\Oscar\AppData\Local\4kdownload.com 2014-06-30 10:18 - 2014-06-30 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download 2014-06-30 10:18 - 2014-06-30 10:18 - 00000000 ____D () C:\Program Files (x86)\4KDownload 2014-06-29 21:24 - 2014-06-29 21:24 - 00062096 _____ () C:\Windows\SysWOW64\CCCInstall_201406292124177880.log 2014-06-29 20:49 - 2014-06-29 20:49 - 00001468 _____ () C:\Users\Oscar\AppData\Local\recently-used.xbel 2014-06-26 12:01 - 2014-06-26 12:01 - 00001367 _____ () C:\Users\Oscar\Desktop\Remote Desktop Connection.lnk 2014-06-21 11:20 - 2014-07-09 14:10 - 00000000 ____D () C:\Users\Oscar\AppData\Local\VirtualStore 2014-06-21 04:57 - 2014-06-21 04:57 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe 2014-06-21 04:57 - 2014-06-21 04:57 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe 2014-06-21 04:57 - 2014-06-21 04:57 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe 2014-06-21 04:57 - 2014-06-21 04:57 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe 2014-06-21 03:46 - 2014-06-21 03:46 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat 2014-06-21 03:46 - 2014-06-21 03:46 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat 2014-06-21 03:46 - 2014-06-21 03:46 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat 2014-06-21 03:46 - 2014-06-21 03:46 - 00157144 _____ () C:\Windows\system32\ativvsva.dat 2014-06-20 20:21 - 2014-06-20 20:21 - 00000000 ____D () C:\Users\Oscar\AppData\Local\My Games 2014-06-20 20:15 - 2014-07-08 02:23 - 00000000 ____D () C:\Games 2014-06-20 18:07 - 2014-07-09 12:47 - 00000010 _____ () C:\Windows\wininit.ini 2014-06-20 18:04 - 2014-06-20 18:04 - 00000000 ____D () C:\TrueCrypt 2014-06-19 01:17 - 2014-06-19 01:17 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2014-06-19 01:17 - 2014-06-19 01:17 - 00000000 ____D () C:\Program Files (x86)\GPU-Z 2014-06-19 01:16 - 2014-06-19 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D 2014-06-19 01:16 - 2014-06-19 01:16 - 00000000 ____D () C:\Program Files (x86)\Geeks3D 2014-06-18 05:30 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-18 05:30 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-18 05:30 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-18 05:30 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-18 05:30 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-18 05:30 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-18 05:30 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-18 05:30 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-18 05:30 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-18 05:30 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-18 05:30 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-18 05:30 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-18 05:30 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-18 05:30 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-18 05:30 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-18 05:30 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-18 05:30 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-18 05:30 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-18 05:30 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-18 05:30 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-18 05:30 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-18 05:30 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-18 05:30 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-18 05:30 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-18 05:30 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-18 05:30 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-18 05:30 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-18 05:30 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-18 05:30 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-18 05:30 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-18 05:30 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-18 05:30 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-18 05:30 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-18 05:30 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-18 05:30 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-18 05:30 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-18 05:30 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-18 05:30 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-18 05:30 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-18 05:30 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-18 05:30 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-18 05:30 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-18 05:30 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-18 05:29 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-18 05:29 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-18 05:29 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-18 05:29 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-18 05:29 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-18 05:29 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-18 05:29 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-18 05:29 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-18 05:29 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-18 05:29 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-18 05:29 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-18 05:29 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-18 05:29 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-18 05:29 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-18 05:29 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-18 05:29 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-18 05:29 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-18 05:29 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-18 05:29 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-18 05:29 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-18 05:29 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-18 05:29 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-18 05:29 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-13 20:51 - 2014-06-13 20:59 - 00000000 ____D () C:\Users\Oscar\Unigine Tropics 2014-06-13 20:44 - 2014-07-02 18:43 - 00000000 ____D () C:\Users\Oscar\Desktop\Benchmarks 2014-06-13 01:37 - 2014-06-13 02:13 - 00000000 ____D () C:\Users\Oscar\Valley 2014-06-12 23:42 - 2014-06-12 23:45 - 00000000 ____D () C:\Users\Oscar\Unigine Sanctuary 2014-06-12 23:41 - 2014-06-13 20:43 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unigine 2014-06-12 23:11 - 2014-06-12 23:11 - 00000000 ____D () C:\Program Files\Unigine 2014-06-12 20:15 - 2014-07-07 22:47 - 02712576 _____ () C:\Users\Oscar\AppData\Local\file__0.localstorage 2014-06-12 20:15 - 2014-06-12 23:22 - 00000000 ____D () C:\Users\Oscar\Heaven 2014-06-12 20:13 - 2014-06-13 20:43 - 00000000 ____D () C:\Program Files (x86)\Unigine 2014-06-12 20:13 - 2014-06-13 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine 2014-06-09 14:20 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140609-142047.backup 2014-06-09 13:43 - 2014-06-09 13:44 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Audacity 2014-06-09 13:43 - 2014-06-09 13:43 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2014-06-09 13:43 - 2014-06-09 13:43 - 00000000 ____D () C:\Program Files (x86)\Audacity 2014-06-09 13:34 - 2014-06-09 13:34 - 00001905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-06-09 13:34 - 2014-06-09 13:34 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Canneverbe Limited 2014-06-09 13:34 - 2014-06-09 13:34 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-06-09 12:13 - 2014-06-09 12:15 - 00000000 ____D () C:\Users\Oscar\Documents\3DMark 11 2014-06-09 12:06 - 2014-06-09 12:06 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\FreePDF 2014-06-09 11:26 - 2014-07-07 15:48 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\vlc 2014-06-09 11:25 - 2014-06-09 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-06-09 11:25 - 2014-06-09 11:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN ==================== One Month Modified Files and Folders ======= 2014-07-09 18:54 - 2014-07-09 18:21 - 00027835 _____ () C:\Users\Oscar\Desktop\FRST.txt 2014-07-09 18:54 - 2014-07-09 15:33 - 00000000 ____D () C:\FRST 2014-07-09 18:17 - 2014-07-09 18:17 - 00000942 _____ () C:\Users\Oscar\Desktop\AdwCleaner[R1].txt 2014-07-09 18:11 - 2014-07-09 17:14 - 00000000 ____D () C:\AdwCleaner 2014-07-09 18:10 - 2014-07-09 16:05 - 00000000 __SHD () C:\Users\Oscar\AppData\Local\EmieUserList 2014-07-09 18:10 - 2014-07-09 16:05 - 00000000 __SHD () C:\Users\Oscar\AppData\Local\EmieSiteList 2014-07-09 17:33 - 2014-07-09 02:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-09 17:29 - 2014-07-09 17:29 - 00006708 _____ () C:\Users\Oscar\Desktop\hijackthis.log 2014-07-09 17:28 - 2014-07-09 15:33 - 00017306 ____N () C:\Windows\WindowsUpdate.log 2014-07-09 17:27 - 2009-07-14 06:45 - 00016144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-09 17:27 - 2009-07-14 06:45 - 00016144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-09 17:24 - 2009-07-14 19:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-07-09 17:24 - 2009-07-14 19:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-07-09 17:24 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-09 17:14 - 2014-07-09 18:05 - 01348263 _____ () C:\Users\Oscar\Desktop\adwcleaner_3.215.exe 2014-07-09 15:17 - 2014-06-19 23:28 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\BitTorrent 2014-07-09 15:16 - 2014-07-09 15:16 - 02084352 _____ (Farbar) C:\Users\Oscar\Desktop\FRST64.exe 2014-07-09 14:10 - 2014-06-21 11:20 - 00000000 ____D () C:\Users\Oscar\AppData\Local\VirtualStore 2014-07-09 14:05 - 2014-07-09 14:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Oscar\Desktop\hijackthis.exe 2014-07-09 12:47 - 2014-06-20 18:07 - 00000010 _____ () C:\Windows\wininit.ini 2014-07-09 12:43 - 2014-07-09 12:43 - 00001110 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-07-09 12:43 - 2014-07-09 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-07-09 12:43 - 2014-07-09 12:43 - 00000000 ____D () C:\Program Files (x86)\Emsisoft HiJackFree 2014-07-09 11:51 - 2013-12-05 18:11 - 00000000 ____D () C:\Windows\Minidump 2014-07-09 10:35 - 2013-11-14 22:07 - 00000000 ____D () C:\Temp 2014-07-09 02:12 - 2014-07-09 02:12 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-09 02:12 - 2014-07-09 02:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-09 02:12 - 2014-07-09 02:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-09 02:12 - 2014-07-09 02:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-08 21:34 - 2014-07-01 20:18 - 00000000 ____D () C:\Users\Oscar\Desktop\Spiele 2014-07-08 21:21 - 2014-07-08 21:21 - 00067420 _____ () C:\Windows\SysWOW64\CCCInstall_201407082121038232.log 2014-07-08 21:21 - 2014-07-08 21:21 - 00000000 ____D () C:\ProgramData\ATI 2014-07-08 21:21 - 2014-07-08 21:21 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-07-08 21:21 - 2013-11-04 20:41 - 00000000 ____D () C:\ProgramData\AMD 2014-07-08 21:21 - 2013-11-04 20:41 - 00000000 ____D () C:\Program Files\AMD 2014-07-08 21:21 - 2013-11-04 20:41 - 00000000 ____D () C:\Program Files (x86)\AMD 2014-07-08 21:20 - 2014-07-08 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-07-08 21:20 - 2014-07-08 21:20 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2014-07-08 21:20 - 2014-07-08 21:19 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-07-08 21:15 - 2014-07-08 21:15 - 00061236 _____ () C:\Windows\SysWOW64\CCCInstall_201407082115355834.log 2014-07-08 21:10 - 2009-07-14 06:45 - 00323608 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-08 20:53 - 2014-07-08 20:53 - 00000000 ____D () C:\Users\Oscar\AppData\Local\CrashRpt 2014-07-08 19:42 - 2013-11-04 20:43 - 00070352 _____ () C:\Users\Oscar\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-08 19:37 - 2014-07-08 19:37 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga 2014-07-08 19:37 - 2014-07-08 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga 2014-07-08 19:37 - 2014-07-08 19:31 - 00000000 ____D () C:\Program Files (x86)\Wing Commander Saga 2014-07-08 19:30 - 2014-07-08 19:30 - 00000000 ____D () C:\Users\Oscar\Documents\Volition 2014-07-08 14:36 - 2013-11-04 21:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-08 14:33 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-08 13:27 - 2014-07-08 13:27 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-07-08 02:23 - 2014-06-20 20:15 - 00000000 ____D () C:\Games 2014-07-08 01:44 - 2013-11-04 20:39 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-07 22:47 - 2014-06-12 20:15 - 02712576 _____ () C:\Users\Oscar\AppData\Local\file__0.localstorage 2014-07-07 22:35 - 2014-07-07 22:34 - 00000000 ____D () C:\Users\Oscar\Desktop\Progs 2014-07-07 21:08 - 2013-09-18 23:57 - 00000000 ____D () C:\Users\Oscar\Desktop\NTools 2014-07-07 17:28 - 2014-07-07 16:20 - 00008704 _____ () C:\Users\Oscar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-07 16:14 - 2014-07-07 16:14 - 00000000 ____D () C:\Users\Oscar\AppData\Local\TechSmith 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\Windows\SysWOW64\QuickTime 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\Users\Oscar\Documents\Camtasia Studio 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\ProgramData\TechSmith 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2014-07-07 16:13 - 2014-07-07 16:13 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-07-07 16:13 - 2013-11-04 15:35 - 00000000 ____D () C:\Users\Oscar 2014-07-07 15:48 - 2014-06-09 11:26 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\vlc 2014-07-07 15:07 - 2014-07-07 15:07 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\MPC-HC 2014-07-07 15:06 - 2014-07-07 15:00 - 00004580 _____ () C:\Users\Oscar\AppData\Roaming\CamStudio.cfg 2014-07-07 15:06 - 2014-07-07 15:00 - 00000408 _____ () C:\Users\Oscar\AppData\Roaming\CamShapes.ini 2014-07-07 15:06 - 2014-07-07 15:00 - 00000408 _____ () C:\Users\Oscar\AppData\Roaming\CamLayout.ini 2014-07-07 15:06 - 2014-07-07 15:00 - 00000107 _____ () C:\Users\Oscar\AppData\Roaming\Camdata.ini 2014-07-07 15:05 - 2014-07-07 15:05 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.6.5 2014-07-07 15:05 - 2014-07-07 15:05 - 00000000 ____D () C:\Program Files\X Codec Pack 2014-07-07 15:05 - 2014-07-07 14:29 - 00000096 _____ () C:\Users\Oscar\AppData\Roaming\version2.xml 2014-07-07 14:58 - 2014-07-07 14:35 - 00000000 ____D () C:\Users\Oscar\Documents\My CamStudio Temp Files 2014-07-07 14:24 - 2014-07-07 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7 2014-07-07 14:24 - 2014-07-07 14:24 - 00000000 ____D () C:\Program Files\CamStudio 2.7 2014-07-06 02:41 - 2014-05-26 09:14 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Wireshark 2014-07-06 02:40 - 2014-05-02 09:50 - 00002018 ____H () C:\Users\Oscar\Documents\Default.rdp 2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Stellarium 2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\Oscar\AppData\Local\stellarium 2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium 2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Program Files\Stellarium 2014-07-05 23:30 - 2014-07-02 12:03 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-07-05 18:10 - 2014-07-05 18:10 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-07-05 17:35 - 2014-07-01 09:29 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\MAXON 2014-07-05 17:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-04 15:18 - 2013-11-30 16:43 - 00000099 _____ () C:\Users\Public\LMDebug.log 2014-07-04 14:28 - 2014-06-08 19:55 - 00000000 ____D () C:\Program Files (x86)\Razer 2014-07-04 14:18 - 2014-07-04 14:18 - 00000000 ____D () C:\ProgramData\Razer 2014-07-02 18:43 - 2014-06-13 20:44 - 00000000 ____D () C:\Users\Oscar\Desktop\Benchmarks 2014-07-02 17:54 - 2014-07-02 17:54 - 00003825 _____ () C:\Users\Oscar\Desktop\myProfile.xml 2014-07-02 11:54 - 2014-07-02 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu 2014-07-02 11:54 - 2014-07-02 11:54 - 00000000 ____D () C:\Program Files (x86)\WinCDEmu 2014-07-01 19:57 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-30 10:27 - 2014-06-30 10:27 - 00000000 ____D () C:\Users\Oscar\AppData\Local\4kdownload.com 2014-06-30 10:18 - 2014-06-30 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download 2014-06-30 10:18 - 2014-06-30 10:18 - 00000000 ____D () C:\Program Files (x86)\4KDownload 2014-06-29 21:24 - 2014-06-29 21:24 - 00062096 _____ () C:\Windows\SysWOW64\CCCInstall_201406292124177880.log 2014-06-29 21:19 - 2013-11-04 20:38 - 00000000 ____D () C:\AMD 2014-06-29 20:49 - 2014-06-29 20:49 - 00001468 _____ () C:\Users\Oscar\AppData\Local\recently-used.xbel 2014-06-29 20:49 - 2013-11-15 21:17 - 00000000 ____D () C:\Users\Oscar\AppData\Local\gtk-2.0 2014-06-29 20:49 - 2013-11-14 22:27 - 00000000 ____D () C:\Users\Oscar\.gimp-2.8 2014-06-28 01:31 - 2013-11-14 22:02 - 00000000 ____D () C:\Users\Oscar\Documents\Fax 2014-06-28 00:56 - 2014-03-19 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-28 00:56 - 2013-11-07 23:01 - 00002104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-06-28 00:56 - 2013-11-07 23:01 - 00000000 ____D () C:\Users\Oscar\AppData\Local\Thunderbird 2014-06-26 12:01 - 2014-06-26 12:01 - 00001367 _____ () C:\Users\Oscar\Desktop\Remote Desktop Connection.lnk 2014-06-24 18:40 - 2013-11-04 22:58 - 00000000 ____D () C:\Users\Oscar\Documents\My Games 2014-06-21 04:57 - 2014-06-21 04:57 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe 2014-06-21 04:57 - 2014-06-21 04:57 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe 2014-06-21 04:57 - 2014-06-21 04:57 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe 2014-06-21 04:57 - 2014-06-21 04:57 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe 2014-06-21 03:46 - 2014-06-21 03:46 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat 2014-06-21 03:46 - 2014-06-21 03:46 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat 2014-06-21 03:46 - 2014-06-21 03:46 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat 2014-06-21 03:46 - 2014-06-21 03:46 - 00157144 _____ () C:\Windows\system32\ativvsva.dat 2014-06-20 20:21 - 2014-06-20 20:21 - 00000000 ____D () C:\Users\Oscar\AppData\Local\My Games 2014-06-20 18:20 - 2013-12-01 17:11 - 00000000 ____D () C:\Users\Oscar\AppData\Local\Downloaded Installations 2014-06-20 18:20 - 2013-11-04 22:16 - 00007602 _____ () C:\Users\Oscar\AppData\Local\resmon.resmoncfg 2014-06-20 18:04 - 2014-06-20 18:04 - 00000000 ____D () C:\TrueCrypt 2014-06-19 01:17 - 2014-06-19 01:17 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2014-06-19 01:17 - 2014-06-19 01:17 - 00000000 ____D () C:\Program Files (x86)\GPU-Z 2014-06-19 01:16 - 2014-06-19 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D 2014-06-19 01:16 - 2014-06-19 01:16 - 00000000 ____D () C:\Program Files (x86)\Geeks3D 2014-06-18 23:52 - 2013-11-14 22:29 - 00000000 ____D () C:\Users\Oscar\AppData\Local\FreePDF_XP 2014-06-18 05:32 - 2013-11-04 16:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-18 05:31 - 2013-11-04 16:15 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-18 05:30 - 2014-06-08 19:56 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-13 20:59 - 2014-06-13 20:51 - 00000000 ____D () C:\Users\Oscar\Unigine Tropics 2014-06-13 20:43 - 2014-06-12 23:41 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unigine 2014-06-13 20:43 - 2014-06-12 20:13 - 00000000 ____D () C:\Program Files (x86)\Unigine 2014-06-13 02:13 - 2014-06-13 01:37 - 00000000 ____D () C:\Users\Oscar\Valley 2014-06-13 01:36 - 2014-06-12 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine 2014-06-12 23:45 - 2014-06-12 23:42 - 00000000 ____D () C:\Users\Oscar\Unigine Sanctuary 2014-06-12 23:22 - 2014-06-12 20:15 - 00000000 ____D () C:\Users\Oscar\Heaven 2014-06-12 23:11 - 2014-06-12 23:11 - 00000000 ____D () C:\Program Files\Unigine 2014-06-11 08:40 - 2014-06-07 03:46 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm 2014-06-11 08:40 - 2014-06-07 03:46 - 00001080 _____ () C:\Windows\system32\settings.sfm 2014-06-09 14:20 - 2009-07-14 04:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140620-180734.backup 2014-06-09 13:44 - 2014-06-09 13:43 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Audacity 2014-06-09 13:43 - 2014-06-09 13:43 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2014-06-09 13:43 - 2014-06-09 13:43 - 00000000 ____D () C:\Program Files (x86)\Audacity 2014-06-09 13:34 - 2014-06-09 13:34 - 00001905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-06-09 13:34 - 2014-06-09 13:34 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Canneverbe Limited 2014-06-09 13:34 - 2014-06-09 13:34 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-06-09 12:15 - 2014-06-09 12:13 - 00000000 ____D () C:\Users\Oscar\Documents\3DMark 11 2014-06-09 12:11 - 2013-12-01 17:03 - 00000000 ____D () C:\Program Files (x86)\Futuremark 2014-06-09 12:06 - 2014-06-09 12:06 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\FreePDF 2014-06-09 12:06 - 2013-11-04 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript 2014-06-09 12:06 - 2013-11-04 21:35 - 00000000 ____D () C:\Program Files\gs 2014-06-09 12:06 - 2013-11-04 21:35 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP 2014-06-09 11:25 - 2014-06-09 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-06-09 11:25 - 2014-06-09 11:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-06-09 11:25 - 2013-11-04 21:49 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale de-DE inherit {globalsettings} default {current} resumeobject {c080960e-4554-11e3-a7c4-bd4f2143f171} displayorder {current} toolsdisplayorder {memdiag} timeout 8 Windows-Startladeprogramm ------------------------- Bezeichner {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {c0809610-4554-11e3-a7c4-bd4f2143f171} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {c080960e-4554-11e3-a7c4-bd4f2143f171} nx OptIn sos Yes Windows-Startladeprogramm ------------------------- Bezeichner {c0809610-4554-11e3-a7c4-bd4f2143f171} device ramdisk=[C:]\Recovery\c0809610-4554-11e3-a7c4-bd4f2143f171\Winre.wim,{c0809611-4554-11e3-a7c4-bd4f2143f171} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\c0809610-4554-11e3-a7c4-bd4f2143f171\Winre.wim,{c0809611-4554-11e3-a7c4-bd4f2143f171} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {c080960e-4554-11e3-a7c4-bd4f2143f171} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {c0809611-4554-11e3-a7c4-bd4f2143f171} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\c0809610-4554-11e3-a7c4-bd4f2143f171\boot.sdi LastRegBack: 2014-01-31 06:38 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014 Ran by Oscar at 2014-07-09 18:54:53 Running from C:\Users\Oscar\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation) 4K Video Downloader 3.3 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.3.1.1350 - Open Media LLC) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated) AGEIA PhysX v7.09.13 (HKLM-x32\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.) AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.) AMD Steady Video Plug-In (Version: 2.07.0000 - AMD) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.31744 - BitTorrent Inc.) CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source) Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP) CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited) Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version: - Creative Technology Limited) Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited) Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited) Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Emsisoft HiJackFree 4.5 (HKLM-x32\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsisoft GmbH) Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation) Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D) GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.) Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.) Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.) Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version: - Samsung Electronics Co., Ltd.) Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Ultra Fractal 5.04 (HKLM-x32\...\Ultra Fractal 5.04) (Version: - ) Unigine Sanctuary Demo v2.3 (HKLM-x32\...\{A76A2E24-6590-44B4-8126-FAB1A7993A64}) (Version: 1.0 - Unigine Corp.) Unigine Tropics Demo v1.3 (HKLM-x32\...\{B8ADCDE1-DAE3-4158-8617-BB44FA414A4F}) (Version: 1.3 - Unigine Corp.) Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis) Wing Commander Saga 1.0.2.7795 (HKLM\...\{F6FD24B4-34A3-4635-8ECD-7B5C791EAE5F}) (Version: 1.0.2.7795 - Wing Commander Saga Team) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) Wireshark 1.10.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.7 - The Wireshark developer community, hxxp://www.wireshark.org) X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.6.5 - X Codec Pack team) xp-AntiSpy 3.98-2 (HKLM-x32\...\xp-AntiSpy) (Version: - Christian Taubenheim) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-06-20 18:07 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {3C534374-1D3E-475D-8CFF-C59A8D592E3A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) ==================== Loaded Modules (whitelisted) ============= 2013-11-04 21:35 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2011-04-14 03:41 - 2011-04-14 03:41 - 00034304 _____ () C:\Windows\System32\ssb3ml6.dll 2014-04-17 22:29 - 2014-04-17 22:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2014-04-17 22:29 - 2014-04-17 22:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-04-22 18:45 - 2014-04-22 18:45 - 00077312 _____ () C:\Program Files\Wireshark\zlib1.dll 2013-03-08 02:38 - 2013-03-08 02:38 - 00186259 _____ () C:\Program Files\Wireshark\libcares-2.dll 2011-04-05 00:23 - 2011-04-05 00:23 - 00465141 _____ () C:\Program Files\Wireshark\libgcrypt-11.dll 2012-03-26 20:35 - 2012-03-26 20:35 - 00062779 _____ () C:\Program Files\Wireshark\libgpg-error-0.dll 2012-03-26 20:35 - 2012-03-26 20:35 - 00682224 _____ () C:\Program Files\Wireshark\libgnutls-26.dll 2012-03-26 20:35 - 2012-03-26 20:35 - 00093493 _____ () C:\Program Files\Wireshark\libtasn1-3.dll 2011-06-27 21:50 - 2011-06-27 21:50 - 00731675 _____ () C:\Program Files\Wireshark\libsmi-2.dll 2012-05-31 00:19 - 2012-05-31 00:19 - 00360823 _____ () C:\Program Files\Wireshark\libGeoIP-1.dll 2010-06-04 19:03 - 2010-06-04 19:03 - 00213504 _____ () C:\Program Files\Wireshark\lua5.1.dll 2012-10-28 22:15 - 2012-10-28 22:15 - 00651810 _____ () C:\Program Files\Wireshark\libcairo-2.dll 2012-09-19 16:31 - 2012-09-19 16:31 - 00253509 _____ () C:\Program Files\Wireshark\libfontconfig-1.dll 2012-09-19 16:04 - 2012-09-19 16:04 - 00513542 _____ () C:\Program Files\Wireshark\libfreetype-6.dll 2012-09-19 16:01 - 2012-09-19 16:01 - 01234645 _____ () C:\Program Files\Wireshark\libxml2-2.dll 2012-09-19 16:16 - 2012-09-19 16:16 - 00541416 _____ () C:\Program Files\Wireshark\libpixman-1-0.dll 2012-09-19 15:44 - 2012-09-19 15:44 - 00184328 _____ () C:\Program Files\Wireshark\libpng15-15.dll 2012-09-19 15:41 - 2012-09-19 15:41 - 00053591 _____ () C:\Program Files\Wireshark\libffi-5.dll 2012-09-19 19:09 - 2012-09-19 19:09 - 00303144 _____ () C:\Program Files\Wireshark\libjasper-1.dll 2012-09-19 16:55 - 2012-09-19 16:55 - 00235998 _____ () C:\Program Files\Wireshark\libjpeg-8.dll 2012-09-19 19:28 - 2012-09-19 19:28 - 00453253 _____ () C:\Program Files\Wireshark\libtiff-5.dll 2012-12-12 22:40 - 2012-12-12 22:40 - 00093906 _____ () C:\Program Files\Wireshark\lib\gtk-2.0\2.10.0\engines\libwimp.dll 2013-12-11 23:10 - 2014-04-16 01:29 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: MtdAcqu => "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (07/09/2014 05:28:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (07/09/2014 04:30:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-07-07 21:06:40.277 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Oscar\Desktop\NTools\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-07-07 21:06:40.199 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Oscar\Desktop\NTools\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-06-28 02:00:16.428 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Oscar\Desktop\NTools\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-06-28 02:00:16.319 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Oscar\Desktop\NTools\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-31 01:20:13.359 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Users\Oscar\Desktop\NTools\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-31 01:20:13.195 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Users\Oscar\Desktop\NTools\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-06 00:05:15.643 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Users\Oscar\Desktop\NTools\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-06 00:05:15.549 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Users\Oscar\Desktop\NTools\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 8152.7 MB Available physical RAM: 6374.93 MB Total Pagefile: 16342.88 MB Available Pagefile: 14341.73 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:111.69 GB) (Free:25.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 112 GB) (Disk ID: 000CFAEE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CCFC1338) Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: DF4ACB58) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Malwarebytes Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2014/07/09 17:33:33 +0200</date> <logfile>mbam-log-2014-07-09 (17-33-11).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.00.2.1012</version> <malware-database>v2014.07.09.05</malware-database> <rootkit-database>v2014.07.07.01</rootkit-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>Oscar</username> <filesys>NTFS</filesys> </system> <summary> <type>custom</type> <result>completed</result> <objects>423306</objects> <time>2207</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>0</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>enabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> </items> </mbam-log> Danke fürs Lesen Geändert von Aluhut (09.07.2014 um 19:25 Uhr) |
10.07.2014, 07:08 | #2 |
/// the machine /// TB-Ausbilder | Dauerhafter Fehler im Log "Abbildintegrität mit Hinweis auf beschädigte / schädigende Datei" Hi,
__________________Checkdisk schon laufen lassen?
__________________ |
10.07.2014, 10:55 | #3 | |
| Dauerhafter Fehler im Log "Abbildintegrität mit Hinweis auf beschädigte / schädigende Datei" Hallo Schrauber,
__________________ja chkdsk hatte ich vor einigen Monaten diesbezüglich laufen lassen, war aber eher unauffällig. Habe es nun nochmals ausgeführt "chkdsk C: /F" Ein paar Probleme hat er tatsächlich gefunden, allerdings demnach nichts Ernstes was auf einen Hardwaredefekt der SSD schließen lässt oder Ähnliches. Ich habe das System vor kurzer Zeit auch erneuert, also neues Mainboard, CPU, Netzteil, der Fehler hat sich jedoch fortgezogen. Was mir noch aufgefallen ist, dass wenn lange große Datenmengen auf die SSD geschrieben werden, nach gewisser Zeit ein sogenannter Hänger erscheint und die zuständige Anwendung nicht reagiert, z.B. beim Entpacken von großen Dateien. Allerdings stürzt das System nie ab, es hängt dann etwa 10 - 20 Sekunden und danach läuft der Datenstrom weiter. Könnte natürlich auch an der Verschlüsselung liegen, da diese die SSD ausbremst, war zumindest mein erster Gedanke. Ich hatte aber auch schon die Vermutung, dass das irgendwas mit dem hier aufgezeigten Fehler zu tun haben könnte, aber so wirklich bestätigt wird es leider nicht. Hier mal das aktuelle Resultat zu chkdsk: Zitat:
|
11.07.2014, 08:23 | #4 |
/// the machine /// TB-Ausbilder | Dauerhafter Fehler im Log "Abbildintegrität mit Hinweis auf beschädigte / schädigende Datei" ich glaube die SSD hat nen Knacks.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.07.2014, 14:54 | #5 |
| Dauerhafter Fehler im Log "Abbildintegrität mit Hinweis auf beschädigte / schädigende Datei" Hallo Schrauber, dann werde ich das gute Stück wohl vorsichtshalber zeitnah ersetzen gegen eine 256 GB - Variante. Die SSD hat ja auch schon einiges durchgemacht. Vielen Dank auf jeden Fall für deine Unterstützung zur Ursachenfindung. Grüße Aluhut |
12.07.2014, 07:47 | #6 |
/// the machine /// TB-Ausbilder | Dauerhafter Fehler im Log "Abbildintegrität mit Hinweis auf beschädigte / schädigende Datei" Gern Geschehen
__________________ --> Dauerhafter Fehler im Log "Abbildintegrität mit Hinweis auf beschädigte / schädigende Datei" |
Themen zu Dauerhafter Fehler im Log "Abbildintegrität mit Hinweis auf beschädigte / schädigende Datei" |
bho, bootmgr, branding, browser, cpu-z, defender, desktop, downloader, fehler, flash player, helper, hijack, hijackthis, hkus\s-1-5-18, home, homepage, installation, internet, internet explorer, logfile, mozilla, newtab, preferences, problem, realtek, registrierungsdatenbank, registry, security, services.exe, svchost.exe, system, windows |