| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: C:/ProgramData/BitGuard/2.7.1832.68.../loader.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.03.2014, 14:38
| #1 |
| |  C:/ProgramData/BitGuard/2.7.1832.68.../loader.dll Hallo, seit eben springt mein Avira immer wieder an mit der Meldung: Der Zugriff auf die Datei C:/ProgramData/BitGuard/2.7.1832.68.../loader.dll mit dem Virus oder dem unerwünschtes Programm TR/BProtector.Gen enthält wurde blockiert. Wenn ich der Meldung von Avira nachgehen und die Datei in Quarantäne stellen hat sich plötzlich mein Laptop runtergefahren mit der Meldung: "plug & play wurde deaktiviert". Dann kam ich auf den Bluescreen und mein Pc hat sich wieder hochgefahren. Ich hoffe jemand kann mir helfen mfg. |
|
27.03.2014, 16:34
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | C:/ProgramData/BitGuard/2.7.1832.68.../loader.dll Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
27.03.2014, 17:02
| #3 |
| | C:/ProgramData/BitGuard/2.7.1832.68.../loader.dll FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Silas Krasula (administrator) on SILASKRASULA-PC on 27-03-2014 16:56:30
Running from C:\Users\Silas Krasula\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
() C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
( ) C:\Windows\system32\lxebcoms.exe
() C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
(Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Tablet Driver) C:\Windows\System32\Drivers\WTSRV.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Chicony) C:\Program Files (x86)\Video Web Camera\traybar.exe
() C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] - C:\Program Files (x86)\Video Web Camera\traybar.exe [630784 2009-07-15] (Chicony)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe [133120 2010-01-13] ()
HKLM-x32\...\Run: [WTClient] - WTClient.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573576 2012-10-29] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-27] (Microsoft Corporation)
HKU\S-1-5-21-978572028-3189159211-4054434489-1001\...\Run: [ICQ] - C:\Users\Silas Krasula\AppData\Roaming\ICQM\icq.exe [26606072 2013-01-11] (ICQ)
HKU\S-1-5-21-978572028-3189159211-4054434489-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-978572028-3189159211-4054434489-1001\...\MountPoints2: {8472bf44-e033-11de-804a-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-978572028-3189159211-4054434489-1001\...\MountPoints2: {fddf4721-60fc-11e3-9db8-00262297b4e9} - E:\LGAutoRun.exe
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] ()
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360310q025l03h4z1l5f48j2t41n
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109958&tt=261112_set2_4812_8&babsrc=HP_ss&mntrId=00139f4200000000000002004c4f4f50
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360310q025l03h4z1l5f48j2t41n
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360310q025l03h4z1l5f48j2t41n
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360310q025l03h4z1l5f48j2t41n
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360310q025l03h4z1l5f48j2t41n
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1301111815\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1301111815\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKCU - DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - 9E79D6A01529441DBC671A37BE02B57F URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=261112_set2_4812_8&babsrc=SP_ss&mntrId=00139f4200000000000002004c4f4f50
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NCH2&o=APN10013&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ACC&apn_dtid=^YYYYYY^YY^DE&apn_uid=8048b247-f591-4517-a441-23fcc828b94a&apn_sauid=206FAA3E-4744-454A-B777-62F5282F4B47
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {5E4F6AB4-5ED1-4601-89DC-6A3A99B4FDE5} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE370
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=6967335589814536&p2=^A9T^YYYYYY^YY^DE&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb167/?search={searchTerms}&loc=IB_DS&a=6PQEELCAu1&i=26
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Search Results Toolbar - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll No File
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ICQ Sparberater - {E2B5568A-B3BC-49D6-9BEA-4A549AA1E01E} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll ()
BHO-x32: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Search Results Toolbar - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com)
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1301111815\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4B6D0AD6-DD30-48AB-969E-13CCDE862489}: [NameServer]193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default
FF user.js: detected! => C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\user.js
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Search the web (Babylon)
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://search.babylon.com/?affID=109958&tt=261112_set2_4812_8&babsrc=HP_ss&mntrId=00139f4200000000000002004c4f4f50
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Oracle)
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-23.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\mngr.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DealPly Shopping - C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\Extensions\amo@dealplyshopping.com [2013-05-07]
FF Extension: ICQ Sparberater - C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\Extensions\ciuvo-extension@icq.de [2013-01-11]
FF Extension: PricePeep - C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\Extensions\pricepeep@getpricepeep.com [2013-05-07]
FF Extension: No Name - C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\Extensions\staged [2012-12-12]
FF Extension: Ask Toolbar - C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\Extensions\toolbar@ask.com [2012-11-30]
FF Extension: ICQ Toolbar - C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013-01-13]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-12-08]
FF Extension: PricePeep - C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\Extensions\pricepeep@getpricepeep.com.xpi [2013-04-30]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: NoScript - C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-06]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Silas Krasula\AppData\Roaming\Mozilla\Firefox\Profiles\5wkfag1n.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-12-12]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKCU\...\Firefox\Extensions: [lrcspal@xinghao.net] - C:\Program Files (x86)\XingHaoLyrics\FF\
FF Extension: LyricsPal - C:\Program Files (x86)\XingHaoLyrics\FF\ []
Chrome:
=======
CHR HomePage: hxxp://search.babylon.com/?affID=109958&tt=261112_set2_4812_8&babsrc=HP_ss&mntrId=00139f4200000000000002004c4f4f50
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Search the web (Babylon)
CHR DefaultSearchURL: hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=261112_set2_4812_8&babsrc=SP_ss&mntrId=00139f4200000000000002004c4f4f50
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.6) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll (Oracle)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Silas Krasula\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-08-05]
CHR Extension: (Google Docs) - C:\Users\Silas Krasula\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-28]
CHR Extension: (Google Drive) - C:\Users\Silas Krasula\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-28]
CHR Extension: (YouTube) - C:\Users\Silas Krasula\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-28]
CHR Extension: (McAfee Security Scan+) - C:\Users\Silas Krasula\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-22]
CHR Extension: (Google-Suche) - C:\Users\Silas Krasula\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-28]
CHR Extension: (Babylon Toolbar) - C:\Users\Silas Krasula\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2013-04-28]
CHR Extension: (LyricsPal) - C:\Users\Silas Krasula\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf [2013-05-07]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Silas Krasula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-04-28]
CHR Extension: (Google Wallet) - C:\Users\Silas Krasula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\Silas Krasula\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-28]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2013-04-28]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Silas Krasula\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-08]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-20]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Silas Krasula\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-08-08]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-08-08]
CHR HKLM-x32\...\Chrome\Extension: [mmiopbgcekanlhpjkonogoljpfmhpkhf] - C:\Program Files (x86)\XingHaoLyrics\Chrome.crx [2013-04-21]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [248184 2012-11-07] ()
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [247296 2010-01-13] ()
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S3 TipCtrl; "C:\Program Files (x86)\uTIPu\TipCtrl.exe" [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
==================== Drivers (Whitelisted) ====================
S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-06-03] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2008-03-26] (DemoForge, LLC)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [31744 2008-09-07] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-06-03] ()
S3 PsSdk41; C:\Windows\system32\Drivers\pssdk41.sys [51776 2011-01-03] (microOLAP Technologies LTD)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
S3 ALSysIO; \??\C:\Users\SILASK~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-27 16:56 - 2014-03-27 16:56 - 00032661 _____ () C:\Users\Silas Krasula\Downloads\FRST.txt
2014-03-27 16:56 - 2014-03-27 16:56 - 00000000 ____D () C:\FRST
2014-03-27 16:54 - 2014-03-27 16:55 - 02157056 _____ (Farbar) C:\Users\Silas Krasula\Downloads\FRST64.exe
2014-03-27 15:12 - 2014-03-27 15:12 - 00293264 _____ () C:\Windows\Minidump\032714-35084-01.dmp
2014-03-27 14:16 - 2014-03-27 14:16 - 00296008 _____ () C:\Windows\Minidump\032714-37643-01.dmp
2014-03-27 10:46 - 2014-03-27 10:46 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-26 10:13 - 2014-03-26 10:13 - 00747936 _____ () C:\Windows\Minidump\032614-33914-01.dmp
2014-03-25 11:26 - 2014-03-25 11:26 - 00296008 _____ () C:\Windows\Minidump\032514-45770-01.dmp
2014-03-13 21:51 - 2014-03-13 21:51 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-13 21:51 - 2014-03-13 21:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-13 21:51 - 2014-03-13 21:51 - 00000000 ____D () C:\Users\Silas Krasula\AppData\Local\Skype
==================== One Month Modified Files and Folders =======
2014-03-27 16:56 - 2014-03-27 16:56 - 00032661 _____ () C:\Users\Silas Krasula\Downloads\FRST.txt
2014-03-27 16:56 - 2014-03-27 16:56 - 00000000 ____D () C:\FRST
2014-03-27 16:55 - 2014-03-27 16:54 - 02157056 _____ (Farbar) C:\Users\Silas Krasula\Downloads\FRST64.exe
2014-03-27 16:52 - 2012-09-17 03:57 - 01265850 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 16:52 - 2010-06-12 20:43 - 00000000 ____D () C:\Users\Silas Krasula\AppData\Roaming\Skype
2014-03-27 16:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-03-27 16:24 - 2013-04-28 15:11 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 16:03 - 2013-03-07 11:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 15:23 - 2013-04-28 15:11 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 15:20 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 15:20 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 15:12 - 2014-03-27 15:12 - 00293264 _____ () C:\Windows\Minidump\032714-35084-01.dmp
2014-03-27 15:12 - 2012-10-03 15:50 - 448230208 _____ () C:\Windows\MEMORY.DMP
2014-03-27 15:12 - 2012-09-17 13:59 - 00068842 _____ () C:\Windows\setupact.log
2014-03-27 15:12 - 2010-07-28 08:38 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-27 15:12 - 2010-05-29 16:09 - 00000000 ____D () C:\Windows\Minidump
2014-03-27 15:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 14:16 - 2014-03-27 14:16 - 00296008 _____ () C:\Windows\Minidump\032714-37643-01.dmp
2014-03-27 14:16 - 2010-03-12 13:32 - 00000000 ____D () C:\Users\Silas Krasula
2014-03-27 14:14 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-27 10:46 - 2014-03-27 10:46 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-26 10:13 - 2014-03-26 10:13 - 00747936 _____ () C:\Windows\Minidump\032614-33914-01.dmp
2014-03-25 11:26 - 2014-03-25 11:26 - 00296008 _____ () C:\Windows\Minidump\032514-45770-01.dmp
2014-03-25 11:26 - 2013-03-13 23:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-25 11:26 - 2013-03-13 23:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 22:13 - 2013-04-28 15:12 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-13 21:51 - 2014-03-13 21:51 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-13 21:51 - 2014-03-13 21:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-13 21:51 - 2014-03-13 21:51 - 00000000 ____D () C:\Users\Silas Krasula\AppData\Local\Skype
2014-03-13 21:51 - 2010-06-12 20:43 - 00000000 ____D () C:\ProgramData\Skype
2014-03-13 20:13 - 2012-09-30 07:08 - 00103680 _____ () C:\Windows\PFRO.log
2014-02-28 13:48 - 2013-12-21 08:25 - 00000058 _____ () C:\Users\Silas Krasula\AppData\Roaming\WB.CFG
Files to move or delete:
====================
C:\Users\Silas Krasula\AppData\Roaming\data.dat
Some content of TEMP:
====================
C:\Users\Silas Krasula\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe
C:\Users\Silas Krasula\AppData\Local\Temp\avgnt.exe
C:\Users\Silas Krasula\AppData\Local\Temp\chromesetup.exe
C:\Users\Silas Krasula\AppData\Local\Temp\contentDATs.exe
C:\Users\Silas Krasula\AppData\Local\Temp\dp.exe
C:\Users\Silas Krasula\AppData\Local\Temp\HC2Set64Pvt.exe
C:\Users\Silas Krasula\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Silas Krasula\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Silas Krasula\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Silas Krasula\AppData\Local\Temp\TB_3B97.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-27 16:19
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Silas Krasula at 2014-03-27 16:57:40
Running from C:\Users\Silas Krasula\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.9.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.30496 - Ask.com) <==== ATTENTION
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC)
Babylon Chrome Toolbar (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Babylon toolbar (HKLM-x32\...\BabylonToolbar) (Version: - BabylonToolbar) <==== ATTENTION
BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version: - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
ContentMod2.0 (HKLM-x32\...\ContentMod_2.0) (Version: - )
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DealPly (HKCU\...\DealPly) (Version: - ) <==== ATTENTION
DealPly (remove only) (HKLM-x32\...\DealPly) (Version: 4.8.6.1 - DealPly Technologies Ltd.) <==== ATTENTION
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: - NCH Software)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
DVDVideoSoftTB DE Toolbar (HKLM-x32\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB DE)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: - NCH Software)
Free Audio Converter version 5.0.17.903 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.17.903 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.30.903 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.30.903 - DVDVideoSoft Ltd.)
GII_Win7_Nvidia_Workaround (HKLM-x32\...\GII_Win7_Nvidia_Workaround) (Version: 1.0 - Diverse)
GIMP 2.6.12 (HKLM\...\GIMP-2_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Gothic II - Die Nacht des Raben (HKLM-x32\...\Gothic II - Die Nacht des Raben) (Version: - JoWooD Productions Software AG)
Gothic II (HKLM-x32\...\Gothic II) (Version: - JoWooD Productions Software AG)
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.27.01 - Hyperionics Technology LLC)
ICQ 8.0 (build 5981, für aktuellen Benutzer) (HKCU\...\ICQ) (Version: 8.0.5981.0 - Mail.Ru)
ICQ Sparberater (HKLM-x32\...\{E2B5568A-B3BC-49D6-9BEA-4A549AA1E01E}) (Version: 1.4.9 - solute gmbh)
ICQ Toolbar (HKLM-x32\...\ICQToolbar) (Version: 3.0.0 - ICQ)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Incredibar Toolbar on IE (HKLM-x32\...\incredibar) (Version: - ) <==== ATTENTION
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017F0}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.04 - Packard Bell)
LyricsPal (HKLM-x32\...\lrcspal@xinghao.net) (Version: - XingHao Software) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Partner Manager (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
Mozilla Firefox 25.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{3ffa2926-60b0-41ff-9e1b-7e19e023755a}) (Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.1.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.02.3006 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.4.0730 - Packard Bell Incorporated)
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Packard Bell)
Pokemon Online 2.3.2 (HKLM-x32\...\{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1) (Version: - Dreambelievers)
PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.1 - betwikx LLC) <==== ATTENTION
Questpaket 4 Update 1 Deinstallation (HKLM-x32\...\G3QP231012008_is1) (Version: 4.1.0.0 - Humanforce)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Search Results Toolbar (HKLM-x32\...\searchresults1) (Version: 1.0.0.12 - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.4.0 - Synaptics Incorporated)
Trust Tablet Driver (HKLM-x32\...\TabletDriver) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.46.715 - Chicony Electronics Co.,Ltd.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: - NCH Software)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.00.3009 - Packard Bell)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
XLink Kai (HKLM-x32\...\{E51A8627-B4B4-48F3-AABA-EE5DA0CF454D}) (Version: 7.4.22.0 - Team XLink)
==================== Restore Points =========================
26-03-2014 08:01:18 Windows 7 Service Pack 1
27-03-2014 09:46:20 Windows Modules Installer
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {08F329A7-19DC-49CF-9CD9-D7933F1FC6C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
Task: {0FA5B801-B734-4E1E-9061-E1A881AF20E3} - System32\Tasks\{CFFF04DD-E35A-4D16-B0B1-F8CDC142D2FD} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {16C6DF4C-C444-42BF-BAE8-DC09B01EC938} - System32\Tasks\{D78A8A20-8DD9-4322-9936-701F46BBE7A0} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {299AC5AB-303B-4C91-8194-C390A973A7B9} - System32\Tasks\{9B84D4E3-874B-4D00-AB97-5BC4CE1DB6C9} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {4EB3F1F8-A46F-45EF-8F79-98D856163449} - System32\Tasks\{3158B17C-AF10-488E-A871-EE37C3595860} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {4FECC2BD-FDB3-4BC0-996C-A1CBA684083F} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {59A70054-596A-491A-A8B7-7A421CEBC932} - System32\Tasks\{CD9B03B2-3E63-42B4-9F92-FBF477649EE4} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {5C5EF41F-1650-4005-A106-3D83B24FFCD3} - System32\Tasks\{92A7C398-67EF-4081-B522-1BFD7AE87703} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {636D09A4-7AE0-43D9-9E69-D2B4455BACDC} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {7341D2E0-8B91-4CA9-81B3-F839ECCF9A54} - System32\Tasks\{91CE3A41-7F85-4702-82FB-A13921F0069F} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {74C93517-E273-44FA-BA3A-C4B7E2CA91B3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-29] () <==== ATTENTION
Task: {7D665B9B-8A17-4AA7-B74D-3406022434E1} - System32\Tasks\{6DAAB036-E2E4-4570-B4AA-E693793F8322} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {84CF3103-63AC-47A9-AD67-BD11343D7514} - System32\Tasks\{A487E7AE-55A6-4E47-9003-69B749C386BF} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {93539443-D20F-4CFF-9805-AB6DD0A54746} - System32\Tasks\DealPly => C:\Users\Silas Krasula\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-02-27] () <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {C1F35B00-6191-40AC-915F-3FA75F20F7BA} - System32\Tasks\{7CB5D109-1685-4474-A51C-20A437556B93} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {CB6BC266-8678-44D9-9A84-1AFEAC85FEBF} - System32\Tasks\{938BB97B-D712-4DAF-819B-4D484F033B28} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {CE894FA6-4758-424D-A358-40528A212405} - System32\Tasks\{C24C3B42-3F1B-4349-990D-9ABF7EC4AAFD} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {D28C2714-086A-484B-9E6A-2D1B7A6DBE73} - System32\Tasks\icqSWU => Cscript.exe "C:\Program Files (x86)\icq\Internet Explorer\swu.vbs"
Task: {D38D2E78-6A17-4A56-BA0B-C4CA3698BB2E} - System32\Tasks\{CF7E2136-51B9-4689-8CC5-6FB3C9B43B9F} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {D4BE95DF-D498-465E-9B8B-2A172F0CD93F} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {DE97791A-A514-45B3-95E7-0E54A11A3845} - System32\Tasks\{BD2FB620-BEF1-4761-8592-C7D8DF571D00} => C:\Users\Silas Krasula\Desktop\NO.EXE
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {E4E2E0A6-DA71-4645-83E5-D212E94FCB8B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
Task: {E89BAEE5-B0EB-48F6-9E0C-E9472DBE9F31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-11-21 19:48 - 2013-11-18 15:32 - 01958880 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll
2011-04-03 18:49 - 2009-11-04 12:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxebdrpp.dll
2013-01-11 18:15 - 2012-11-07 19:56 - 00248184 _____ () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
2010-07-28 07:55 - 2010-01-13 18:14 - 00247296 _____ () C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
2010-07-28 07:55 - 2010-01-13 18:13 - 00133120 _____ () C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
2013-08-05 16:10 - 2013-08-05 13:55 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2009-09-24 16:17 - 2009-09-24 16:17 - 00267264 _____ () C:\Windows\system32\WinTab32.DLL
2014-03-15 22:13 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 22:13 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 22:13 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 22:13 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 22:13 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 22:13 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 22:13 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
2009-09-24 16:16 - 2009-09-24 16:16 - 00200704 _____ () C:\Windows\SysWOW64\WinTab32.DLL
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Microsoft Loopbackadapter
Description: Microsoft Loopbackadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: msloop
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/27/2014 04:24:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/27/2014 04:24:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/27/2014 04:24:42 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/27/2014 04:24:42 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/27/2014 04:21:54 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error: (03/27/2014 03:18:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: jusched.exe, Version: 2.0.6.1, Zeitstempel: 0x4df127ab
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdb3c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00029da6
ID des fehlerhaften Prozesses: 0xfa0
Startzeit der fehlerhaften Anwendung: 0xjusched.exe0
Pfad der fehlerhaften Anwendung: jusched.exe1
Pfad des fehlerhaften Moduls: jusched.exe2
Berichtskennung: jusched.exe3
Error: (03/27/2014 02:22:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: jusched.exe, Version: 2.0.6.1, Zeitstempel: 0x4df127ab
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdb3c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00029da6
ID des fehlerhaften Prozesses: 0x2e8
Startzeit der fehlerhaften Anwendung: 0xjusched.exe0
Pfad der fehlerhaften Anwendung: jusched.exe1
Pfad des fehlerhaften Moduls: jusched.exe2
Berichtskennung: jusched.exe3
Error: (03/27/2014 02:18:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.16.11.8766, Zeitstempel: 0x4ac799dc
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c6ae2
ID des fehlerhaften Prozesses: 0x484
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Error: (03/27/2014 10:43:19 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).
Error: (03/26/2014 10:19:39 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: jusched.exe, Version: 2.0.6.1, Zeitstempel: 0x4df127ab
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdb3c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00029da6
ID des fehlerhaften Prozesses: 0xfe4
Startzeit der fehlerhaften Anwendung: 0xjusched.exe0
Pfad der fehlerhaften Anwendung: jusched.exe1
Pfad des fehlerhaften Moduls: jusched.exe2
Berichtskennung: jusched.exe3
System errors:
=============
Error: (03/27/2014 03:12:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HsfXAudioService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/27/2014 03:12:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HsfXAudioService erreicht.
Error: (03/27/2014 03:12:36 PM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0xfffff880037e0fc0, 0x0000000000000002, 0x0000000000000000, 0xfffff88003d25e75)C:\Windows\MEMORY.DMP032714-35084-01
Error: (03/27/2014 03:12:31 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 27.03.2014 um 15:10:56 unerwartet heruntergefahren.
Error: (03/27/2014 02:16:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HsfXAudioService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/27/2014 02:16:06 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HsfXAudioService erreicht.
Error: (03/27/2014 02:16:09 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa80050e8b30, 0xfffffa80050e8e10, 0xfffff800037c1260)C:\Windows\MEMORY.DMP032714-37643-01
Error: (03/27/2014 02:16:02 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 27.03.2014 um 14:13:23 unerwartet heruntergefahren.
Error: (03/27/2014 10:54:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)
Error: (03/26/2014 01:31:05 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Microsoft Office Sessions:
=========================
Error: (07/07/2013 08:55:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 156 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/05/2012 10:18:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9987 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 4093.98 MB
Available physical RAM: 2050.94 MB
Total Pagefile: 8186.1 MB
Available Pagefile: 5780.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:285.99 GB) (Free:185.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D3B32175)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
28.03.2014, 00:24
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | C:/ProgramData/BitGuard/2.7.1832.68.../loader.dll Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.03.2014, 16:47
| #5 |
| | C:/ProgramData/BitGuard/2.7.1832.68.../loader.dll mbar-log-2014-03-29 (13-06-47).txt Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.03.29.01
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Silas Krasula :: SILASKRASULA-PC [administrator]
29.03.2014 13:06:47
mbar-log-2014-03-29 (13-06-47).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 252613
Time elapsed: 1 hour(s), 8 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID (Malware.Trace) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Silas Krasula\AppData\Roaming\data.dat (Stolen.Data) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.03.29.01
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Silas Krasula :: SILASKRASULA-PC [administrator]
29.03.2014 14:24:52
mbar-log-2014-03-29 (14-24-52).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 252852
Time elapsed: 1 hour(s), 14 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
29.03.2014, 23:05
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | C:/ProgramData/BitGuard/2.7.1832.68.../loader.dll Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> C:/ProgramData/BitGuard/2.7.1832.68.../loader.dll |
|
| Themen zu C:/ProgramData/BitGuard/2.7.1832.68.../loader.dll |
| avira, bluescree, bluescreen, datei, deaktiviert, enthält, hoffe, immer wieder, laptop, malware.trace, meldung, plötzlich, programm, quara, quarantäne, spring, springt, stelle, stolen.data, tr/bprotector.gen, unerwünschtes, unerwünschtes programm, virus, zugriff |
Linear-Darstellung
