![]() |
|
Log-Analyse und Auswertung: Rechner vielleicht nicht in Ordnung?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Rechner vielleicht nicht in Ordnung? Hallo, mein eigentliches Anliegen war es, ein wenig meinen PC aufzuräumen. Jedoch wurde mir geraten, ihn mal von euch auswerten zu lassen. Ich kann euch leider kein Problem beschreiben, da ich keine Einschränkungen habe, aber um es dabei zu belassen freue ich mich natürlich über eure Hilfe und evtl. Tipps, wie ich meine PC schützen kann. Defogger hat nichts ergeben Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.02.2015 Suchlauf-Zeit: 14:21:26 Logdatei: mwb.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.08.04 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Kacy Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 334573 Verstrichene Zeit: 22 Min, 55 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 5 PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [689cb26adeac88ae95bfbce5ec17ac54], PUP.Optional.Softonic.A, HKU\S-1-5-21-2087708483-1601982058-3036505071-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [2cd8908c82080d295ba86e22ec176b95], PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2087708483-1601982058-3036505071-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [ac586ab23b4f53e3cefcacf0f013bd43], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2087708483-1601982058-3036505071-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [51b3a5770288d5617a913b9560a3c63a], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2087708483-1601982058-3036505071-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [5aaa3ae299f139fd40dec323a361f010], Registrierungswerte: 3 PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [f50f3ae2622888ae77bbf3141ae958a8], PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [f50f3ae2622888ae77bbf3141ae958a8] PUP.Optional.InstallCore.A, HKU\S-1-5-21-2087708483-1601982058-3036505071-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R0DtO0U1C1S1U1StR0J1Q2P1J1K1I2R, In Quarantäne, [5aaa3ae299f139fd40dec323a361f010] Registrierungsdaten: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[4cb8c755f09ad66058697d39699cd52b] Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 PUP.Optional.Vbates.A, C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage, In Quarantäne, [12f2918bf199b482c9266b3e897a619f], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015 Ran by Kacy at 2015-02-08 15:16:30 Running from C:\Users\Kacy\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version: - ) Canon iP2600 series Benutzerregistrierung (HKLM-x32\...\Canon iP2600 series Benutzerregistrierung) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) CD Art Display 3.0.1600 (HKLM-x32\...\CD Art Display_is1) (Version: - CD Art Display) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft) Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden Free Video Editor version 1.4.7.1022 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.7.1022 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) G'MIC for GIMP Version 1.6.0.0 (HKLM-x32\...\G'MIC for GIMP_is1) (Version: 1.6.0.0 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 4620 series Hilfe (HKLM-x32\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HTC Home Apis (HKLM-x32\...\HTC Home Apis) (Version: 3.0.620.0 - Stealth) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IcoFX 1.6.4 (HKLM-x32\...\IcoFX_is1) (Version: - ) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Nero 12 Essentials Toshiba (HKLM-x32\...\{2EF76291-8647-46F0-89D8-0AA8B72A5420}) (Version: 12.0.00600 - Nero AG) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - ) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software) Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.) Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) <==== ATTENTION! Secunia PSI (3.0.0.9015) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia) ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SketchUp 2015 (HKLM\...\{58ED0432-DEE1-4EEB-AC0D-BED28A4347D1}) (Version: 15.2.685 - Trimble Navigation Limited) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6406 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) Toshiba Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.972 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.2 - Toshiba Europe GmbH) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions) VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN) Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.0.2013 - BillP Studios) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2087708483-1601982058-3036505071-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Kacy\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) ==================== Restore Points ========================= 23-01-2015 17:15:11 Windows Update 30-01-2015 20:15:25 Windows Modules Installer 04-02-2015 19:47:56 SketchUp 2015 wurde installiert ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1789178C-C402-4BCE-8573-BE7330E4E20B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation) Task: {476553E5-CB3D-458F-94C3-7D518D8F79D5} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH) Task: {4B10744C-0021-4A3D-B4D6-8969A3BCDD5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.) Task: {605BE47B-61B7-4375-88C4-D9977CD2650C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {8595E680-4B7F-45DF-BEA4-405119C947BB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {A4979530-42C4-4725-868F-C0B4604050B3} - System32\Tasks\Microsoft\Windows\RestartManager\{F39DABFF-B62C-4651-A48C-0842909EF272} => C:\WINDOWS\system32\rmclient.exe [2013-08-22] (Microsoft Corporation) Task: {ED76843C-4787-42BA-8922-A581A20ABF40} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-18] (Microsoft Corporation) Task: {F2C6AE13-594B-4B9D-A183-E02810E3360D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============== 2011-10-13 23:38 - 2011-10-13 23:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe 2014-01-01 18:43 - 2007-04-13 17:49 - 00101528 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2013-12-11 22:21 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe 2013-11-04 18:22 - 2013-11-04 18:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-09-04 23:19 - 2012-09-04 23:19 - 02611112 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe 2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll 2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll 2013-08-22 08:19 - 2013-08-22 07:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd 2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2012-12-21 22:04 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-12-11 22:21 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2015-02-01 08:28 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll 2015-02-01 08:28 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll 2015-02-01 08:28 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm AlternateDataStreams: C:\ProgramData\TEMP:363E775E AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2 AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211 AlternateDataStreams: C:\ProgramData\TEMP:AD022376 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2087708483-1601982058-3036505071-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kacy\Downloads\arabo-friesian-horses-black.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2087708483-1601982058-3036505071-1001\...\StartupApproved\Run: => "Clock Widget (HTC Home)" ==================== Accounts: ============================= Administrator (S-1-5-21-2087708483-1601982058-3036505071-500 - Administrator - Enabled) Gast (S-1-5-21-2087708483-1601982058-3036505071-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2087708483-1601982058-3036505071-1003 - Limited - Enabled) Kacy (S-1-5-21-2087708483-1601982058-3036505071-1001 - Administrator - Enabled) => C:\Users\Kacy ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/05/2015 07:07:25 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT) Description: There was an error with the Windows Location Provider database Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (02/05/2015 01:55:10 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4 Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll4 Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: ESENTC:\WINDOWS\system32\esentprf.dll4 Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll4 Error: (02/05/2015 01:54:58 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 System errors: ============= Error: (02/08/2015 00:53:42 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "DOMELAPTOP", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{10B394C1-9EE9-422D-9935-9FC44E9DDFDD}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (02/07/2015 03:42:58 PM) (Source: DCOM) (EventID: 10010) (User: Baby) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/07/2015 03:42:28 PM) (Source: DCOM) (EventID: 10010) (User: Baby) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/07/2015 02:23:09 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "DOMELAPTOP", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{10B394C1-9EE9-422D-9935-9FC44E9DDFDD}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (02/05/2015 05:31:36 PM) (Source: DCOM) (EventID: 10010) (User: Baby) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/05/2015 04:14:45 PM) (Source: DCOM) (EventID: 10010) (User: Baby) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/05/2015 01:51:35 PM) (Source: DCOM) (EventID: 10010) (User: Baby) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/05/2015 01:51:05 PM) (Source: DCOM) (EventID: 10010) (User: Baby) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/05/2015 10:17:39 AM) (Source: DCOM) (EventID: 10010) (User: Baby) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/05/2015 10:17:05 AM) (Source: DCOM) (EventID: 10010) (User: Baby) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office Sessions: ========================= Error: (02/05/2015 07:07:25 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT) Description: -2147024883 Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (02/05/2015 01:55:10 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4 Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll4 Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: ESENTC:\WINDOWS\system32\esentprf.dll4 Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (02/05/2015 01:55:10 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll4 Error: (02/05/2015 01:54:58 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz Percentage of memory in use: 54% Total physical RAM: 3979.22 MB Available physical RAM: 1795.34 MB Total Pagefile: 8331.22 MB Available Pagefile: 5817.64 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (TI31018700A) (Fixed) (Total:454.48 GB) (Free:393.08 GB) NTFS Drive f: (NIKON D5200) (Removable) (Total:14.83 GB) (Free:11.66 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015 Ran by Kacy (administrator) on BABY on 08-02-2015 15:15:33 Running from C:\Users\Kacy\Downloads Loaded Profiles: Kacy (Available profiles: Kacy) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> csrss.exe Failed to access process -> services.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe Failed to access process -> MsMpEng.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe Failed to access process -> NisSrv.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] () HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-06] (CANON INC.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation) HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation) HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2087708483-1601982058-3036505071-1001\...\Run: [Clock Widget (HTC Home)] => C:\Program Files (x86)\HTC Home\Clock.exe [2035712 2011-06-21] () HKU\S-1-5-21-2087708483-1601982058-3036505071-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2087708483-1601982058-3036505071-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Kacy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-2087708483-1601982058-3036505071-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope value is missing. BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2087708483-1601982058-3036505071-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF HKU\S-1-5-21-2087708483-1601982058-3036505071-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> https://www.google.com/ CHR StartupUrls: Default -> "https://www.google.de/webhp?complete=0" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll () CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Profile: C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22] CHR Extension: (YouTube) - C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-11] CHR Extension: (Google-Suche) - C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-11] CHR Extension: (8 Ball Pool Multiplayer) - C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddfplgpeamcbpecnihfpikllkfojgkai [2013-12-15] CHR Extension: (Stylish) - C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2013-12-15] CHR Extension: (AdBlock) - C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-11] CHR Extension: (Blossom) - C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idjmedbobeakbopimfiicbonioiahhnd [2013-12-15] CHR Extension: (Ghostery) - C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-12-15] CHR Extension: (Google Wallet) - C:\Users\Kacy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia) R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 15:15 - 2015-02-08 15:16 - 00016623 _____ () C:\Users\Kacy\Downloads\FRST.txt 2015-02-08 15:15 - 2015-02-08 15:15 - 00000000 ____D () C:\FRST 2015-02-08 15:14 - 2015-02-08 15:14 - 02132992 _____ (Farbar) C:\Users\Kacy\Downloads\FRST64.exe 2015-02-08 15:12 - 2015-02-08 15:12 - 00050477 _____ () C:\Users\Kacy\Downloads\Defogger (1).exe 2015-02-08 15:12 - 2015-02-08 15:12 - 00000470 _____ () C:\Users\Kacy\Downloads\defogger_disable.log 2015-02-08 15:12 - 2015-02-08 15:12 - 00000000 _____ () C:\Users\Kacy\defogger_reenable 2015-02-08 15:11 - 2015-02-08 15:11 - 00050477 _____ () C:\Users\Kacy\Downloads\Defogger.exe 2015-02-08 14:48 - 2015-02-08 15:10 - 00000000 ____D () C:\AdwCleaner 2015-02-08 14:46 - 2015-02-08 14:46 - 00003038 _____ () C:\Users\Kacy\Desktop\mwb.txt 2015-02-08 14:20 - 2015-02-08 14:21 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-08 14:16 - 2015-02-08 14:16 - 02112512 _____ () C:\Users\Kacy\Downloads\AdwCleaner_4.110.exe 2015-02-08 12:25 - 2015-02-08 12:25 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-08 12:25 - 2015-02-08 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-08 12:24 - 2015-02-08 12:24 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-08 12:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-08 12:24 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-07 13:47 - 2015-02-07 13:47 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-02-07 13:47 - 2015-02-07 13:47 - 00000000 _____ () C:\WINDOWS\setupact.log 2015-02-05 18:38 - 2015-02-05 18:38 - 01191200 _____ () C:\Users\Kacy\Downloads\Cool Ruler - CHIP-Installer.exe 2015-02-05 17:41 - 2015-02-05 17:41 - 01942097 _____ () C:\Users\Kacy\Downloads\Referenz #GV1000013845 Ihre Informationen zur Deutschen Zahnversicherung.zip 2015-02-05 14:29 - 2015-02-05 17:42 - 00000000 ____D () C:\Users\Kacy\Documents\Versicherung o.ä 2015-02-05 14:09 - 2015-02-08 14:20 - 00000000 ____D () C:\Users\Kacy\Unsortiert 2015-02-05 13:42 - 2015-02-05 13:42 - 00002770 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-02-05 13:42 - 2015-02-05 13:42 - 00000000 ____D () C:\Program Files\CCleaner 2015-02-04 19:55 - 2015-02-04 19:55 - 00000000 __SHD () C:\Users\Kacy\AppData\Local\EmieBrowserModeList 2015-02-04 19:53 - 2015-02-04 19:53 - 00000000 ____D () C:\Users\Kacy\AppData\Roaming\SketchUp 2015-02-04 19:52 - 2015-02-04 19:52 - 00000000 ____D () C:\ProgramData\Reprise 2015-02-04 19:52 - 2015-02-04 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015 2015-02-04 19:51 - 2015-02-04 19:51 - 00000000 ____D () C:\ProgramData\SketchUp 2015-02-04 19:51 - 2015-02-04 19:51 - 00000000 ____D () C:\Program Files\SketchUp 2015-01-30 20:19 - 2015-01-30 20:19 - 00003985 _____ () C:\Users\Kacy\AppData\Local\recently-used.xbel 2015-01-14 19:53 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 19:53 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 19:53 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 19:53 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 19:53 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 19:53 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 19:53 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 19:53 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 19:53 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 19:53 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 19:53 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 19:53 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 19:53 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 19:53 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 19:53 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 19:53 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 19:53 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-14 19:52 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 19:52 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 19:52 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 19:52 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 19:52 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 19:52 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 19:52 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 19:52 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 19:52 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 19:52 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 19:52 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 19:52 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 19:52 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 19:52 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-13 19:12 - 2015-01-13 19:12 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 15:12 - 2014-10-26 21:22 - 00000000 ____D () C:\Users\Kacy 2015-02-08 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-08 14:59 - 2014-10-26 21:42 - 01883934 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-08 14:27 - 2013-12-11 21:38 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-08 13:01 - 2013-12-11 20:50 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2087708483-1601982058-3036505071-1001 2015-02-08 12:25 - 2013-12-14 19:12 - 00000000 ____D () C:\Users\Kacy\AppData\Roaming\Malwarebytes 2015-02-08 12:24 - 2013-12-14 19:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-08 12:24 - 2013-12-14 19:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-02-08 12:15 - 2014-11-10 12:27 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F992565A-6AFD-49BB-B2B1-559453F28A74} 2015-02-07 15:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-07 15:42 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-05 19:07 - 2013-12-12 02:43 - 00000000 ____D () C:\Users\Kacy\.gimp-2.8 2015-02-05 16:44 - 2013-12-13 22:21 - 00000000 ___RD () C:\Users\Kacy\Documents\Rewe 2015-02-05 14:20 - 2014-01-06 19:55 - 00000000 ____D () C:\Users\Kacy\Documents\Rechnungen 2015-02-05 14:00 - 2013-12-16 01:09 - 00000000 ____D () C:\Users\Kacy\AppData\Roaming\XnView 2015-02-05 13:58 - 2014-08-28 20:27 - 00000000 ____D () C:\Users\Kacy\AppData\Roaming\inkscape 2015-02-05 13:56 - 2014-10-26 21:09 - 00000000 ___DC () C:\WINDOWS\Panther 2015-02-05 11:27 - 2013-12-11 21:38 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-30 20:19 - 2013-12-19 21:49 - 00000000 ____D () C:\Users\Kacy\AppData\Local\gtk-2.0 2015-01-18 15:03 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-18 15:03 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-18 15:03 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-18 14:55 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-18 14:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-18 14:53 - 2013-12-15 20:00 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-18 14:48 - 2013-12-15 20:00 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-14 20:47 - 2013-12-29 02:04 - 00000000 ____D () C:\Users\Kacy\AppData\Roaming\vlc 2015-01-13 19:13 - 2014-11-13 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-01-13 19:13 - 2014-11-13 17:43 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-01-13 19:12 - 2014-04-02 11:09 - 00000000 ____D () C:\Users\Kacy\AppData\Roaming\DVDVideoSoft 2015-01-13 14:36 - 2014-10-01 15:46 - 00000000 ____D () C:\Users\Kacy\Documents\Deutsche Bank ==================== Files in the root of some directories ======= 2015-01-30 20:19 - 2015-01-30 20:19 - 0003985 _____ () C:\Users\Kacy\AppData\Local\recently-used.xbel 2014-09-11 22:56 - 2014-09-11 22:56 - 0007604 _____ () C:\Users\Kacy\AppData\Local\Resmon.ResmonCfg 2014-09-01 20:28 - 2014-09-01 20:28 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-12-18 17:22 - 2013-12-18 17:22 - 0000252 _____ () C:\ProgramData\FastPics.log 2014-09-01 21:09 - 2014-09-01 21:09 - 0000256 _____ () C:\ProgramData\lxea.log 2013-12-21 00:12 - 2013-12-28 20:44 - 0000370 _____ () C:\ProgramData\lxeaDiagnostics.log 2013-12-18 17:51 - 2014-05-28 16:24 - 0043086 _____ () C:\ProgramData\lxeaJSW.log 2013-12-18 16:53 - 2014-09-01 21:09 - 0026222 _____ () C:\ProgramData\lxeascan.log 2013-12-18 17:13 - 2013-12-18 17:13 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-02 19:20 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-02-08 15:29:48 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f TOSHIBA_MQ01ABD050 rev.AX003M 465.76GB Running: Gmer-19357 (1).exe; Driver: C:\Users\Kacy\AppData\Local\Temp\uxddqpob.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [600:632] fffff96000973b90 ---- EOF - GMER 2.1 ---- |