tobias123456 | 02.11.2013 18:14 | Vielen Dank für die schnelle Antwort.
Anbei die Logs als Post: Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by user at 2013-11-02 14:55:03
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Enabled) {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
==================== Installed Programs ======================
@BIOS (x32 Version: 2.12)
4500_G510gm_Help (x32 Version: 000.0.439.000)
4500G510gm (x32 Version: 000.0.423.000)
4500G510gm_Software_Min (x32 Version: 000.0.423.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.5.502.146)
Adobe Reader X (10.1.4) - Deutsch (x32 Version: 10.1.4)
AMD APP SDK Runtime (Version: 2.4.650.9)
AMD Media Foundation Decoders (Version: 1.0.60512.1804)
AMD VISION Engine Control Center (x32 Version: 2011.0512.1812.30806)
ATI Catalyst Install Manager (Version: 3.0.829.0)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000)
Avira Internet Security (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar (x32 Version: 12.6.0.1900)
BUDNI Fotowelt (x32 Version: 5.0.1)
BufferChm (x32 Version: 130.0.331.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0512.1812.30806)
Catalyst Control Center InstallProxy (x32 Version: 2011.0512.1812.30806)
Catalyst Control Center Localization All (x32 Version: 2011.0512.1812.30806)
CCC Help Chinese Standard (x32 Version: 2011.0512.1811.30806)
CCC Help Chinese Traditional (x32 Version: 2011.0512.1811.30806)
CCC Help Czech (x32 Version: 2011.0512.1811.30806)
CCC Help Danish (x32 Version: 2011.0512.1811.30806)
CCC Help Dutch (x32 Version: 2011.0512.1811.30806)
CCC Help English (x32 Version: 2011.0512.1811.30806)
CCC Help Finnish (x32 Version: 2011.0512.1811.30806)
CCC Help French (x32 Version: 2011.0512.1811.30806)
CCC Help German (x32 Version: 2011.0512.1811.30806)
CCC Help Greek (x32 Version: 2011.0512.1811.30806)
CCC Help Hungarian (x32 Version: 2011.0512.1811.30806)
CCC Help Italian (x32 Version: 2011.0512.1811.30806)
CCC Help Japanese (x32 Version: 2011.0512.1811.30806)
CCC Help Korean (x32 Version: 2011.0512.1811.30806)
CCC Help Norwegian (x32 Version: 2011.0512.1811.30806)
CCC Help Polish (x32 Version: 2011.0512.1811.30806)
CCC Help Portuguese (x32 Version: 2011.0512.1811.30806)
CCC Help Russian (x32 Version: 2011.0512.1811.30806)
CCC Help Spanish (x32 Version: 2011.0512.1811.30806)
CCC Help Swedish (x32 Version: 2011.0512.1811.30806)
CCC Help Thai (x32 Version: 2011.0512.1811.30806)
CCC Help Turkish (x32 Version: 2011.0512.1811.30806)
ccc-utility64 (Version: 2011.0512.1812.30806)
Chainz 2 - Relinked (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.372.000)
DocMgr (x32 Version: 130.0.000.000)
DocProc (x32 Version: 13.0.0.0)
Easy Tune 6 B11.0608.1 (x32 Version: 1.00.0000)
Etron USB3.0 Host Controller (x32 Version: 0.101)
Fax (x32 Version: 130.0.418.000)
Free YouTube to MP3 Converter version 3.12.5.628 (x32 Version: 3.12.5.628)
Gardenscapes (x32)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 5.005.000.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 7 Update 5 (64-bit) (Version: 7.0.50)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
MarketResearch (x32 Version: 130.0.374.000)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 13.0 (x86 de) (x32 Version: 13.0)
Mozilla Maintenance Service (x32 Version: 13.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network64 (Version: 130.0.374.000)
Network64 (Version: 140.0.221.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
ON_OFF Charge B11.0110.1 (x32 Version: 1.00.0001)
Online Games Manager v1.20 (x32 Version: 1.20.13)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6358)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6368)
Rossmann Fotowelt Software 4.12.1 (x32 Version: 4.12.1)
Scan (x32 Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartWebPrinting (x32 Version: 130.0.373.000)
SolutionCenter (x32 Version: 130.0.373.000)
Status (x32 Version: 130.0.373.000)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.376.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
VLC media player 1.1.11 (x32 Version: 1.1.11)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.10 (64-Bit) (Version: 4.10.0)
Zylom Games Player Plugin (x32)
==================== Restore Points =========================
27-10-2013 06:58:28 Windows Update
01-11-2013 12:50:09 Windows Update
01-11-2013 13:03:53 Windows Defender Checkpoint
02-11-2013 13:20:50 Installed Java 7 Update 45
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1C61F2A5-46E1-4BB3-9384-22E88B83806B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
Task: {A858329C-D87F-4E28-A33A-A551F1C87B4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
Task: {B394C1B1-5BAF-4AE3-9039-E79AC49EA635} - System32\Tasks\{373A623A-AA0F-4E8F-96AE-E7B6EBB9231F} => C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe [2005-04-03] (Macrovision Corporation)
Task: {CC6948A2-C09D-4195-94C3-6A30AFC43D2A} - System32\Tasks\DealPly => C:\Users\user\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE
Task: {D0A22B65-85D2-4D0C-9E23-BA19015E853D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-09] (Adobe Systems Incorporated)
Task: {D561167C-F86F-4870-808C-74CC9490F1A1} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2009-07-14] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-05-11 11:50 - 2012-01-09 18:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-25 17:32 - 2013-09-05 21:08 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-05 21:09 - 2013-09-05 21:08 - 00447848 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\libxml2.dll
2013-09-05 21:09 - 2013-09-05 21:07 - 00060264 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\cares.dll
2012-05-11 11:48 - 2012-12-18 20:13 - 02042848 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:7BA83BF4
AlternateDataStreams: C:\ProgramData\TEMP:F8443B2A
AlternateDataStreams: C:\Users\user\Downloads\917130d45ea64adb93ffc39e8a4c6893.eml:OECustomProperty
AlternateDataStreams: C:\Users\user\Downloads\aa66c49f96034589944eb0d8327c9bf9.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/01/2013 03:21:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ignou.exe, Version: 0.0.0.0, Zeitstempel: 0x50a69529
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039342
ID des fehlerhaften Prozesses: 0xa24
Startzeit der fehlerhaften Anwendung: 0xignou.exe0
Pfad der fehlerhaften Anwendung: ignou.exe1
Pfad des fehlerhaften Moduls: ignou.exe2
Berichtskennung: ignou.exe3
Error: (11/01/2013 02:55:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 1.2.0.50, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x78
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (11/01/2013 02:39:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 1.2.0.50, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039342
ID des fehlerhaften Prozesses: 0x908
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (11/01/2013 02:23:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0x1664
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (11/01/2013 02:03:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Toolbar.exe, Version: 21.4.0.1982, Zeitstempel: 0x524f145e
Name des fehlerhaften Moduls: so.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x524f1452
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6f5779ef
ID des fehlerhaften Prozesses: 0x4c8
Startzeit der fehlerhaften Anwendung: 0xToolbar.exe0
Pfad der fehlerhaften Anwendung: Toolbar.exe1
Pfad des fehlerhaften Moduls: Toolbar.exe2
Berichtskennung: Toolbar.exe3
Error: (11/01/2013 02:03:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ignou.exe, Version: 0.0.0.0, Zeitstempel: 0x50a69529
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039342
ID des fehlerhaften Prozesses: 0xad0
Startzeit der fehlerhaften Anwendung: 0xignou.exe0
Pfad der fehlerhaften Anwendung: ignou.exe1
Pfad des fehlerhaften Moduls: ignou.exe2
Berichtskennung: ignou.exe3
Error: (11/01/2013 02:02:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x9fdcf45e
ID des fehlerhaften Prozesses: 0xf64
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (10/30/2013 06:09:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x232e2aff
ID des fehlerhaften Prozesses: 0x7c4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (10/27/2013 01:39:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0x1180
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (10/27/2013 01:38:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Toolbar.exe, Version: 21.4.0.1982, Zeitstempel: 0x524f145e
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003bc21
ID des fehlerhaften Prozesses: 0xd50
Startzeit der fehlerhaften Anwendung: 0xToolbar.exe0
Pfad der fehlerhaften Anwendung: Toolbar.exe1
Pfad des fehlerhaften Moduls: Toolbar.exe2
Berichtskennung: Toolbar.exe3
System errors:
=============
Error: (11/02/2013 02:11:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira FireWall" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/02/2013 00:39:26 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows" den Befehl "chkdsk" aus.
Error: (11/02/2013 00:39:05 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows" den Befehl "chkdsk" aus.
Error: (11/02/2013 00:39:03 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows" den Befehl "chkdsk" aus.
Error: (11/02/2013 00:39:03 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows" den Befehl "chkdsk" aus.
Error: (11/02/2013 00:38:57 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows" den Befehl "chkdsk" aus.
Error: (11/02/2013 00:38:56 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows" den Befehl "chkdsk" aus.
Error: (11/02/2013 00:38:54 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows" den Befehl "chkdsk" aus.
Error: (11/02/2013 00:38:51 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows" den Befehl "chkdsk" aus.
Error: (11/02/2013 00:38:50 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Windows" den Befehl "chkdsk" aus.
Microsoft Office Sessions:
=========================
Error: (11/01/2013 03:21:46 PM) (Source: Application Error)(User: )
Description: ignou.exe0.0.0.050a69529ole32.dll6.1.7601.175144ce7b96fc000000500039342a2401ced7093b7b71d6C:\Users\user\AppData\Roaming\Liaxs\ignou.exeC:\Windows\syswow64\ole32.dllf00c66f4-4300-11e3-8992-50e5495a6dce
Error: (11/01/2013 02:55:48 PM) (Source: Application Error)(User: )
Description: svchost.exe1.2.0.502a425e19unknown0.0.0.000000000c0000005000000007801ced709509ddebaC:\Users\user\AppData\Roaming\Microsoft\Windows\svchost.exeunknown4f6c2688-42fd-11e3-8992-50e5495a6dce
Error: (11/01/2013 02:39:50 PM) (Source: Application Error)(User: )
Description: svchost.exe1.2.0.502a425e19ole32.dll6.1.7601.175144ce7b96fc00000050003934290801ced7077a2bda8dC:\Users\user\AppData\Roaming\Microsoft\Windows\svchost.exeC:\Windows\syswow64\ole32.dll13c04df0-42fb-11e3-b057-50e5495a6dce
Error: (11/01/2013 02:23:44 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16720523cf127ntdll.dll6.1.7601.18247521ea8e7c000000500038e19166401ced70583292f88C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dlld4669264-42f8-11e3-b73a-50e5495a6dce
Error: (11/01/2013 02:03:11 PM) (Source: Application Error)(User: )
Description: Toolbar.exe21.4.0.1982524f145eso.dll_unloaded0.0.0.0524f1452c00000056f5779ef4c801ced700783f43feC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exeso.dllf59c5d90-42f5-11e3-b73a-50e5495a6dce
Error: (11/01/2013 02:03:05 PM) (Source: Application Error)(User: )
Description: ignou.exe0.0.0.050a69529ole32.dll6.1.7601.175144ce7b96fc000000500039342ad001ced7027d822042C:\Users\user\AppData\Roaming\Liaxs\ignou.exeC:\Windows\syswow64\ole32.dllf1f0ab6f-42f5-11e3-b73a-50e5495a6dce
Error: (11/01/2013 02:02:37 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16720523cf127unknown0.0.0.000000000c00000059fdcf45ef6401ced700738f8e75C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowne07b4d48-42f5-11e3-b73a-50e5495a6dce
Error: (10/30/2013 06:09:29 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16720523cf127unknown0.0.0.000000000c0000005232e2aff7c401ced5911bee6615C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown0934e44c-4186-11e3-8bb2-50e5495a6dce
Error: (10/27/2013 01:39:58 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16720523cf127ntdll.dll6.1.7601.18247521ea8e7c000000500038e19118001ced3116b010bb9C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dlle321f806-3f04-11e3-917a-50e5495a6dce
Error: (10/27/2013 01:38:16 PM) (Source: Application Error)(User: )
Description: Toolbar.exe21.4.0.1982524f145eole32.dll6.1.7601.175144ce7b96fc00000050003bc21d5001ced30f07b52624C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exeC:\Windows\syswow64\ole32.dlla644eb22-3f04-11e3-917a-50e5495a6dce
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 3581.37 MB
Available physical RAM: 1721.25 MB
Total Pagefile: 7160.91 MB
Available Pagefile: 4896.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:233.88 GB) (Free:185.92 GB) NTFS
Drive e: (Daten) (Fixed) (Total:231.78 GB) (Free:231.34 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1506B6B1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=234 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)
==================== End Of Log ============================ FRST.txt
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by user (administrator) on USER-PC on 02-11-2013 14:54:19
Running from C:\Users\user\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
() C:\Users\user\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKCU\...\Run: [Zeihqevya] - C:\Users\user\AppData\Roaming\Liaxs\ignou.exe [293888 2013-04-30] ()
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\CurrentVersion\Windows: [Load] c:\users\user\dxanik.exe <===== ATTENTION
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1E5D42C9712FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKCU - DefaultScope {8AEFC176-17E8-48cc-96B1-67C59C96959D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119403&babsrc=SP_ss&mntrId=E09B50E5495A6DCE
SearchScopes: HKCU - {8AEFC176-17E8-48cc-96B1-67C59C96959D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKCU - {D998BEE0-93D7-43C0-8907-1F38933B1897} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=907D6679-6433-4058-9870-45B9AAEB6B29&apn_sauid=51E7E35E-8B4A-4BD1-966E-D5370DFC597A
SearchScopes: HKCU - {F09F5F12-A31C-4b85-A98D-51789A0E217D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\628uivtp.default
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\628uivtp.default\user.js
FF DefaultSearchEngine: Google
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\628uivtp.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\628uivtp.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\628uivtp.default\Extensions\staged
FF Extension: toolbar_AVIRA-V7 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\628uivtp.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://avira.search.ask.com/?p2=%5EB0Q%5EYYYYYY%5EYY%5EDE&gct=hp&o=APN11074cr&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EYY%5EDE&tpid=AVIRA-V7&apn_dbr=cr_28.0.1500.95&trgb=ALL&apn_uid=CCD1B607-DCA2-4A38-BA95-C177746B997E&itbv=12.2.2.663&doi=2013-08-25&psv=
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\25.62088_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DVDVideoSoft) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
==================== Services (Whitelisted) =================
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [655928 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{b27f45b9-98c0-c729-b1f3-242682cdc687}\ \...\???\{b27f45b9-98c0-c729-b1f3-242682cdc687}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-09-05] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-09-05] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-25] (Avira Operations GmbH & Co. KG)
S3 etdrv; C:\Windows\etdrv.sys [25640 2012-05-13] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2012-05-13] (Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-05-13] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-02 14:53 - 2013-11-02 14:53 - 01957098 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-11-02 14:53 - 2013-11-02 14:53 - 00000000 ____D C:\FRST
2013-11-02 14:52 - 2013-11-02 14:52 - 00000470 _____ C:\Users\user\Downloads\defogger_disable.log
2013-11-02 14:52 - 2013-11-02 14:52 - 00000000 _____ C:\Users\user\defogger_reenable
2013-11-02 14:44 - 2013-11-02 14:44 - 00050477 _____ C:\Users\user\Downloads\Defogger.exe
2013-11-02 14:27 - 2013-11-02 14:27 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-11-02 14:27 - 2013-11-02 14:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-02 14:23 - 2013-11-02 14:23 - 00000000 ____D C:\ProgramData\Oracle
2013-11-02 14:22 - 2013-11-02 14:22 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-02 14:22 - 2013-11-02 14:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-02 14:22 - 2013-11-02 14:22 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-02 14:22 - 2013-11-02 14:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-02 14:22 - 2013-11-02 14:22 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-02 12:09 - 2013-11-02 14:07 - 104620600 _____ C:\Windows\SysWOW64\㓴ꔅ純‘
2013-11-01 20:12 - 2013-11-02 14:00 - 00013202 _____ C:\Windows\WindowsUpdate.log
2013-11-01 14:01 - 2013-11-01 14:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Yrqo
2013-11-01 14:01 - 2013-11-01 14:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Liaxs
2013-11-01 14:01 - 2013-11-01 14:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Ecafur
2013-10-12 14:48 - 2013-10-12 14:50 - 72964145 _____ C:\Users\user\Downloads\Stadt der Diebe_01.wma.62t7yko.partial
2013-10-11 16:58 - 2013-10-11 16:59 - 00000000 ____D C:\Users\user\AppData\Local\{09B4A41E-E7FF-4832-BF0D-36179A909EB9}
2013-10-11 16:55 - 2013-10-11 16:55 - 00001111 _____ C:\Users\user\Desktop\SAMSUNG DIGITAL CAMERA - Verknüpfung (2).lnk
2013-10-11 16:53 - 2013-10-11 16:53 - 00001111 _____ C:\Users\user\Desktop\SAMSUNG DIGITAL CAMERA - Verknüpfung.lnk
2013-10-09 19:28 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 19:28 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 19:28 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 19:28 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 19:28 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 19:28 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 19:28 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 19:28 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 19:28 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 19:28 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 19:28 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 19:28 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 19:28 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 19:28 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 19:28 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 19:28 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 19:28 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 19:28 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 19:28 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 19:28 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 19:28 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 19:28 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 19:28 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 19:28 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 19:28 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 19:28 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 19:28 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 19:28 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 19:28 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 19:28 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 19:28 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 17:19 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:19 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 17:19 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:19 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:19 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:19 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:19 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 17:19 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 17:19 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 17:19 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:19 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 17:19 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 17:18 - 2013-11-01 18:57 - 00000000 __SHD C:\Users\user\AppData\Roaming\jjdbvawh
2013-10-09 17:18 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 17:18 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 17:18 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 17:18 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 17:18 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 17:18 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 17:18 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 17:18 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 17:18 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 17:18 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:18 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 17:18 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 17:18 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 17:18 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 17:18 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 17:18 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 17:18 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 17:18 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 17:18 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 17:18 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 17:18 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 17:18 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 17:18 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 17:18 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 17:18 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 17:18 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 17:18 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:18 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 17:18 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 17:18 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:18 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:18 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 17:18 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:18 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 17:18 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 17:18 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 17:18 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 17:18 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 17:18 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 17:18 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 17:18 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:18 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 17:18 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 16:50 - 2013-10-07 16:50 - 00000004 _____ C:\Users\user\AppData\Roaming\settings.ini
2013-10-07 16:38 - 2013-10-07 16:38 - 99717279 _____ C:\Windows\SysWOW64\ጾ↞純ƒ
2013-10-06 14:32 - 2013-10-06 14:32 - 00236648 _____ (Big Fish Games) C:\Users\user\Downloads\chainz_s2_l2_gF43T1L2_d2172021950.exe
==================== One Month Modified Files and Folders =======
2013-11-02 14:53 - 2013-11-02 14:53 - 01957098 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-11-02 14:53 - 2013-11-02 14:53 - 00000000 ____D C:\FRST
2013-11-02 14:52 - 2013-11-02 14:52 - 00000470 _____ C:\Users\user\Downloads\defogger_disable.log
2013-11-02 14:52 - 2013-11-02 14:52 - 00000000 _____ C:\Users\user\defogger_reenable
2013-11-02 14:52 - 2012-05-11 12:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-02 14:44 - 2013-11-02 14:44 - 00050477 _____ C:\Users\user\Downloads\Defogger.exe
2013-11-02 14:27 - 2013-11-02 14:27 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-11-02 14:27 - 2013-11-02 14:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-02 14:23 - 2013-11-02 14:23 - 00000000 ____D C:\ProgramData\Oracle
2013-11-02 14:22 - 2013-11-02 14:22 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-02 14:22 - 2013-11-02 14:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-02 14:22 - 2013-11-02 14:22 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-02 14:22 - 2013-11-02 14:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-02 14:22 - 2013-11-02 14:22 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-02 14:14 - 2012-06-24 13:20 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-02 14:14 - 2012-06-24 13:20 - 00000000 ____D C:\ProgramData\Skype
2013-11-02 14:07 - 2013-11-02 12:09 - 104620600 _____ C:\Windows\SysWOW64\㓴ꔅ純‘
2013-11-02 14:01 - 2013-04-28 12:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-02 14:00 - 2013-11-01 20:12 - 00013202 _____ C:\Windows\WindowsUpdate.log
2013-11-02 12:29 - 2012-07-08 17:33 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D2A0C1F8-E18F-4953-9001-C1D114322594}
2013-11-02 12:15 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-02 12:15 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-02 12:13 - 2011-04-12 08:43 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-11-02 12:13 - 2011-04-12 08:43 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-11-02 12:13 - 2009-07-14 06:13 - 01498552 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-02 12:06 - 2013-04-28 12:49 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-02 12:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-01 18:57 - 2013-10-09 17:18 - 00000000 __SHD C:\Users\user\AppData\Roaming\jjdbvawh
2013-11-01 14:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-01 14:07 - 2013-04-28 12:48 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-01 14:03 - 2013-04-28 12:48 - 00000000 ____D C:\Users\user\AppData\Local\Google
2013-11-01 14:01 - 2013-11-01 14:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Yrqo
2013-11-01 14:01 - 2013-11-01 14:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Liaxs
2013-11-01 14:01 - 2013-11-01 14:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Ecafur
2013-10-27 15:06 - 2012-06-24 13:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-10-27 08:05 - 2013-04-28 12:49 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-27 07:55 - 2013-04-28 12:49 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-27 07:55 - 2013-04-28 12:49 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 14:53 - 2012-09-08 17:22 - 00000000 ____D C:\Users\user\Documents\My Digital Editions
2013-10-12 14:50 - 2013-10-12 14:48 - 72964145 _____ C:\Users\user\Downloads\Stadt der Diebe_01.wma.62t7yko.partial
2013-10-11 16:59 - 2013-10-11 16:58 - 00000000 ____D C:\Users\user\AppData\Local\{09B4A41E-E7FF-4832-BF0D-36179A909EB9}
2013-10-11 16:58 - 2012-07-03 17:57 - 00000000 ____D C:\Users\user\AppData\Local\Windows Live
2013-10-11 16:55 - 2013-10-11 16:55 - 00001111 _____ C:\Users\user\Desktop\SAMSUNG DIGITAL CAMERA - Verknüpfung (2).lnk
2013-10-11 16:53 - 2013-10-11 16:53 - 00001111 _____ C:\Users\user\Desktop\SAMSUNG DIGITAL CAMERA - Verknüpfung.lnk
2013-10-10 18:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 17:00 - 2009-07-14 05:45 - 00295032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 16:57 - 2013-03-14 17:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 16:57 - 2013-03-14 17:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 19:23 - 2013-08-14 01:37 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 19:21 - 2012-05-11 11:38 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-07 16:50 - 2013-10-07 16:50 - 00000004 _____ C:\Users\user\AppData\Roaming\settings.ini
2013-10-07 16:38 - 2013-10-07 16:38 - 99717279 _____ C:\Windows\SysWOW64\ጾ↞純ƒ
2013-10-06 14:33 - 2012-05-11 10:41 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2013-10-06 14:32 - 2013-10-06 14:32 - 00236648 _____ (Big Fish Games) C:\Users\user\Downloads\chainz_s2_l2_gF43T1L2_d2172021950.exe
2013-10-06 14:27 - 2013-04-28 12:48 - 00000000 ____D C:\Program Files (x86)\RealArcade
Files to move or delete:
====================
C:\Users\user\AppData\Roaming\settings.ini
ZeroAccess:
C:\Users\user\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\dsgsdgdsgdsgw.bat
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\dsgsdgdsgdsgw.reg
C:\Users\user\dxanik.exe
C:\Users\user\dxbzsvt.exe
C:\Users\user\AppData\Roaming\i.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-11-02 12:30
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- --- gmer.log Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-02 15:05:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-001CA0 rev.15.01H15 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\user\AppData\Local\Temp\kwtdapob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033fe000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582 fffff800033fe036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d00068 5 bytes JMP 0000000102652c3f
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d0091c 6 bytes [68, 5E, 16, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d1261d 6 bytes [68, 63, AB, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d1c4dd 6 bytes [68, 89, 17, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d22ad3 6 bytes [68, A9, AB, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d44168 6 bytes [68, EF, AB, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d4e695 6 bytes [68, 35, AC, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075cb4514 6 bytes [68, F2, 19, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075cb79b0 6 bytes [68, B1, 19, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075b6c532 6 bytes [68, 6F, 1A, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075ba2642 6 bytes [68, 58, 1A, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!GetDC 00000000770c72c4 6 bytes [68, 89, 2F, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000770c7446 6 bytes [68, 07, 30, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000770c7809 6 bytes [68, C6, 48, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000770c78e2 6 bytes [68, 11, 38, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000770c7bd3 6 bytes [68, 39, 38, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000770c8048 6 bytes [68, C8, 2F, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000770c8a65 6 bytes [68, 67, AE, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000770cb17d 6 bytes [68, 01, AF, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000770cdb98 6 bytes [68, 53, AF, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000770d05ba 6 bytes [68, 61, 38, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000770d0d32 6 bytes [68, 99, AD, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000770d1218 6 bytes [68, 44, 36, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!EndPaint 00000000770d1341 6 bytes [68, EE, 2E, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000770d1361 6 bytes [68, 7E, 2E, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000770d2a8d 6 bytes [68, 12, 36, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!GetCapture 00000000770d2aac 6 bytes [68, 72, 37, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000770d3391 6 bytes [68, 2E, 2F, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000770d434b 6 bytes [68, B4, AE, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000770d5f74 6 bytes [68, 8C, 38, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000770d6222 6 bytes [68, DA, 30, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000770d792f 6 bytes [68, E2, AD, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000770d7fbb 6 bytes [68, C4, AC, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000770d810c 6 bytes [68, 53, AD, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000770d85c1 6 bytes [68, 7B, AC, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000770d86b4 6 bytes [68, 0D, AD, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000770ed41f 6 bytes [68, 47, 30, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!ReleaseCapture 00000000770eed49 6 bytes [68, 22, 37, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!SetCapture 00000000770eed56 6 bytes [68, C8, 36, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000077109854 6 bytes [68, 45, AB, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000077109cfd 6 bytes [68, 8B, 36, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077109f1d 6 bytes [68, 75, 4A, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000771287cb 6 bytes [68, F5, AA, DB, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077873918 6 bytes [68, C5, C1, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000077874296 6 bytes [68, D6, BD, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077874406 6 bytes [68, 1E, C2, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WS2_32.dll!send 0000000077876f01 6 bytes [68, FD, C1, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000077887673 6 bytes [68, 66, BD, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000777d1884 6 bytes [68, 38, 50, DD, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076053c22 6 bytes [68, 1E, 6D, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076056a17 6 bytes [68, BE, 6E, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076057646 6 bytes [68, A4, 6A, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076057e28 6 bytes [68, 1C, 6A, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076068c8d 6 bytes [68, 92, 6E, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000760690cf 6 bytes [68, 8B, 6D, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007607a7a6 6 bytes [68, B9, 6D, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000760ab867 6 bytes [68, 4E, 6B, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000760abe5c 6 bytes [68, 88, 6C, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 00000000760bc204 6 bytes [68, 38, 6E, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076123381 6 bytes [68, D3, 6C, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 000000007612343a 6 bytes [68, EB, 6B, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 000000007612350a 6 bytes [68, F9, 6A, DC, 01, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2364] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000761237ad 6 bytes [68, 60, 6A, DC, 01, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d00068 3 bytes JMP 0000000100d02c3f
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread + 4 0000000077d0006c 1 byte [89]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d0091c 4 bytes [68, 5E, 16, 1A]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d00921 1 byte [C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d1261d 6 bytes [68, 63, AB, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d1c4dd 6 bytes [68, 89, 17, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d22ad3 6 bytes [68, A9, AB, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d44168 6 bytes [68, EF, AB, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d4e695 6 bytes [68, 35, AC, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075cb4514 6 bytes [68, F2, 19, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075cb79b0 6 bytes [68, B1, 19, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075b6c532 6 bytes [68, 6F, 1A, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075ba2642 6 bytes [68, 58, 1A, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetDC 00000000770c72c4 4 bytes [68, 89, 2F, 19]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000770c72c9 1 byte [C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000770c7446 6 bytes [68, 07, 30, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000770c7809 6 bytes [68, C6, 48, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000770c78e2 6 bytes [68, 11, 38, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000770c7bd3 6 bytes [68, 39, 38, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000770c8048 4 bytes [68, C8, 2F, 19]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000770c804d 1 byte [C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000770c8a65 6 bytes [68, 67, AE, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000770cb17d 6 bytes [68, 01, AF, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000770cdb98 6 bytes [68, 53, AF, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000770d05ba 6 bytes [68, 61, 38, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000770d0d32 6 bytes [68, 99, AD, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000770d1218 6 bytes [68, 44, 36, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!EndPaint 00000000770d1341 4 bytes [68, EE, 2E, 19]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!EndPaint + 5 00000000770d1346 1 byte [C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000770d1361 4 bytes [68, 7E, 2E, 19]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 00000000770d1366 1 byte [C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000770d2a8d 6 bytes [68, 12, 36, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetCapture 00000000770d2aac 6 bytes [68, 72, 37, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000770d3391 4 bytes [68, 2E, 2F, 19]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 00000000770d3396 1 byte [C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000770d434b 6 bytes [68, B4, AE, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000770d5f74 6 bytes [68, 8C, 38, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000770d6222 6 bytes [68, DA, 30, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000770d792f 6 bytes [68, E2, AD, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000770d7fbb 6 bytes [68, C4, AC, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000770d810c 6 bytes [68, 53, AD, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000770d85c1 6 bytes [68, 7B, AC, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000770d86b4 6 bytes [68, 0D, AD, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000770ed41f 6 bytes [68, 47, 30, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!ReleaseCapture 00000000770eed49 6 bytes [68, 22, 37, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!SetCapture 00000000770eed56 4 bytes [68, C8, 36, 1A]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!SetCapture + 5 00000000770eed5b 1 byte [C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000077109854 6 bytes [68, 45, AB, 18, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000077109cfd 6 bytes [68, 8B, 36, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077109f1d 6 bytes [68, 75, 4A, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000771287cb 4 bytes [68, F5, AA, 18]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000771287d0 1 byte [C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76]
.text ... * 2
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000777d1884 6 bytes [68, 38, 50, 1A, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076053c22 6 bytes [68, 1E, 6D, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076056a17 6 bytes [68, BE, 6E, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076057646 6 bytes [68, A4, 6A, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076057e28 6 bytes [68, 1C, 6A, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076068c8d 6 bytes [68, 92, 6E, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000760690cf 6 bytes [68, 8B, 6D, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007607a7a6 6 bytes [68, B9, 6D, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000760ab867 6 bytes [68, 4E, 6B, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000760abe5c 6 bytes [68, 88, 6C, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 00000000760bc204 6 bytes [68, 38, 6E, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076123381 6 bytes [68, D3, 6C, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 000000007612343a 6 bytes [68, EB, 6B, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 000000007612350a 6 bytes [68, F9, 6A, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000761237ad 6 bytes [68, 60, 6A, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077873918 6 bytes [68, C5, C1, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000077874296 6 bytes [68, D6, BD, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077874406 6 bytes [68, 1E, C2, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WS2_32.dll!send 0000000077876f01 6 bytes [68, FD, C1, 19, 00, C3]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2520] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000077887673 6 bytes [68, 66, BD, 19, 00, C3]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe[592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe[592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76]
.text ... * 2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d00068 5 bytes JMP 0000000100472c3f
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077d0091c 4 bytes [68, 5E, 16, 1B]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077d00921 1 byte [C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d1261d 6 bytes [68, 63, AB, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d1c4dd 6 bytes [68, 89, 17, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d22ad3 6 bytes [68, A9, AB, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d44168 6 bytes [68, EF, AB, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d4e695 6 bytes [68, 35, AC, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075cb4514 6 bytes [68, F2, 19, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075cb79b0 6 bytes [68, B1, 19, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetDC 00000000770c72c4 4 bytes [68, 89, 2F, 1A]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000770c72c9 1 byte [C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!ReleaseDC 00000000770c7446 6 bytes [68, 07, 30, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000770c7809 6 bytes [68, C6, 48, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000770c78e2 6 bytes [68, 11, 38, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000770c7bd3 6 bytes [68, 39, 38, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000770c8048 4 bytes [68, C8, 2F, 1A]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000770c804d 1 byte [C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!RegisterClassW 00000000770c8a65 6 bytes [68, 67, AE, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!RegisterClassExW 00000000770cb17d 6 bytes [68, 01, AF, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!RegisterClassExA 00000000770cdb98 6 bytes [68, 53, AF, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000770d05ba 6 bytes [68, 61, 38, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!CallWindowProcW 00000000770d0d32 6 bytes [68, 99, AD, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetCursorPos 00000000770d1218 6 bytes [68, 44, 36, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!EndPaint 00000000770d1341 4 bytes [68, EE, 2E, 1A]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!EndPaint + 5 00000000770d1346 1 byte [C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000770d1361 4 bytes [68, 7E, 2E, 1A]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 00000000770d1366 1 byte [C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetMessagePos 00000000770d2a8d 6 bytes [68, 12, 36, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetCapture 00000000770d2aac 6 bytes [68, 72, 37, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetDCEx 00000000770d3391 4 bytes [68, 2E, 2F, 1A]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 00000000770d3396 1 byte [C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!RegisterClassA 00000000770d434b 6 bytes [68, B4, AE, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000770d5f74 6 bytes [68, 8C, 38, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 00000000770d6222 6 bytes [68, DA, 30, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!CallWindowProcA 00000000770d792f 6 bytes [68, E2, AD, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!DefFrameProcA 00000000770d7fbb 6 bytes [68, C4, AC, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000770d810c 6 bytes [68, 53, AD, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000770d85c1 6 bytes [68, 7B, AC, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000770d86b4 6 bytes [68, 0D, AD, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000770ed41f 6 bytes [68, 47, 30, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!ReleaseCapture 00000000770eed49 6 bytes [68, 22, 37, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!SetCapture 00000000770eed56 4 bytes [68, C8, 36, 1B]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!SetCapture + 5 00000000770eed5b 1 byte [C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000077109854 6 bytes [68, 45, AB, 19, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000077109cfd 6 bytes [68, 8B, 36, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077109f1d 6 bytes [68, 75, 4A, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000771287cb 4 bytes [68, F5, AA, 19]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000771287d0 1 byte [C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075b6c532 6 bytes [68, 6F, 1A, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075ba2642 6 bytes [68, 58, 1A, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077873918 6 bytes [68, C5, C1, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000077874296 6 bytes [68, D6, BD, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077874406 6 bytes [68, 1E, C2, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WS2_32.dll!send 0000000077876f01 6 bytes [68, FD, C1, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000077887673 6 bytes [68, 66, BD, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000777d1884 6 bytes [68, 38, 50, 1B, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076053c22 6 bytes [68, 1E, 6D, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076056a17 6 bytes [68, BE, 6E, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000076057646 6 bytes [68, A4, 6A, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076057e28 6 bytes [68, 1C, 6A, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076068c8d 6 bytes [68, 92, 6E, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000760690cf 6 bytes [68, 8B, 6D, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 000000007607a7a6 6 bytes [68, B9, 6D, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000760ab867 6 bytes [68, 4E, 6B, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000760abe5c 6 bytes [68, 88, 6C, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 00000000760bc204 6 bytes [68, 38, 6E, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000076123381 6 bytes [68, D3, 6C, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 000000007612343a 6 bytes [68, EB, 6B, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 000000007612350a 6 bytes [68, F9, 6A, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3220] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000761237ad 6 bytes [68, 60, 6A, 1A, 00, C3]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[2688] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d00068 5 bytes JMP 0000000100292c3f
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d00068 5 bytes JMP 0000000100462c3f
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76]
.text ... * 2
.text C:\Users\user\Downloads\Defogger.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76]
.text C:\Users\user\Downloads\Defogger.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76]
.text ... * 2
.text C:\Windows\SysWOW64\svchost.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077cffc50 5 bytes JMP 000000007efa1fff
.text C:\Windows\SysWOW64\svchost.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077cffc80 5 bytes JMP 000000007efa20a4
.text C:\Windows\SysWOW64\svchost.exe[4188] C:\Windows\syswow64\ws2_32.dll!GetAddrInfoW 0000000077874889 5 bytes JMP 000000007efa1950
.text C:\Windows\SysWOW64\svchost.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76]
.text C:\Windows\SysWOW64\svchost.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\services.exe [596:2192] 00000000000a5824
Thread C:\Windows\system32\services.exe [596:2740] 00000000001b17e8
Thread C:\Windows\system32\services.exe [596:2744] 00000000001c1390
Thread C:\Windows\system32\services.exe [596:2748] 00000000001c1238
Thread C:\Windows\Explorer.EXE [1312:2388] 00000000047b5824
Thread C:\Windows\SysWOW64\msiexec.exe [4544:1424] 000000007efa325d
Thread C:\Windows\SysWOW64\msiexec.exe [4544:2556] 000000007efa3423
Thread C:\Windows\SysWOW64\svchost.exe [4188:2108] 000000007efa3538
Thread C:\Windows\SysWOW64\svchost.exe [4188:956] 000000007efa3831
Thread C:\Windows\SysWOW64\svchost.exe [4188:5068] 00000000000f1575
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\
Reg HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764 984
Reg HKLM\SYSTEM\ControlSet002\services\ (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\@Parameters\0\x202e\x2764 984
---- EOF - GMER 2.1 ---- MBAM-Log Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.11.02.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
user :: USER-PC [Administrator]
02.11.2013 15:45:39
MBAM-log-2013-11-02 (15-51-21).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 204493
Laufzeit: 3 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 7
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Rootkit.0Access) -> Keine Aktion durchgeführt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Rootkit.0Access) -> Daten: -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: c:\users\user\dxbzsvt.exe -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 4
C:\Users\user\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
Infizierte Dateien: 13
C:\Users\user\AppData\Local\Google\Desktop\Install\{b27f45b9-98c0-c729-b1f3-242682cdc687}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{b27f45b9-98c0-c729-b1f3-242682cdc687}\GoogleUpdate.exe (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-201240141-3100097054-3863406672-1000\$R0KY2A7.exe (PUP.Optional.SpeedUpMyPC.A) -> Keine Aktion durchgeführt.
C:\Users\user\dxanik.exe (Trojan.FakeVPC) -> Keine Aktion durchgeführt.
C:\Users\user\Downloads\speedupmypc.exe (PUP.Optional.SpeedUpMyPC.A) -> Keine Aktion durchgeführt.
C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.
C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.
C:\Users\user\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
(Ende) |