|
Plagegeister aller Art und deren Bekämpfung: bprotector.E verursacht bluescreenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.12.2013, 09:02 | #1 |
| bprotector.E verursacht bluescreen bprotector.E verursacht bluescreen ich kann die gefundene maleware nicht in quarantäne verschieben ohne einen bluescreen zu erfahren. ich habe eine systemwiederherstellung gemacht doch der virus bleibt bitte um hilfe lg |
03.12.2013, 09:05 | #2 |
/// the machine /// TB-Ausbilder | bprotector.E verursacht bluescreen Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
03.12.2013, 09:52 | #3 |
| frst FRST Logfile:
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 Ran by Master (administrator) on MASTER-PC on 03-12-2013 08:47:03 Running from C:\Users\Master\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (cake bake) C:\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Windows\DAODx.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Bake Cake) C:\Users\Master\AppData\Roaming\Betcat\WebCakeDesktop.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Blabbers Communications LTD) C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe () C:\Program Files (x86)\Opera\18.0.1284.49\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation) HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-09-30] (AMD) HKCU\...\Run: [WebCake Desktop] - C:\Users\Master\AppData\Roaming\Betcat\WebCakeDesktop.exe [52504 2013-08-11] (Bake Cake) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) MountPoints2: E - E:\.\Bin\ASSETUP.exe MountPoints2: {44f55e4c-8bb8-11e1-9cfa-806e6f6e6963} - F:\Autorun.exe HKLM-x32\...\Run: [Browser companion helper] - C:\Program Files (x86)\BrowserCompanion\BCHelper.exe [182576 2011-11-29] (Blabbers Communications LTD) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) AppInit_DLLs: C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=1380237698 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1DF4CFAC0317CB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=1380237698 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.yd.delta-search.com/?babsrc=HP_ss&mntrId=12C05404A640D669&affID=119357&tt=040713_rdrctful&tsp=4934 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=1380237698 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=1380237698 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=1380237698 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=1380237698 URLSearchHook: HKLM-x32 - Productivity 2 Toolbar - {795828a9-f271-43a8-8536-4484bb991d3d} - C:\Program Files (x86)\Productivity_2\prxtbPro2.dll (Conduit Ltd.) URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.) URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File URLSearchHook: HKCU - Productivity 2 Toolbar - {795828a9-f271-43a8-8536-4484bb991d3d} - C:\Program Files (x86)\Productivity_2\prxtbPro2.dll (Conduit Ltd.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=1372515296 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=4259906 SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=4259906 SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=4259906 SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=4259906 SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2903595 SearchScopes: HKCU - DefaultScope {B0FF12A2-3F94-46A8-AD96-8A5D18E2729B} URL = hxxp://avira.search.ask.com/web?p2=%5EB0Q%5EYYYYYY%5EYY%5EDE&gct=sb&itbv=12.2.2.663&o=APN11074&tpid=AVIRA-V7&apn_uid=98F7B41C-B710-4C1C-9287-7621970190C3&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_dbr=launcher.exe_0_15.0.1147.153&doi=2013-08-08&trgb=ALL&q={searchTerms}&psv= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=111789&tt=100512_3_&babsrc=SP_ss&mntrId=12c09b810000000000005404a640d669 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=ST3500418AS_5VM0VG3CXXXX5VM0VG3C&ts=1380207462&type=default&q={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2903595 SearchScopes: HKCU - {B0FF12A2-3F94-46A8-AD96-8A5D18E2729B} URL = hxxp://avira.search.ask.com/web?p2=%5EB0Q%5EYYYYYY%5EYY%5EDE&gct=sb&itbv=12.2.2.663&o=APN11074&tpid=AVIRA-V7&apn_uid=98F7B41C-B710-4C1C-9287-7621970190C3&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_dbr=launcher.exe_0_15.0.1147.153&doi=2013-08-08&trgb=ALL&q={searchTerms}&psv= BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Browser Companion Helper - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\Betcat\WebCakeIEClient.dll (Bake-Cake) BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Productivity 2 Toolbar - {795828a9-f271-43a8-8536-4484bb991d3d} - C:\Program Files (x86)\Productivity_2\prxtbPro2.dll (Conduit Ltd.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Browser Companion Helper Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - Productivity 2 Toolbar - {795828a9-f271-43a8-8536-4484bb991d3d} - C:\Program Files (x86)\Productivity_2\prxtbPro2.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKCU - No Name - {795828A9-F271-43A8-8536-4484BB991D3D} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) Handler-x32: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) Handler-x32: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKCU\...\Firefox\Extensions: [superlrcs@svenyor.net] - C:\Program Files (x86)\SuperLyrics\FF\ FF Extension: SuperLyrics - C:\Program Files (x86)\SuperLyrics\FF\ ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.) R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] () S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\InstallerService.exe [125288 2013-07-05] () R2 NitroReaderDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [341296 2011-01-14] (Nitro PDF Software) R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe [123320 2013-09-21] (Symantec Corporation) R2 omigaplussvc; C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe [424104 2013-06-29] (Taiwan Shui Mu Chih Ching Technology Limited.) R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [126392 2011-11-07] (Symantec Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-15] () R2 WebCake Desktop Updater; C:\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe [51992 2013-08-15] (cake bake) R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-06-29] (Taiwan Shui Mu Chih Ching Technology Limited.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 ALSysIO; \??\C:\Users\Master\AppData\Local\Temp\ALSysIO64.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-03 08:47 - 2013-12-03 08:47 - 00021398 _____ C:\Users\Master\Desktop\FRST.txt 2013-12-03 08:47 - 2013-12-03 08:47 - 00000000 ____D C:\FRST 2013-12-03 08:46 - 2013-12-03 08:46 - 01959434 _____ (Farbar) C:\Users\Master\Desktop\FRST64.exe 2013-12-03 08:42 - 2013-12-03 08:42 - 184750988 _____ C:\Users\Master\Desktop\EmsisoftAntiMalwareSetup_8.1.0.19.exe.opdownload 2013-12-03 08:23 - 2013-12-03 08:23 - 00275712 _____ C:\Windows\Minidump\120313-18829-01.dmp 2013-11-27 15:28 - 2013-11-27 15:28 - 00275712 _____ C:\Windows\Minidump\112713-14539-01.dmp 2013-11-21 23:39 - 2013-11-21 23:39 - 00000000 ____D C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-11-06 19:31 - 2013-11-06 19:31 - 00275712 _____ C:\Windows\Minidump\110613-15506-01.dmp 2013-11-03 20:15 - 2013-11-03 20:15 - 00275712 _____ C:\Windows\Minidump\110313-28470-01.dmp ==================== One Month Modified Files and Folders ======= 2013-12-03 08:47 - 2013-12-03 08:47 - 00021398 _____ C:\Users\Master\Desktop\FRST.txt 2013-12-03 08:47 - 2013-12-03 08:47 - 00000000 ____D C:\FRST 2013-12-03 08:46 - 2013-12-03 08:46 - 01959434 _____ (Farbar) C:\Users\Master\Desktop\FRST64.exe 2013-12-03 08:43 - 2013-07-17 15:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-03 08:43 - 2009-07-14 06:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-03 08:42 - 2013-12-03 08:42 - 184750988 _____ C:\Users\Master\Desktop\EmsisoftAntiMalwareSetup_8.1.0.19.exe.opdownload 2013-12-03 08:42 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-03 08:42 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-03 08:41 - 2010-06-28 20:03 - 01311472 _____ C:\Windows\WindowsUpdate.log 2013-12-03 08:40 - 2013-06-29 15:20 - 00000000 ____D C:\Program Files (x86)\WinZipper 2013-12-03 08:40 - 2013-06-29 15:20 - 00000000 ____D C:\Program Files (x86)\Omiga Plus 2013-12-03 08:39 - 2010-11-14 22:27 - 00000000 ____D C:\Program Files (x86)\Steam 2013-12-03 08:38 - 2013-08-11 19:54 - 00000000 ____D C:\Users\Master\AppData\Roaming\Betcat 2013-12-03 08:38 - 2013-07-05 12:53 - 00000408 _____ C:\Windows\Tasks\SuperLyrics Update.job 2013-12-03 08:37 - 2013-10-25 11:24 - 00017930 _____ C:\Windows\setupact.log 2013-12-03 08:37 - 2012-04-20 19:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-03 08:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-03 08:35 - 2012-05-06 16:48 - 00000000 ____D C:\Users\Master\Downloads\Monthy Python - Always look at the BRIGHT side of life on Vimeo_files 2013-12-03 08:35 - 2011-05-18 02:21 - 00000000 ____D C:\Users\Master\Desktop\mist 2013-12-03 08:35 - 2011-04-04 12:18 - 00000000 ____D C:\Users\Master\Downloads\flashplayer 2013-12-03 08:27 - 2012-02-08 19:17 - 00000000 ____D C:\Users\Master\Downloads\Manuals 2013-12-03 08:27 - 2010-10-04 21:07 - 00000000 ____D C:\Users\Master\Downloads\deagle_skin_11 2013-12-03 08:27 - 2010-07-01 11:29 - 00000000 ____D C:\Users\Master\Downloads\SVP1.5BETA_v.2 (2) 2013-12-03 08:26 - 2011-10-07 00:05 - 00000000 ____D C:\Users\Master\Documents\DVDVideoSoft 2013-12-03 08:23 - 2013-12-03 08:23 - 00275712 _____ C:\Windows\Minidump\120313-18829-01.dmp 2013-12-03 08:23 - 2013-10-28 13:33 - 346580358 _____ C:\Windows\MEMORY.DMP 2013-12-03 08:23 - 2010-12-01 18:47 - 00000000 ____D C:\Windows\Minidump 2013-12-03 08:22 - 2012-01-12 02:00 - 00000000 ____D C:\Users\Master\AppData\Local\PMB Files 2013-12-03 08:22 - 2009-07-14 06:08 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-03 08:17 - 2012-04-20 19:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-03 08:16 - 2013-07-05 12:53 - 00000290 _____ C:\Windows\Tasks\DSite.job 2013-12-03 02:10 - 2012-01-12 02:00 - 00000000 ____D C:\ProgramData\PMB Files 2013-12-03 01:53 - 2013-07-26 23:53 - 00000108 _____ C:\Users\Master\AppData\Roaming\WB.CFG 2013-12-03 01:53 - 2013-07-05 13:53 - 00000006 _____ C:\Users\Master\AppData\Roaming\WBPU-TTL.DAT 2013-12-02 23:08 - 2010-06-28 20:00 - 00000000 ____D C:\Users\Master 2013-12-02 23:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-12-01 19:00 - 2010-07-18 21:09 - 00000000 ____D C:\Users\Master\AppData\Roaming\TS3Client 2013-11-29 22:33 - 2010-12-04 19:57 - 00000000 ____D C:\Users\Master\AppData\Roaming\Skype 2013-11-27 15:28 - 2013-11-27 15:28 - 00275712 _____ C:\Windows\Minidump\112713-14539-01.dmp 2013-11-22 21:48 - 2013-10-28 13:33 - 00019162 _____ C:\Windows\PFRO.log 2013-11-22 13:53 - 2013-06-29 15:15 - 00000000 ____D C:\ProgramData\eSafe 2013-11-22 11:44 - 2013-09-13 23:25 - 00000000 ____D C:\ProgramData\BitGuard 2013-11-21 23:39 - 2013-11-21 23:39 - 00000000 ____D C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-11-19 14:54 - 2013-07-16 21:32 - 00000000 ____D C:\Program Files (x86)\Opera 2013-11-19 00:23 - 2012-04-29 21:55 - 00000000 ____D C:\Users\Master\AppData\Local\CrashDumps 2013-11-14 23:14 - 2010-12-04 19:57 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-11-14 23:14 - 2010-12-04 19:57 - 00000000 ____D C:\ProgramData\Skype 2013-11-14 12:02 - 2013-08-08 20:03 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-14 12:02 - 2013-08-08 20:03 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-11-12 00:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-11-10 21:05 - 2013-10-06 16:19 - 00000000 ____D C:\Users\Master\AppData\Roaming\Audacity 2013-11-09 00:09 - 2009-01-01 00:16 - 00000000 ____D C:\Program Files (x86)\Origin 2013-11-06 19:31 - 2013-11-06 19:31 - 00275712 _____ C:\Windows\Minidump\110613-15506-01.dmp 2013-11-03 20:15 - 2013-11-03 20:15 - 00275712 _____ C:\Windows\Minidump\110313-28470-01.dmp Some content of TEMP: ==================== C:\Users\Master\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-22 12:14 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 Ran by Master at 2013-12-03 08:47:33 Running from C:\Users\Master\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Alien Swarm - SDK (x32) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD APP SDK Runtime (Version: 10.0.938.2) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2013.0328.2218.38225) AMD Media Foundation Decoders (Version: 1.0.80328.2204) AMD Steady Video Plug-In (Version: 2.04.0000) AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225) Apple Application Support (x32 Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (x32 Version: 2.1.3.127) Application Profiles (x32 Version: 2.0.3979.35454) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.10.0.0) ATI AVIVO64 Codecs (Version: 11.6.0.50930) ATI Problem Report Wizard (Version: 3.0.795.0) Audacity 2.0.4 (x32 Version: 2.0.4) Avira Free Antivirus (x32 Version: 14.0.1.749) Avira SearchFree Toolbar (x32 Version: 12.6.0.1900) Babylon toolbar on IE (x32) BabylonObjectInstaller (x32 Version: 1.0.0.0) Battlefield 2(TM) (x32) Battlefield 3™ (x32 Version: 1.6.0.0) BitGuard (x32) Bonjour (Version: 3.0.0.10) BrowserCompanion (x32) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (x32 Version: 2012.0214.2218.39913) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225) CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225) CCC Help Czech (x32 Version: 2013.0328.2217.38225) CCC Help Danish (x32 Version: 2013.0328.2217.38225) CCC Help Dutch (x32 Version: 2013.0328.2217.38225) CCC Help English (x32 Version: 2013.0328.2217.38225) CCC Help Finnish (x32 Version: 2013.0328.2217.38225) CCC Help French (x32 Version: 2013.0328.2217.38225) CCC Help German (x32 Version: 2013.0328.2217.38225) CCC Help Greek (x32 Version: 2013.0328.2217.38225) CCC Help Hungarian (x32 Version: 2013.0328.2217.38225) CCC Help Italian (x32 Version: 2013.0328.2217.38225) CCC Help Japanese (x32 Version: 2013.0328.2217.38225) CCC Help Korean (x32 Version: 2013.0328.2217.38225) CCC Help Norwegian (x32 Version: 2013.0328.2217.38225) CCC Help Polish (x32 Version: 2013.0328.2217.38225) CCC Help Portuguese (x32 Version: 2013.0328.2217.38225) CCC Help Russian (x32 Version: 2013.0328.2217.38225) CCC Help Spanish (x32 Version: 2013.0328.2217.38225) CCC Help Swedish (x32 Version: 2013.0328.2217.38225) CCC Help Thai (x32 Version: 2013.0328.2217.38225) CCC Help Turkish (x32 Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) CCleaner (Version: 3.22) Core Temp version 0.99.7 (Version: 0.99.7) Counter-Strike: Global Offensive (x32) Counter-Strike: Source (x32) Day of Defeat: Source (x32) DivX-Setup (x32 Version: 2.6.1.8) ESN Sonar (x32 Version: 0.70.4) FL Studio 10 (x32) Free YouTube to MP3 Converter version 3.10.11.923 (x32) Google Update Helper (x32 Version: 1.3.21.57) Graffiti Studio 2.0 (x32) HydraVision (x32 Version: 4.2.180.0) IL Download Manager (x32) iTunes (Version: 11.1.1.11) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) League of Legends (x32 Version: 1.02.0000) Malwarebytes' Anti-Malware (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1) Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1) MSVC80_x64_v2 (Version: 1.0.3.0) MSVC80_x86_v2 (x32 Version: 1.0.3.0) MSVC90_x64 (Version: 1.0.1.2) MSVC90_x86 (x32 Version: 1.0.1.2) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Natural Selection 2 (x32) Nitro PDF Reader (Version: 1.4.0.11) Norton PC Checkup (x32 Version: 2.0.17.20) Omiga Plus (x32 Version: 1.6.6) Opera Stable 18.0.1284.49 (x32 Version: 18.0.1284.49) Origin (x32 Version: 8.5.0.4554) PC Connectivity Solution (x32 Version: 12.0.109.0) Productivity 2 Toolbar (x32 Version: 6.3.0.26) PunkBuster Services (x32 Version: 0.991) Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251) Rockstar Games Social Club (x32 Version: 1.00.0000) Serious Sam 3: BFE (x32) Skype Toolbars (x32 Version: 5.0.4126) Skype™ 6.10 (x32 Version: 6.10.104) Source SDK (x32) Steam (x32 Version: 1.0.0.0) SuperLyrics (x32) TeamSpeak 2 RC2 (x32 Version: 2.0.32.60) TeamSpeak 3 Client (HKCU Version: 3.0.11.1) TeamSpeak 3 Client (x32) TeamViewer 5 (x32 Version: 5.0.8703 ) TrackMania Nations Forever (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Zip Opener (HKCU) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) WebCake 3.00 (Version: 3.00) Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) WinRAR WinZipper (x32 Version: 1.4.8) ==================== Restore Points ========================= 17-11-2013 18:00:15 Windows Backup 22-11-2013 20:46:57 Removed Apple Application Support 24-11-2013 18:00:22 Windows Backup 01-12-2013 18:00:19 Windows Backup 02-12-2013 22:06:01 Restore Operation ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0BF985B4-5EC3-423A-878C-BB6514FA9B30} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd) Task: {13EECE60-5D33-487B-919B-218A82E03EBE} - System32\Tasks\{0EF9EC89-B610-4B6F-9DCC-B799D5FCC106} => C:\Riot Games\League of Legends\lol.launcher.exe [2011-04-28] () Task: {176DB1FE-6758-4EDD-AB7A-2051A8A89FEB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3985E9DE-2C9C-44E2-9C25-3AD4295A6FF2} - System32\Tasks\SuperLyrics Update => C:\Program Files (x86)\SuperLyrics\SuperLyricsUpdater.exe [2013-06-11] (Sven & Yorgen) Task: {3C95A8D2-F8EF-41DE-8CFB-15F086A3C6FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.) Task: {3F8FEAF5-0E70-45FA-98D1-7931AAFD1798} - System32\Tasks\{473A109B-30BF-402C-B9D0-349645C01542} => C:\Riot Games\League of Legends\lol.launcher.exe [2011-04-28] () Task: {4D3C9AC1-6D14-4145-A1AC-5BD7F33C6338} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe Task: {A550CBE9-4E5B-46B9-A5A0-A9F450523EAE} - System32\Tasks\DSite => C:\Users\Master\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-07-05] () Task: {AAD3DCD4-6B9F-4BCE-B221-209B35769857} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] () Task: {C56CBBAD-3261-4A27-81FE-DBDA9A635BC8} - System32\Tasks\{B96B7E74-B88D-4C11-B358-EC82FE7DE2CA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-10-21] (Skype Technologies S.A.) Task: {D1D4904C-218A-4C1C-A3D4-A62768798C20} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe [2013-06-29] (Taiwan Shui Mu Chih Ching Technology Limited.) Task: {D32CD963-68CA-45E3-88A0-92B1600A8F79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: {E7640390-59A3-45EF-8274-457122455688} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DSite.job => C:\Users\Master\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SuperLyrics Update.job => C:\Program Files (x86)\SuperLyrics\SuperLyricsUpdater.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-21 23:39 - 2013-11-18 15:32 - 01958880 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll 2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-06-29 15:20 - 2013-06-29 15:20 - 00612520 _____ () C:\Program Files (x86)\Omiga Plus\sqlite3.dll 2013-06-29 15:20 - 2013-06-29 15:20 - 00612520 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll 2013-08-08 20:03 - 2013-08-07 22:21 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-08-07 12:54 - 2011-08-07 12:54 - 00362029 _____ () C:\Program Files (x86)\BrowserCompanion\sqlite3.dll 2013-11-19 14:54 - 2013-11-15 15:23 - 00886624 _____ () C:\Program Files (x86)\Opera\18.0.1284.49\libglesv2.dll 2013-11-19 14:54 - 2013-11-15 15:23 - 00108896 _____ () C:\Program Files (x86)\Opera\18.0.1284.49\libegl.dll 2013-11-19 14:54 - 2013-11-15 15:23 - 00879968 _____ () C:\Program Files (x86)\Opera\18.0.1284.49\ffmpegsumo.dll 2013-10-09 12:43 - 2013-10-09 12:43 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10249 Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10249 Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9251 Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9251 Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8252 Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8252 Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:19 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7254 System errors: ============= Error: (12/03/2013 08:37:49 AM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.2 service failed to start due to the following error: %%2 Error: (12/03/2013 08:23:44 AM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.2 service failed to start due to the following error: %%2 Error: (12/03/2013 08:23:38 AM) (Source: BugCheck) (User: ) Description: 0x000000f4 (0x0000000000000003, 0xfffffa80053e5610, 0xfffffa80053e58f0, 0xfffff80003b9bf40)C:\Windows\MEMORY.DMP120313-18829-01 Error: (12/03/2013 08:23:38 AM) (Source: EventLog) (User: ) Description: The previous system shutdown at 8:21:41 AM on 12/3/2013 was unexpected. Error: (12/03/2013 08:17:20 AM) (Source: DCOM) (User: ) Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (12/02/2013 11:09:07 PM) (Source: Service Control Manager) (User: ) Description: The Avira Browser-Schutz service terminated with service-specific error %%1. Error: (12/02/2013 11:08:54 PM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.2 service failed to start due to the following error: %%2 Error: (12/02/2013 10:49:57 PM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.2 service failed to start due to the following error: %%2 Error: (12/02/2013 10:49:53 PM) (Source: BugCheck) (User: ) Description: 0x000000f4 (0x0000000000000003, 0xfffffa80053f9b30, 0xfffffa80053f9e10, 0xfffff80003b9ef40)C:\Windows\MEMORY.DMP120213-19484-01 Error: (12/02/2013 10:49:48 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 10:48:20 PM on 12/2/2013 was unexpected. Microsoft Office Sessions: ========================= Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10249 Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10249 Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9251 Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9251 Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8252 Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8252 Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:19 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7254 CodeIntegrity Errors: =================================== Date: 2011-03-31 16:09:35.790 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-03-31 16:09:35.775 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 23:44:00.898 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 23:44:00.867 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:55:33.636 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:55:33.605 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:54:20.946 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:54:20.946 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:11:12.030 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:11:11.998 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 4058.45 MB Available physical RAM: 2213.06 MB Total Pagefile: 8115.1 MB Available Pagefile: 5592.98 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:170.25 GB) (Free:34.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:295.51 GB) (Free:6.46 GB) NTFS Drive f: (GTAIV_Disk1) (CDROM) (Total:7.14 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 26752674) Partition 1: (Active) - (Size=170 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=296 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 Ran by Master at 2013-12-03 08:47:33 Running from C:\Users\Master\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Alien Swarm - SDK (x32) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD APP SDK Runtime (Version: 10.0.938.2) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2013.0328.2218.38225) AMD Media Foundation Decoders (Version: 1.0.80328.2204) AMD Steady Video Plug-In (Version: 2.04.0000) AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225) Apple Application Support (x32 Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (x32 Version: 2.1.3.127) Application Profiles (x32 Version: 2.0.3979.35454) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.10.0.0) ATI AVIVO64 Codecs (Version: 11.6.0.50930) ATI Problem Report Wizard (Version: 3.0.795.0) Audacity 2.0.4 (x32 Version: 2.0.4) Avira Free Antivirus (x32 Version: 14.0.1.749) Avira SearchFree Toolbar (x32 Version: 12.6.0.1900) Babylon toolbar on IE (x32) BabylonObjectInstaller (x32 Version: 1.0.0.0) Battlefield 2(TM) (x32) Battlefield 3™ (x32 Version: 1.6.0.0) BitGuard (x32) Bonjour (Version: 3.0.0.10) BrowserCompanion (x32) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (x32 Version: 2012.0214.2218.39913) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225) CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225) CCC Help Czech (x32 Version: 2013.0328.2217.38225) CCC Help Danish (x32 Version: 2013.0328.2217.38225) CCC Help Dutch (x32 Version: 2013.0328.2217.38225) CCC Help English (x32 Version: 2013.0328.2217.38225) CCC Help Finnish (x32 Version: 2013.0328.2217.38225) CCC Help French (x32 Version: 2013.0328.2217.38225) CCC Help German (x32 Version: 2013.0328.2217.38225) CCC Help Greek (x32 Version: 2013.0328.2217.38225) CCC Help Hungarian (x32 Version: 2013.0328.2217.38225) CCC Help Italian (x32 Version: 2013.0328.2217.38225) CCC Help Japanese (x32 Version: 2013.0328.2217.38225) CCC Help Korean (x32 Version: 2013.0328.2217.38225) CCC Help Norwegian (x32 Version: 2013.0328.2217.38225) CCC Help Polish (x32 Version: 2013.0328.2217.38225) CCC Help Portuguese (x32 Version: 2013.0328.2217.38225) CCC Help Russian (x32 Version: 2013.0328.2217.38225) CCC Help Spanish (x32 Version: 2013.0328.2217.38225) CCC Help Swedish (x32 Version: 2013.0328.2217.38225) CCC Help Thai (x32 Version: 2013.0328.2217.38225) CCC Help Turkish (x32 Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) CCleaner (Version: 3.22) Core Temp version 0.99.7 (Version: 0.99.7) Counter-Strike: Global Offensive (x32) Counter-Strike: Source (x32) Day of Defeat: Source (x32) DivX-Setup (x32 Version: 2.6.1.8) ESN Sonar (x32 Version: 0.70.4) FL Studio 10 (x32) Free YouTube to MP3 Converter version 3.10.11.923 (x32) Google Update Helper (x32 Version: 1.3.21.57) Graffiti Studio 2.0 (x32) HydraVision (x32 Version: 4.2.180.0) IL Download Manager (x32) iTunes (Version: 11.1.1.11) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) League of Legends (x32 Version: 1.02.0000) Malwarebytes' Anti-Malware (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1) Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1) MSVC80_x64_v2 (Version: 1.0.3.0) MSVC80_x86_v2 (x32 Version: 1.0.3.0) MSVC90_x64 (Version: 1.0.1.2) MSVC90_x86 (x32 Version: 1.0.1.2) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Natural Selection 2 (x32) Nitro PDF Reader (Version: 1.4.0.11) Norton PC Checkup (x32 Version: 2.0.17.20) Omiga Plus (x32 Version: 1.6.6) Opera Stable 18.0.1284.49 (x32 Version: 18.0.1284.49) Origin (x32 Version: 8.5.0.4554) PC Connectivity Solution (x32 Version: 12.0.109.0) Productivity 2 Toolbar (x32 Version: 6.3.0.26) PunkBuster Services (x32 Version: 0.991) Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251) Rockstar Games Social Club (x32 Version: 1.00.0000) Serious Sam 3: BFE (x32) Skype Toolbars (x32 Version: 5.0.4126) Skype™ 6.10 (x32 Version: 6.10.104) Source SDK (x32) Steam (x32 Version: 1.0.0.0) SuperLyrics (x32) TeamSpeak 2 RC2 (x32 Version: 2.0.32.60) TeamSpeak 3 Client (HKCU Version: 3.0.11.1) TeamSpeak 3 Client (x32) TeamViewer 5 (x32 Version: 5.0.8703 ) TrackMania Nations Forever (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Zip Opener (HKCU) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) WebCake 3.00 (Version: 3.00) Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) WinRAR WinZipper (x32 Version: 1.4.8) ==================== Restore Points ========================= 17-11-2013 18:00:15 Windows Backup 22-11-2013 20:46:57 Removed Apple Application Support 24-11-2013 18:00:22 Windows Backup 01-12-2013 18:00:19 Windows Backup 02-12-2013 22:06:01 Restore Operation ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0BF985B4-5EC3-423A-878C-BB6514FA9B30} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd) Task: {13EECE60-5D33-487B-919B-218A82E03EBE} - System32\Tasks\{0EF9EC89-B610-4B6F-9DCC-B799D5FCC106} => C:\Riot Games\League of Legends\lol.launcher.exe [2011-04-28] () Task: {176DB1FE-6758-4EDD-AB7A-2051A8A89FEB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3985E9DE-2C9C-44E2-9C25-3AD4295A6FF2} - System32\Tasks\SuperLyrics Update => C:\Program Files (x86)\SuperLyrics\SuperLyricsUpdater.exe [2013-06-11] (Sven & Yorgen) Task: {3C95A8D2-F8EF-41DE-8CFB-15F086A3C6FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.) Task: {3F8FEAF5-0E70-45FA-98D1-7931AAFD1798} - System32\Tasks\{473A109B-30BF-402C-B9D0-349645C01542} => C:\Riot Games\League of Legends\lol.launcher.exe [2011-04-28] () Task: {4D3C9AC1-6D14-4145-A1AC-5BD7F33C6338} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe Task: {A550CBE9-4E5B-46B9-A5A0-A9F450523EAE} - System32\Tasks\DSite => C:\Users\Master\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-07-05] () Task: {AAD3DCD4-6B9F-4BCE-B221-209B35769857} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] () Task: {C56CBBAD-3261-4A27-81FE-DBDA9A635BC8} - System32\Tasks\{B96B7E74-B88D-4C11-B358-EC82FE7DE2CA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-10-21] (Skype Technologies S.A.) Task: {D1D4904C-218A-4C1C-A3D4-A62768798C20} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe [2013-06-29] (Taiwan Shui Mu Chih Ching Technology Limited.) Task: {D32CD963-68CA-45E3-88A0-92B1600A8F79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: {E7640390-59A3-45EF-8274-457122455688} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DSite.job => C:\Users\Master\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SuperLyrics Update.job => C:\Program Files (x86)\SuperLyrics\SuperLyricsUpdater.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-21 23:39 - 2013-11-18 15:32 - 01958880 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll 2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-06-29 15:20 - 2013-06-29 15:20 - 00612520 _____ () C:\Program Files (x86)\Omiga Plus\sqlite3.dll 2013-06-29 15:20 - 2013-06-29 15:20 - 00612520 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll 2013-08-08 20:03 - 2013-08-07 22:21 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-08-07 12:54 - 2011-08-07 12:54 - 00362029 _____ () C:\Program Files (x86)\BrowserCompanion\sqlite3.dll 2013-11-19 14:54 - 2013-11-15 15:23 - 00886624 _____ () C:\Program Files (x86)\Opera\18.0.1284.49\libglesv2.dll 2013-11-19 14:54 - 2013-11-15 15:23 - 00108896 _____ () C:\Program Files (x86)\Opera\18.0.1284.49\libegl.dll 2013-11-19 14:54 - 2013-11-15 15:23 - 00879968 _____ () C:\Program Files (x86)\Opera\18.0.1284.49\ffmpegsumo.dll 2013-10-09 12:43 - 2013-10-09 12:43 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10249 Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10249 Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9251 Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9251 Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8252 Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8252 Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:19 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7254 System errors: ============= Error: (12/03/2013 08:37:49 AM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.2 service failed to start due to the following error: %%2 Error: (12/03/2013 08:23:44 AM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.2 service failed to start due to the following error: %%2 Error: (12/03/2013 08:23:38 AM) (Source: BugCheck) (User: ) Description: 0x000000f4 (0x0000000000000003, 0xfffffa80053e5610, 0xfffffa80053e58f0, 0xfffff80003b9bf40)C:\Windows\MEMORY.DMP120313-18829-01 Error: (12/03/2013 08:23:38 AM) (Source: EventLog) (User: ) Description: The previous system shutdown at 8:21:41 AM on 12/3/2013 was unexpected. Error: (12/03/2013 08:17:20 AM) (Source: DCOM) (User: ) Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (12/02/2013 11:09:07 PM) (Source: Service Control Manager) (User: ) Description: The Avira Browser-Schutz service terminated with service-specific error %%1. Error: (12/02/2013 11:08:54 PM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.2 service failed to start due to the following error: %%2 Error: (12/02/2013 10:49:57 PM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.2 service failed to start due to the following error: %%2 Error: (12/02/2013 10:49:53 PM) (Source: BugCheck) (User: ) Description: 0x000000f4 (0x0000000000000003, 0xfffffa80053f9b30, 0xfffffa80053f9e10, 0xfffff80003b9ef40)C:\Windows\MEMORY.DMP120213-19484-01 Error: (12/02/2013 10:49:48 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 10:48:20 PM on 12/2/2013 was unexpected. Microsoft Office Sessions: ========================= Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10249 Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10249 Error: (12/03/2013 04:12:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9251 Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9251 Error: (12/03/2013 04:12:21 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8252 Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8252 Error: (12/03/2013 04:12:20 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/03/2013 04:12:19 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7254 CodeIntegrity Errors: =================================== Date: 2011-03-31 16:09:35.790 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-03-31 16:09:35.775 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 23:44:00.898 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 23:44:00.867 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:55:33.636 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:55:33.605 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:54:20.946 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:54:20.946 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:11:12.030 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-12-01 19:11:11.998 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 4058.45 MB Available physical RAM: 2213.06 MB Total Pagefile: 8115.1 MB Available Pagefile: 5592.98 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:170.25 GB) (Free:34.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:295.51 GB) (Free:6.46 GB) NTFS Drive f: (GTAIV_Disk1) (CDROM) (Total:7.14 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 26752674) Partition 1: (Active) - (Size=170 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=296 GB) - (Type=07 NTFS) ==================== End Of Log ============================ sollte ich auch combifix benutzen?`? |
03.12.2013, 16:16 | #4 |
/// the machine /// TB-Ausbilder | bprotector.E verursacht bluescreen hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu bprotector.E verursacht bluescreen |
bluescree, bluescreen, ellung, gefunde, gefundene, hilfe, maleware, malware, quara, quarantäne, systemwiederherstellung, systemwiederherstellung gemacht, trojaner, verschieben, verursacht, virus |