| |
| |||||||
Log-Analyse und Auswertung: Windows XP: Rechner extrem langsam nach VirenscanWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.07.2015, 12:00
| #1 |
 |  Windows XP: Rechner extrem langsam nach Virenscan Hallo, seit ein paar Tagen ist mein Laptop sehr langsam und braucht sehr lange zum hochfahren. Ich hab schon Virenscan und Malwarebytes durchgeführt, jedoch ist er immer noch langsam und hängt sich auf. Könnt ihr mir bitte helfen? FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Tahir Kaptan (administrator) on TAHIRKAPTAN-HP on 11-07-2015 12:25:06
Running from C:\Users\Tahir Kaptan\Downloads
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_191.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_191.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-03-07] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-16] (IVT Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-05-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [Facebook Update] => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-10] (Facebook Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_191_Plugin.exe [927920 2015-07-11] (Adobe Systems Incorporated)
Lsa: [Notification Packages] DPPassFilter scecli
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3795078193-2229101918-834789043-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-22] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{21551550-B0A9-41BF-A30D-B5C3B0A963AC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C90B9278-EF9A-4E49-BEE2-C6A98355A624}: [DhcpNameServer] 172.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3795078193-2229101918-834789043-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Avira Browser Safety - C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default\Extensions\abs@avira.com [2015-05-28]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-03-12]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation) [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-22] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-05-27] (Avira Operations GmbH & Co. KG)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23104 2011-08-13] (Ralink Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [51776 2012-04-03] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48320 2012-03-05] (Ralink Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-06-22] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-22] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [685152 2012-06-14] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-11 12:25 - 2015-07-11 12:25 - 00020946 _____ C:\Users\Tahir Kaptan\Downloads\FRST.txt
2015-07-11 12:24 - 2015-07-11 12:25 - 00000000 ____D C:\FRST
2015-07-11 12:23 - 2015-07-11 12:23 - 02130944 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST64.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 01634816 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST.exe
2015-07-11 12:19 - 2015-07-11 12:19 - 00000486 _____ C:\Users\Tahir Kaptan\Downloads\defogger_disable.log
2015-07-11 12:19 - 2015-07-11 12:19 - 00000000 _____ C:\Users\Tahir Kaptan\defogger_reenable
2015-07-11 12:18 - 2015-07-11 12:18 - 00050477 _____ C:\Users\Tahir Kaptan\Downloads\Defogger.exe
2015-07-11 12:11 - 2015-07-11 12:11 - 18174128 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-11 11:53 - 2015-07-11 11:53 - 00262144 _____ C:\windows\Minidump\071115-23415-01.dmp
2015-07-02 19:49 - 2015-07-02 19:49 - 00279960 _____ C:\windows\Minidump\070215-31122-01.dmp
2015-07-02 19:40 - 2015-07-11 11:53 - 00000000 ____D C:\windows\Minidump
2015-07-02 19:40 - 2015-07-02 19:40 - 00279960 _____ C:\windows\Minidump\070215-31527-01.dmp
2015-07-02 19:39 - 2015-07-11 11:53 - 527928465 _____ C:\windows\MEMORY.DMP
2015-06-23 20:21 - 2015-06-23 20:21 - 00001129 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-06-23 20:21 - 2015-06-23 20:21 - 00001129 _____ C:\ProgramData\Desktop\Avira System Speedup.lnk
2015-06-23 20:21 - 2015-06-23 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-06-23 20:20 - 2015-06-23 20:20 - 00003320 _____ C:\windows\System32\Tasks\AviraSpeedup
2015-06-23 20:19 - 2015-06-23 20:20 - 00000000 ____D C:\Users\Public\Speedup Sessions
2015-06-23 20:19 - 2015-06-23 20:19 - 00003432 _____ C:\windows\System32\Tasks\Avira Browser Safety Updater Task
2015-06-23 20:18 - 2015-06-23 20:18 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Avira
2015-06-23 20:17 - 2015-05-27 13:11 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-06-23 20:17 - 2015-05-27 13:11 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-06-23 20:17 - 2015-05-27 13:11 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-06-23 20:17 - 2015-05-27 13:11 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-06-23 20:11 - 2015-06-23 20:11 - 00001192 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-23 20:11 - 2015-06-23 20:11 - 00001192 _____ C:\ProgramData\Desktop\Avira.lnk
2015-06-23 20:10 - 2015-07-11 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-23 20:10 - 2015-06-23 20:20 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-23 20:09 - 2015-06-23 20:09 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tahir Kaptan\Downloads\avira_de_av_5723627653__ws(2).exe
2015-06-21 07:24 - 2015-06-21 07:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\GWX
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-11 12:23 - 2013-03-12 05:29 - 01857323 _____ C:\windows\WindowsUpdate.log
2015-07-11 12:21 - 2013-07-28 15:24 - 00003982 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D11E2A35-796A-4A81-A283-C39673DEED3D}
2015-07-11 12:19 - 2013-07-28 13:15 - 00000000 ____D C:\Users\Tahir Kaptan
2015-07-11 12:17 - 2013-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-11 12:12 - 2014-12-18 13:00 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-11 12:12 - 2014-12-18 13:00 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 12:12 - 2014-12-18 13:00 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-11 12:12 - 2014-12-18 13:00 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-11 12:02 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 12:02 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 11:56 - 2012-04-16 07:20 - 00000000 ____D C:\ProgramData\PDFC
2015-07-11 11:54 - 2012-08-16 02:46 - 00000804 _____ C:\windows\SysWOW64\bscs.ini
2015-07-11 11:54 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-11 11:54 - 2009-07-14 06:51 - 00085612 _____ C:\windows\setupact.log
2015-07-02 22:47 - 2014-04-10 22:42 - 00000956 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job
2015-07-02 22:47 - 2014-04-10 22:42 - 00000934 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job
2015-07-02 19:44 - 2013-07-28 15:25 - 00109696 _____ C:\Users\Tahir Kaptan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 19:34 - 2009-07-14 06:45 - 00409192 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-02 19:33 - 2010-11-21 05:47 - 00903512 _____ C:\windows\PFRO.log
2015-06-23 20:48 - 2013-07-29 22:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\Microsoft Help
2015-06-23 20:42 - 2009-07-14 04:34 - 00000478 _____ C:\windows\win.ini
2015-06-23 20:41 - 2012-04-16 07:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-23 20:40 - 2013-09-22 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-23 20:17 - 2013-08-25 17:00 - 00000000 ____D C:\ProgramData\Avira
2015-06-23 19:49 - 2012-04-16 05:53 - 01512802 _____ C:\windows\system32\perfh007.dat
2015-06-23 19:49 - 2012-04-16 05:53 - 00409628 _____ C:\windows\system32\perfc007.dat
2015-06-23 19:49 - 2009-07-14 07:13 - 00006476 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-23 19:34 - 2015-02-02 20:29 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Graphisoft
2015-06-23 19:34 - 2015-02-02 20:20 - 00000000 _____ C:\windows\vpd.properties
2015-06-23 19:30 - 2015-02-02 20:09 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Install.GS
2015-06-22 23:34 - 2015-01-18 20:43 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 23:09 - 2015-04-05 00:17 - 00000000 ___SD C:\windows\system32\GWX
2015-06-22 23:09 - 2013-07-28 15:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\bluesoleil
2015-06-22 23:09 - 2012-04-16 05:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-22 23:09 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2015-06-22 22:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-21 10:08 - 2014-11-18 21:46 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieBrowserModeList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieUserList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieSiteList
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\Documents\Seas0nPass
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Seas0nPass
2015-06-21 07:24 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-21 07:24 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-21 07:19 - 2014-12-16 18:12 - 00000000 ____D C:\windows\system32\appraiser
2015-06-21 07:19 - 2014-05-10 21:04 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-21 07:18 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
Some files in TEMP:
====================
C:\Users\Tahir Kaptan\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-29 18:14
==================== End of log ============================
FRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Tahir Kaptan at 2015-07-11 12:26:16
Running from C:\Users\Tahir Kaptan\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3795078193-2229101918-834789043-500 - Administrator - Disabled)
Gast (S-1-5-21-3795078193-2229101918-834789043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3795078193-2229101918-834789043-1003 - Limited - Enabled)
Tahir Kaptan (S-1-5-21-3795078193-2229101918-834789043-1002 - Administrator - Enabled) => C:\Users\Tahir Kaptan
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6.10.1246 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.01.4525 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.01.4525 - Hewlett-Packard Company) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{22706ADC-74A1-43A0-ABAE-47F84966B909}) (Version: 4.2.50.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 38.0.5 (x86 de) (HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
21-06-2015 07:33:29 Windows Update
21-06-2015 09:11:43 Removed Avira Browser Safety
22-06-2015 23:05:46 Wiederherstellungsvorgang
22-06-2015 23:28:54 Removed Avira Browser Safety
22-06-2015 23:35:19 Windows Update
23-06-2015 20:20:36 Avira System Speedup 1.6.10
23-06-2015 20:35:07 Installed Microsoft Office Professional 2010
23-06-2015 20:41:55 Configured Microsoft Office Professional 2010
02-07-2015 19:54:27 Windows Update
11-07-2015 11:59:31 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0254C8A5-BF21-435B-8DD4-63E318A4E3AE} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-06-17] (Avira Operations GmbH & Co. KG)
Task: {68C0EAF4-5FBB-4C1A-B04A-1FB517F4D922} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {98F46F3C-C20F-4F0A-89DE-3C56D20E76BC} - System32\Tasks\{743DBFE6-3A95-4A20-9753-E23B9541B8B6} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {9F07C3AE-96FC-4CCC-B68C-654DF3BACFA5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {9F6E086D-4C2D-4C55-BBEB-DF446C651068} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {C90ED8AE-4303-46D3-B619-3A37285DC6C8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-11] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2012-01-18 01:57 - 2012-01-18 01:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-03-22 01:14 - 2012-03-22 01:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-14 23:11 - 2012-08-14 23:11 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2012-03-22 00:36 - 2012-03-22 00:36 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-08-14 23:13 - 2012-08-14 23:13 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2012-03-27 05:33 - 2012-03-27 05:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-03-12 05:36 - 2012-03-28 19:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-22 01:00 - 2012-03-22 01:00 - 02846720 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-03-22 00:59 - 2012-03-22 00:59 - 03002368 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-03-22 01:04 - 2012-03-22 01:04 - 02850816 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-03-22 01:02 - 2012-03-22 01:02 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-03-22 00:38 - 2012-03-22 00:38 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-03-22 00:39 - 2012-03-22 00:39 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-08-14 23:16 - 2012-08-14 23:16 - 00072192 _____ () C:\windows\system32\BsProfilefunc.dll
2012-08-16 02:20 - 2012-08-16 02:20 - 00356352 _____ () C:\windows\system32\BsExtendFunc.dll
2011-04-08 18:57 - 2011-04-08 18:57 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-11-02 12:12 - 2014-11-02 12:12 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-12 05:35 - 2012-03-28 19:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-07-11 12:12 - 2015-07-11 12:12 - 16867504 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tahir Kaptan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B73572EA-181A-473E-9E73-82E1B4796BF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82C9ABA3-FCE5-4F65-AED7-8CC73134B0B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{055DEAA4-B1F0-4265-80AE-AF3BC6A98ED4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{677DC65D-22C8-4DD2-86FC-55A2D47BC355}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{954AF93E-519A-45D8-BDE3-FC3483D549FD}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{FED79AF1-187C-436F-B4E8-C9A65313DB46}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{F77828F1-B247-42E1-B1C1-200531265D64}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{27EFB973-567B-4886-9388-8ECA6E344847}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{80F19C5A-4766-4C87-B8A2-004AA77E47DE}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{32C72F66-8D18-4532-9BFF-204E4D18985C}] => (Allow) C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{BD1226FB-94E1-4395-B944-377D11D48EE7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{719282AC-E256-488C-9B03-38CE03211D5E}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [UDP Query User{0C239487-B0CB-4823-8325-AFBAC4826FAC}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [TCP Query User{B9957EFC-5602-4F24-99E9-02556D3AC843}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{1C507A6A-DC89-4969-A11C-0974C1B29BFD}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [TCP Query User{34F6ACFE-FBD6-4398-8F95-DDCC71FC803A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6A3E7B64-228D-46CD-8B27-ED1028EC390E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{EA7D6BD4-EC7F-4419-AB69-1583DB9E6B76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C438A324-7BD4-45C2-958E-F99B33316CCC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
==================== Faulty Device Manager Devices =============
Name: Ralink Bluetooth 4.0 Adapter
Description: Ralink Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/11/2015 11:56:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2015 08:36:21 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (07/02/2015 08:36:20 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{468a0e39-8ac4-11e2-abf7-806e6f6e6963} - 000000000000013C,0x0053c010,00000000001932E0,0,00000000001942F0,4096,[0]).
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (07/02/2015 07:52:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2015 07:43:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2015 07:36:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/23/2015 08:51:42 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=c4109e90-6c4a-44f6-b380-ef6137122f16
Error: (06/23/2015 08:51:42 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003
Error: (06/23/2015 08:48:00 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=c4109e90-6c4a-44f6-b380-ef6137122f16
Error: (06/23/2015 08:48:00 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003
System errors:
=============
Error: (07/11/2015 12:22:37 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (07/11/2015 12:15:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.201.739.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.8.0204.00
Quellpfad: 4.8.0204.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (07/11/2015 12:15:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.201.739.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.8.0204.00
Quellpfad: 4.8.0204.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (07/11/2015 12:15:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.201.739.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.8.0204.00
Quellpfad: 4.8.0204.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (07/11/2015 12:15:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Update für Office-Dateiüberprüfung 2010, 32-Bit-Edition (KB2553065)
Error: (07/11/2015 12:15:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Update für Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit-Edition
Error: (07/11/2015 12:04:25 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (07/11/2015 11:58:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/11/2015 11:54:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet:
%%3
Error: (07/11/2015 11:53:57 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x0000000000000006, 0xfffffa80093a1b50, 0xfffffa8009253340, 0xfffff800031c3df0)C:\windows\MEMORY.DMP071115-23415-01
Microsoft Office:
=========================
Error: (07/11/2015 11:56:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2015 08:36:21 PM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (07/02/2015 08:36:20 PM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{468a0e39-8ac4-11e2-abf7-806e6f6e6963} - 000000000000013C,0x0053c010,00000000001932E0,0,00000000001942F0,4096,[0])
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (07/02/2015 07:52:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2015 07:43:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2015 07:36:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/23/2015 08:51:42 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: )
Description: hr=0xC004C003c4109e90-6c4a-44f6-b380-ef6137122f16
Error: (06/23/2015 08:51:42 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00300010001(0x00000000, 20:51:42:238 - hxxp://go.microsoft.com/fwlink/?LinkID=120751)
00020001(0x00000000, 20:51:42:238)
00030001(0x00000000, 20:51:42:238 - hxxp://go.microsoft.com)
00030002(0x00000000, 20:51:42:238 - 1)
00020005(0x00000000, 20:51:42:238 - 0)
0002000C(0x00000000, 20:51:42:362 - 302)
0002000E(0x00000000, 20:51:42:362 - https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx?configextension=o14)
00020001(0x00000000, 20:51:42:362)
00030001(0x00000000, 20:51:42:362 - https://activation.sls.microsoft.com)
00030002(0x00000000, 20:51:42:362 - 1)
00020005(0x00000000, 20:51:42:362 - 0)
0002000C(0x00000000, 20:51:42:565 - 500)
00010002(0x8004FC01, 20:51:42:565 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked. ---> Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 20:51:42:565)
Error: (06/23/2015 08:48:00 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: )
Description: hr=0xC004C003c4109e90-6c4a-44f6-b380-ef6137122f16
Error: (06/23/2015 08:48:00 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00300010001(0x00000000, 20:47:59:863 - hxxp://go.microsoft.com/fwlink/?LinkID=120751)
00020001(0x00000000, 20:47:59:863)
00030001(0x00000000, 20:47:59:863 - hxxp://go.microsoft.com)
00030002(0x00000000, 20:47:59:863 - 1)
00020005(0x00000000, 20:47:59:863 - 0)
0002000C(0x00000000, 20:48:00:081 - 302)
0002000E(0x00000000, 20:48:00:081 - https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx?configextension=o14)
00020001(0x00000000, 20:48:00:081)
00030001(0x00000000, 20:48:00:081 - https://activation.sls.microsoft.com)
00030002(0x00000000, 20:48:00:081 - 1)
00020005(0x00000000, 20:48:00:081 - 0)
0002000C(0x00000000, 20:48:00:721 - 500)
00010002(0x8004FC01, 20:48:00:737 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked. ---> Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 20:48:00:737)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 63%
Total physical RAM: 3977.51 MB
Available physical RAM: 1459.6 MB
Total Virtual: 7953.23 MB
Available Virtual: 4608.47 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:441.94 GB) (Free:326.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.53 GB) (Free:3.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End of log ============================
--- --- --- GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-11 12:44:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HGST_HTS rev.GG2O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\TAHIRK~1\AppData\Local\Temp\kxliykoc.sys
---- Threads - GMER 2.1 ----
Thread C:\windows\SysWOW64\ntdll.dll [3672:6440] 0000000001341877
Thread C:\windows\SysWOW64\ntdll.dll [3672:1500] 00000000672ff8b0
Thread C:\windows\SysWOW64\ntdll.dll [3672:6316] 00000000672fe8a0
Thread C:\windows\SysWOW64\ntdll.dll [3672:2188] 00000000672ff2e0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2ac3e4e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2ac3e4e@c4731e62ad5d 0x38 0xC7 0x34 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2ac3e4e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2ac3e4e@c4731e62ad5d 0x38 0xC7 0x34 0x80 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 2. Juli 2015 20:09
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : TAHIRKAPTAN-HP
Versionsinformationen:
BUILD.DAT : 15.0.11.574 109728 Bytes 27.05.2015 13:12:00
AVSCAN.EXE : 15.0.11.574 1040688 Bytes 27.05.2015 11:11:28
AVSCANRC.DLL : 15.0.11.478 63792 Bytes 27.05.2015 11:11:29
LUKE.DLL : 15.0.11.550 59696 Bytes 27.05.2015 11:11:48
AVSCPLR.DLL : 15.0.11.550 95024 Bytes 27.05.2015 11:11:29
REPAIR.DLL : 15.0.11.572 463608 Bytes 27.05.2015 11:11:27
REPAIR.RDF : 1.0.8.58 941676 Bytes 02.07.2015 18:01:40
AVREG.DLL : 15.0.11.550 276784 Bytes 27.05.2015 11:11:27
AVLODE.DLL : 15.0.11.572 611632 Bytes 27.05.2015 11:11:26
AVLODE.RDF : 14.0.4.70 79227 Bytes 27.05.2015 11:11:26
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:11:53
XBV00092.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:27
XBV00093.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:27
XBV00094.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:27
XBV00095.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:27
XBV00096.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:27
XBV00097.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:28
XBV00098.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:28
XBV00099.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:28
XBV00100.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:28
XBV00101.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:28
XBV00102.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:28
XBV00103.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:28
XBV00104.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:28
XBV00105.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:28
XBV00106.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:28
XBV00107.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:28
XBV00108.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00109.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00110.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00111.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00112.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00113.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00114.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00115.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00116.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00117.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00118.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00119.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00120.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00121.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00122.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00123.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:29
XBV00124.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00125.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00126.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00127.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00128.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00129.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00130.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00131.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00132.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00133.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00134.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00135.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00136.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00137.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00138.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:30
XBV00139.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:31
XBV00140.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:31
XBV00141.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:31
XBV00142.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:31
XBV00143.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:31
XBV00144.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:31
XBV00145.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:31
XBV00146.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:31
XBV00147.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:31
XBV00148.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:32
XBV00149.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:32
XBV00150.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:32
XBV00151.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:32
XBV00152.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:32
XBV00153.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:32
XBV00154.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:32
XBV00155.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:32
XBV00156.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:33
XBV00157.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:33
XBV00158.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:33
XBV00159.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:33
XBV00160.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:33
XBV00161.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:33
XBV00162.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:33
XBV00163.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:33
XBV00164.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:33
XBV00165.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:34
XBV00166.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:34
XBV00167.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:34
XBV00168.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:34
XBV00169.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:34
XBV00170.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:34
XBV00171.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:34
XBV00172.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:34
XBV00173.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:34
XBV00174.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:34
XBV00175.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:35
XBV00176.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:35
XBV00177.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:35
XBV00178.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:35
XBV00179.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:35
XBV00180.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:35
XBV00181.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:35
XBV00182.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:35
XBV00183.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:35
XBV00184.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:35
XBV00185.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:35
XBV00186.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:36
XBV00187.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:36
XBV00188.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:36
XBV00189.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:36
XBV00190.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:36
XBV00191.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:36
XBV00192.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:36
XBV00193.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:36
XBV00194.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:36
XBV00195.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:36
XBV00196.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:36
XBV00197.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:37
XBV00198.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:37
XBV00199.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:37
XBV00200.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:37
XBV00201.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:38
XBV00202.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:38
XBV00203.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:38
XBV00204.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:38
XBV00205.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:38
XBV00206.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:38
XBV00207.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:38
XBV00208.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:39
XBV00209.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:39
XBV00210.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:39
XBV00211.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:39
XBV00212.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:39
XBV00213.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:39
XBV00214.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:39
XBV00215.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:39
XBV00216.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:40
XBV00217.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:40
XBV00218.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:40
XBV00219.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:40
XBV00220.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:40
XBV00221.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:40
XBV00222.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:40
XBV00223.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:40
XBV00224.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:41
XBV00225.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:41
XBV00226.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:41
XBV00227.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:41
XBV00228.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:42
XBV00229.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:42
XBV00230.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:42
XBV00231.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:42
XBV00232.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:42
XBV00233.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:42
XBV00234.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:42
XBV00235.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:42
XBV00236.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:42
XBV00237.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:42
XBV00238.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:42
XBV00239.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:43
XBV00240.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:43
XBV00241.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:43
XBV00242.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:43
XBV00243.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:43
XBV00244.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:43
XBV00245.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:44
XBV00246.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:44
XBV00247.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:44
XBV00248.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:44
XBV00249.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:44
XBV00250.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:45
XBV00251.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:45
XBV00252.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:45
XBV00253.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:45
XBV00254.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:46
XBV00255.VDF : 8.11.243.12 2048 Bytes 26.06.2015 18:00:46
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 11:11:53
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 11:11:53
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 11:11:53
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 11:11:53
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 11:11:53
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 11:11:53
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 11:11:53
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 11:11:53
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 11:11:53
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 11:11:53
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 11:11:53
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 11:11:53
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 11:11:53
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 11:11:53
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 11:11:53
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 11:11:53
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 11:11:53
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 11:11:53
XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 11:11:53
XBV00019.VDF : 8.11.230.186 1674752 Bytes 13.05.2015 11:11:53
XBV00020.VDF : 8.11.237.30 4711936 Bytes 02.06.2015 18:19:34
XBV00021.VDF : 8.11.243.12 2747904 Bytes 26.06.2015 18:00:20
XBV00042.VDF : 8.11.243.20 3584 Bytes 26.06.2015 18:00:20
XBV00043.VDF : 8.11.243.28 2048 Bytes 26.06.2015 18:00:20
XBV00044.VDF : 8.11.243.36 2048 Bytes 26.06.2015 18:00:20
XBV00045.VDF : 8.11.243.46 38912 Bytes 26.06.2015 18:00:21
XBV00046.VDF : 8.11.243.48 3584 Bytes 26.06.2015 18:00:21
XBV00047.VDF : 8.11.243.52 27136 Bytes 27.06.2015 18:00:21
XBV00048.VDF : 8.11.243.54 36864 Bytes 27.06.2015 18:00:21
XBV00049.VDF : 8.11.243.56 8704 Bytes 27.06.2015 18:00:21
XBV00050.VDF : 8.11.243.60 83968 Bytes 28.06.2015 18:00:21
XBV00051.VDF : 8.11.243.62 2048 Bytes 28.06.2015 18:00:21
XBV00052.VDF : 8.11.243.70 6656 Bytes 28.06.2015 18:00:22
XBV00053.VDF : 8.11.243.78 8192 Bytes 28.06.2015 18:00:22
XBV00054.VDF : 8.11.243.86 3584 Bytes 28.06.2015 18:00:22
XBV00055.VDF : 8.11.243.94 68608 Bytes 29.06.2015 18:00:22
XBV00056.VDF : 8.11.243.96 4608 Bytes 29.06.2015 18:00:22
XBV00057.VDF : 8.11.243.98 5120 Bytes 29.06.2015 18:00:22
XBV00058.VDF : 8.11.243.100 5632 Bytes 29.06.2015 18:00:22
XBV00059.VDF : 8.11.243.102 5120 Bytes 29.06.2015 18:00:23
XBV00060.VDF : 8.11.243.122 46080 Bytes 29.06.2015 18:00:23
XBV00061.VDF : 8.11.243.124 2048 Bytes 29.06.2015 18:00:23
XBV00062.VDF : 8.11.243.126 26624 Bytes 29.06.2015 18:00:23
XBV00063.VDF : 8.11.243.128 2048 Bytes 29.06.2015 18:00:23
XBV00064.VDF : 8.11.243.134 18944 Bytes 29.06.2015 18:00:23
XBV00065.VDF : 8.11.243.138 33280 Bytes 30.06.2015 18:00:23
XBV00066.VDF : 8.11.243.146 30208 Bytes 30.06.2015 18:00:23
XBV00067.VDF : 8.11.243.152 14336 Bytes 30.06.2015 18:00:24
XBV00068.VDF : 8.11.243.158 3584 Bytes 30.06.2015 18:00:24
XBV00069.VDF : 8.11.243.170 33792 Bytes 30.06.2015 18:00:24
XBV00070.VDF : 8.11.243.176 2560 Bytes 30.06.2015 18:00:24
XBV00071.VDF : 8.11.243.184 29184 Bytes 30.06.2015 18:00:24
XBV00072.VDF : 8.11.243.186 15360 Bytes 30.06.2015 18:00:25
XBV00073.VDF : 8.11.243.188 10752 Bytes 30.06.2015 18:00:25
XBV00074.VDF : 8.11.243.192 85504 Bytes 01.07.2015 18:00:25
XBV00075.VDF : 8.11.243.194 2048 Bytes 01.07.2015 18:00:25
XBV00076.VDF : 8.11.243.196 2048 Bytes 01.07.2015 18:00:25
XBV00077.VDF : 8.11.243.198 2048 Bytes 01.07.2015 18:00:25
XBV00078.VDF : 8.11.243.200 12288 Bytes 01.07.2015 18:00:26
XBV00079.VDF : 8.11.243.234 47104 Bytes 01.07.2015 18:00:26
XBV00080.VDF : 8.11.244.42 33792 Bytes 01.07.2015 18:00:26
XBV00081.VDF : 8.11.244.74 42496 Bytes 01.07.2015 18:00:26
XBV00082.VDF : 8.11.244.106 23040 Bytes 01.07.2015 18:00:26
XBV00083.VDF : 8.11.244.142 17408 Bytes 01.07.2015 18:00:26
XBV00084.VDF : 8.11.244.148 59904 Bytes 02.07.2015 18:00:26
XBV00085.VDF : 8.11.244.152 2048 Bytes 02.07.2015 18:00:26
XBV00086.VDF : 8.11.244.154 8192 Bytes 02.07.2015 18:00:27
XBV00087.VDF : 8.11.244.156 5120 Bytes 02.07.2015 18:00:27
XBV00088.VDF : 8.11.244.158 3584 Bytes 02.07.2015 18:00:27
XBV00089.VDF : 8.11.244.160 3584 Bytes 02.07.2015 18:00:27
XBV00090.VDF : 8.11.244.164 34816 Bytes 02.07.2015 18:00:27
XBV00091.VDF : 8.11.244.166 2048 Bytes 02.07.2015 18:00:27
LOCAL000.VDF : 8.11.244.166 129902080 Bytes 02.07.2015 18:05:25
Engineversion : 8.3.32.12
AEBB.DLL : 8.1.2.0 60448 Bytes 27.05.2015 11:11:22
AECORE.DLL : 8.3.7.2 249920 Bytes 23.06.2015 18:19:25
AEDROID.DLL : 8.4.3.280 1480616 Bytes 02.07.2015 18:00:13
AEEMU.DLL : 8.1.3.4 399264 Bytes 27.05.2015 11:11:22
AEEXP.DLL : 8.4.2.88 266296 Bytes 27.05.2015 11:11:22
AEGEN.DLL : 8.1.7.42 457576 Bytes 02.07.2015 17:59:46
AEHELP.DLL : 8.3.2.2 281456 Bytes 02.07.2015 17:59:46
AEHEUR.DLL : 8.1.4.1758 8523840 Bytes 02.07.2015 18:00:06
AEMOBILE.DLL : 8.1.7.4 280488 Bytes 23.06.2015 18:19:30
AEOFFICE.DLL : 8.3.1.42 399272 Bytes 02.07.2015 18:00:07
AEPACK.DLL : 8.4.0.82 792488 Bytes 02.07.2015 18:00:09
AERDL.DLL : 8.2.1.20 731040 Bytes 27.05.2015 11:11:22
AESBX.DLL : 8.2.21.0 1622072 Bytes 27.05.2015 11:11:22
AESCN.DLL : 8.3.2.10 142456 Bytes 27.05.2015 11:11:22
AESCRIPT.DLL : 8.2.2.76 528448 Bytes 02.07.2015 18:00:11
AEVDF.DLL : 8.3.1.6 133992 Bytes 27.05.2015 11:11:22
AVWINLL.DLL : 15.0.11.478 25904 Bytes 27.05.2015 11:11:31
AVPREF.DLL : 15.0.11.478 54216 Bytes 27.05.2015 11:11:27
AVREP.DLL : 15.0.11.478 220464 Bytes 27.05.2015 11:11:27
AVARKT.DLL : 15.0.11.478 228088 Bytes 27.05.2015 11:11:23
AVEVTLOG.DLL : 15.0.11.550 195320 Bytes 27.05.2015 11:11:24
SQLITE3.DLL : 15.0.11.478 455472 Bytes 27.05.2015 11:11:52
AVSMTP.DLL : 15.0.11.478 79096 Bytes 27.05.2015 11:11:30
NETNT.DLL : 15.0.11.478 16384 Bytes 27.05.2015 11:11:49
CommonImageRc.dll: 15.0.11.478 4279600 Bytes 27.05.2015 11:11:51
CommonTextRc.dll: 15.0.11.478 69936 Bytes 27.05.2015 11:11:51
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\Antivirus\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, G:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Donnerstag, 2. Juli 2015 20:09
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, E:, G:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsMpEng.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'DpHostW.exe' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '172' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV64.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Hpservice.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vcsFPService.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'DPAgent.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '199' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'BlueSoleilCS.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'GWX.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPFSService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPHotkeyMonitor.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'MfeEpeHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdfsvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'uArcCapture.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqWmiEx.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'BsHelpCS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'NisSrv.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'MpCmdRun.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'MpCmdRun.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'DPAgent.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray64.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'msseces.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplePhotoStreams.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'iCloudServices.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBController.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtTray.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'coreshredder.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpConnectionManager.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '141' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpCMSrv.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPPA_Service.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPPA_Main.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDKCOMServer.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdiSdkHelperx64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'AM_Delta.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'MpSigStub.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'msfeedssync.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1376' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
[0] Archivtyp: RSRC
--> C:\Program Files\Hewlett-Packard\Drivers\Global\HPMDP\x86\WUDFUpdate_01009.dll
[1] Archivtyp: RSRC
--> C:\swsetup\HP3DDG\drivers\amd64\WUDFUpdate_01009.dll
[2] Archivtyp: RSRC
--> C:\swsetup\HP3DDG\drivers\x86\WUDFUpdate_01009.dll
[3] Archivtyp: RSRC
--> C:\Users\Tahir Kaptan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHGI70JK\1[1].zip
[4] Archivtyp: ZIP
--> sweetsearch@gmail.com!1.0.0.1031.xpi
[5] Archivtyp: ZIP
--> chrome/content/toolbar.js
[FUND] Enthält Muster der Software PUA/Trollbar.AO
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> ffv2_0.0.4.xpi
[5] Archivtyp: ZIP
--> chrome/content/js/js.js
[FUND] Enthält Muster der Software PUA/QuickSearch.P
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> install.rdf
[FUND] Enthält Muster der Software PUA/QuickSearch.Y
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Tahir Kaptan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHGI70JK\1[1].zip
[FUND] Enthält Muster der Software PUA/QuickSearch.Y
Beginne mit der Suche in 'E:\' <HP_TOOLS>
Beginne mit der Suche in 'G:\' <HP_RECOVERY>
Beginne mit der Desinfektion:
C:\Users\Tahir Kaptan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHGI70JK\1[1].zip
[FUND] Enthält Muster der Software PUA/QuickSearch.Y
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '494e27fe.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 2. Juli 2015 22:51
Benötigte Zeit: 2:29:41 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
32454 Verzeichnisse wurden überprüft
758584 Dateien wurden geprüft
4 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
758580 Dateien ohne Befall
5299 Archive wurden durchsucht
3 Warnungen
1 Hinweise
980282 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
|
11.07.2015, 12:03
| #2 |
| /// TB-Ausbilder   | Windows XP: Rechner extrem langsam nach Virenscan Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Logdatei von MBAM bitte noch posten! |
|
11.07.2015, 13:22
| #3 |
| | Windows XP: Rechner extrem langsam nach Virenscan Danke für die schnelle Antwort!
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.06.2015 Suchlauf-Zeit: 23:35:20 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.06.05 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Tahir Kaptan Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 347963 Verstrichene Zeit: 43 Min, 12 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 2 PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [ada054eea5e521151c6adca20bf8f010], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [ada054eea5e521151c6adca20bf8f010], Dateien: 1 PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [ada054eea5e521151c6adca20bf8f010], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
|
11.07.2015, 15:47
| #4 |
| /// TB-Ausbilder | Windows XP: Rechner extrem langsam nach Virenscan Servus, Scan mit Combofix
|
|
11.07.2015, 16:28
| #5 |
| | Windows XP: Rechner extrem langsam nach Virenscan Bitte Combofix Logfile: Code:
ATTFilter ComboFix 15-07-10.01 - Tahir Kaptan 11.07.2015 17:03:12.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3978.1764 [GMT 2:00]
ausgeführt von:: c:\users\Tahir Kaptan\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Phone\Skype.exe
c:\users\Tahir Kaptan\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\TAHIRK~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-06-11 bis 2015-07-11 ))))))))))))))))))))))))))))))
.
.
2015-07-11 10:24 . 2015-07-11 10:27 -------- d-----w- C:\FRST
2015-07-11 10:24 . 2015-07-02 17:56 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6ABA531-35F2-4AF5-ADAD-51BEBE8327BF}\gapaengine.dll
2015-07-11 10:16 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91427FA3-C6CB-4968-9F86-DE989ABA972E}\mpengine.dll
2015-07-11 10:11 . 2015-07-11 10:11 18174128 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-07-02 17:57 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-23 18:19 . 2015-06-23 18:20 -------- d-----w- c:\users\Public\Speedup Sessions
2015-06-23 18:18 . 2015-06-23 18:18 -------- d-----w- c:\users\Tahir Kaptan\AppData\Roaming\Avira
2015-06-23 18:17 . 2015-05-27 11:11 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-06-23 18:17 . 2015-05-27 11:11 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-06-23 18:17 . 2015-05-27 11:11 132656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-06-23 18:17 . 2015-05-27 11:11 153256 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-06-23 18:10 . 2015-06-23 18:20 -------- d-----w- c:\program files (x86)\Avira
2015-06-23 18:10 . 2015-06-23 18:10 -------- d-----w- c:\programdata\Package Cache
2015-06-21 05:24 . 2015-06-21 05:24 -------- d-----w- c:\users\Tahir Kaptan\AppData\Local\GWX
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-11 12:17 . 2015-01-18 18:43 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-11 10:12 . 2014-12-18 11:00 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-11 10:12 . 2014-12-18 11:00 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-02 17:56 . 2014-01-09 21:33 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-10 20:51 . 2014-01-05 19:24 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-01 19:16 . 2015-06-10 19:50 389840 ----a-w- c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-10 19:50 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-05-25 18:24 . 2015-06-10 19:53 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-10 19:53 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:23 . 2015-06-10 19:53 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:21 . 2015-06-10 19:53 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 19:53 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 19:53 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 19:52 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 19:53 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 19:53 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 19:53 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-10 19:53 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 19:53 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-10 19:53 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-10 19:53 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-10 19:53 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 19:53 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 19:53 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 19:53 28160 ----a-w- c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-10 19:53 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-10 19:53 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-10 19:53 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-10 19:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 19:53 728576 ----a-w- c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-10 19:53 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 19:53 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:19 . 2015-06-10 19:53 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-25 18:18 . 2015-06-10 19:53 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 19:53 22016 ----a-w- c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-10 19:53 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 19:53 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 19:53 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 19:53 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 19:53 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 19:53 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 19:53 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 19:53 31232 ----a-w- c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-10 19:53 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 19:53 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-10 19:53 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-10 19:52 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-10 19:52 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-10 19:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 19:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-10 19:53 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 19:53 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 19:53 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 19:53 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-10 19:53 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-10 19:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 19:53 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 19:53 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 19:53 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 19:53 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-10 19:53 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-10 19:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 19:53 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-10 19:53 551424 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-10 19:53 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-10 19:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 19:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 19:53 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 19:53 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 19:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 19:53 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 19:53 82944 ----a-w- c:\windows\SysWow64\logman.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-03-01 56088]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-03-07 684024]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-03-14 319360]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-03-15 184704]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-08-16 364032]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-03-22 12310616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-06-02 134368]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-05-27 730416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-11-19 17:12 75648 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-18 10:12]
.
2015-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job
- c:\users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10 20:42]
.
2015-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job
- c:\users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10 20:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 439064]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-05 1425408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-MfeEpePcMonitor - c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-07-11 17:24:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-07-11 15:24
.
Vor Suchlauf: 12 Verzeichnis(se), 351.456.911.360 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 351.351.971.840 Bytes frei
.
- - End Of File - - A4D98E29A772B5C3813948F8F2900081
|
|
11.07.2015, 22:09
| #6 |
| /// TB-Ausbilder | Windows XP: Rechner extrem langsam nach Virenscan Servus, Mehrere Anti-Virus-Programme Code:
ATTFilter Microsoft
Avira
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
11.07.2015, 23:26
| #7 |
| | Windows XP: Rechner extrem langsam nach Virenscan Servus, bevor ich eins von den beiden Anti-Virus Programme lösche, würde ich gerne nach deiner Meinung fragen, welchen von den beiden ich eher löschen sollte?! Danach gehe ich die 4 Schritte durch |
|
12.07.2015, 11:19
| #8 | |
| /// TB-Ausbilder | Windows XP: Rechner extrem langsam nach VirenscanZitat:
Bei MSE gibt es keine Werbung. Allerdings ist die Erkennungsrate von Avira wohl besser als bei MSE. Ich verwende schon seit einiger Zeit MSE + MBAM, läuft gut zusammen. Letztendlich ist es deine Entscheidung. |
|
12.07.2015, 16:35
| #9 |
| | Windows XP: Rechner extrem langsam nach Virenscan Alles klar, habe AntiVir entfernt. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 12/07/2015 um 16:05:43
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-11.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Tahir Kaptan - TAHIRKAPTAN-HP
# Gestarted von : C:\Users\Tahir Kaptan\Downloads\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v34.0.5 (x86 de)
*************************
AdwCleaner[R0].txt - [876 Bytes] - [12/07/2015 16:03:51]
AdwCleaner[R1].txt - [934 Bytes] - [12/07/2015 16:05:16]
AdwCleaner[S0].txt - [855 Bytes] - [12/07/2015 16:05:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [913 Bytes] ##########
[/CODE] Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, Domain Database, 0.0.0.0, 2015.6.12.1, Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, IP Database, 0.0.0.0, 2015.6.12.1, Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, Rootkit Database, 2015.2.25.1, 2015.7.10.1, Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, Remediation Database, 2015.3.9.1, 2015.7.1.2, Update, 12.07.2015 16:12:58, SYSTEM, TAHIRKAPTAN-HP, Manual, Malware Database, 2015.3.9.5, 2015.7.12.2, Scan, 12.07.2015 16:59:59, SYSTEM, TAHIRKAPTAN-HP, Manual, Start: 12.07.2015 16:13:52, Dauer: 46 Minuten 7 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung, Error, 12.07.2015 17:04:43, SYSTEM, TAHIRKAPTAN-HP, Protection, IsLicensed, 13, Protection, 12.07.2015 17:04:43, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopping, Protection, 12.07.2015 17:04:43, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopped, Error, 12.07.2015 17:14:16, SYSTEM, TAHIRKAPTAN-HP, Protection, IsLicensed, 13, Protection, 12.07.2015 17:14:16, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopping, Protection, 12.07.2015 17:14:16, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopped, Error, 12.07.2015 17:18:32, SYSTEM, TAHIRKAPTAN-HP, Protection, IsLicensed, 13, Protection, 12.07.2015 17:18:32, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopping, Protection, 12.07.2015 17:18:32, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopped, (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.5 (07.12.2015:1)
OS: Windows 7 Professional x64
Ran by Tahir Kaptan on 12.07.2015 at 17:23:04,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\DIGITA~1
Successfully deleted: [Folder] C:\Users\Tahir Kaptan\appdata\local\DIGITA~1
Successfully deleted: [Folder] C:\Users\Tahir Kaptan\AppData\Roaming\DIGITA~1
~~~ FireFox
Emptied folder: C:\Users\Tahir Kaptan\AppData\Roaming\mozilla\firefox\profiles\uz2w2c3i.default\minidumps [6 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.07.2015 at 17:25:11,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Additional FRST Logfile: |
|
13.07.2015, 12:51
| #10 | |
| /// TB-Ausbilder | Windows XP: Rechner extrem langsam nach Virenscan Servus, Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. Nochmal FRST, dieses mal bitte vom Desktop:
|
|
13.07.2015, 18:48
| #11 |
| | Windows XP: Rechner extrem langsam nach Virenscan Sorry, war keine Absicht ! Jetzt müsste es richtig sein. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Tahir Kaptan (administrator) on TAHIRKAPTAN-HP on 13-07-2015 19:42:13
Running from C:\Users\Tahir Kaptan\Desktop
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-03-07] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-16] (IVT Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-22] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{21551550-B0A9-41BF-A30D-B5C3B0A963AC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C90B9278-EF9A-4E49-BEE2-C6A98355A624}: [DhcpNameServer] 172.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3795078193-2229101918-834789043-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Avira Browser Safety - C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default\Extensions\abs@avira.com [2015-05-28]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-03-12]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation) [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-22] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23104 2011-08-13] (Ralink Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [51776 2012-04-03] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48320 2012-03-05] (Ralink Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-22] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [685152 2012-06-14] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 19:42 - 2015-07-13 19:42 - 00018617 _____ C:\Users\Tahir Kaptan\Desktop\FRST.txt
2015-07-13 19:40 - 2015-07-13 19:40 - 02133504 _____ (Farbar) C:\Users\Tahir Kaptan\Desktop\FRST64.exe
2015-07-12 17:42 - 2015-07-12 17:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-12 17:42 - 2015-07-12 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-12 17:25 - 2015-07-12 17:25 - 00000964 _____ C:\Users\Tahir Kaptan\Desktop\JRT.txt
2015-07-12 17:23 - 2015-07-12 17:23 - 00000207 _____ C:\windows\tweaking.com-regbackup-TAHIRKAPTAN-HP-Windows-7-Professional-(64-bit).dat
2015-07-12 17:23 - 2015-07-12 17:23 - 00000000 ____D C:\RegBackup
2015-07-12 17:22 - 2015-07-12 17:22 - 03034102 _____ (Malwarebytes Corporation) C:\Users\Tahir Kaptan\Desktop\JRT.exe
2015-07-12 17:21 - 2015-07-12 17:21 - 00001634 _____ C:\Users\Tahir Kaptan\Desktop\mbam.txt
2015-07-12 17:01 - 2015-07-12 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 16:12 - 2015-07-12 17:20 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-12 16:12 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-12 16:10 - 2015-07-12 16:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tahir Kaptan\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00000992 _____ C:\Users\Tahir Kaptan\Desktop\AdwCleaner[S0].txt
2015-07-12 16:03 - 2015-07-12 16:05 - 00000000 ____D C:\AdwCleaner
2015-07-12 16:03 - 2015-07-12 16:03 - 02248704 _____ C:\Users\Tahir Kaptan\Downloads\AdwCleaner_4.208.exe
2015-07-11 17:24 - 2015-07-11 17:24 - 00026167 _____ C:\ComboFix.txt
2015-07-11 17:00 - 2015-07-11 17:24 - 00000000 ____D C:\ComboFix
2015-07-11 17:00 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-07-11 17:00 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-07-11 17:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-07-11 16:58 - 2015-07-11 17:24 - 00000000 ____D C:\Qoobox
2015-07-11 16:57 - 2015-07-11 17:22 - 00000000 ____D C:\windows\erdnt
2015-07-11 16:55 - 2015-07-11 16:56 - 05633250 ____R (Swearware) C:\Users\Tahir Kaptan\Downloads\ComboFix.exe
2015-07-11 12:26 - 2015-07-11 12:27 - 00037555 _____ C:\Users\Tahir Kaptan\Downloads\Addition.txt
2015-07-11 12:25 - 2015-07-11 12:27 - 00030165 _____ C:\Users\Tahir Kaptan\Downloads\FRST.txt
2015-07-11 12:24 - 2015-07-13 19:42 - 00000000 ____D C:\FRST
2015-07-11 12:23 - 2015-07-11 12:23 - 02130944 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST64.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 01634816 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST.exe
2015-07-11 12:19 - 2015-07-11 12:30 - 00000486 _____ C:\Users\Tahir Kaptan\Downloads\defogger_disable.log
2015-07-11 12:19 - 2015-07-11 12:19 - 00000000 _____ C:\Users\Tahir Kaptan\defogger_reenable
2015-07-11 12:18 - 2015-07-11 12:18 - 00050477 _____ C:\Users\Tahir Kaptan\Downloads\Defogger.exe
2015-07-11 12:11 - 2015-07-11 12:11 - 18174128 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-11 11:53 - 2015-07-11 11:53 - 00262144 _____ C:\windows\Minidump\071115-23415-01.dmp
2015-07-02 19:49 - 2015-07-02 19:49 - 00279960 _____ C:\windows\Minidump\070215-31122-01.dmp
2015-07-02 19:40 - 2015-07-11 11:53 - 00000000 ____D C:\windows\Minidump
2015-07-02 19:40 - 2015-07-02 19:40 - 00279960 _____ C:\windows\Minidump\070215-31527-01.dmp
2015-07-02 19:39 - 2015-07-11 11:53 - 527928465 _____ C:\windows\MEMORY.DMP
2015-06-23 20:09 - 2015-06-23 20:09 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tahir Kaptan\Downloads\avira_de_av_5723627653__ws(2).exe
2015-06-21 07:24 - 2015-06-21 07:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\GWX
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 19:42 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 19:42 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 19:40 - 2013-03-12 05:29 - 01638151 _____ C:\windows\WindowsUpdate.log
2015-07-13 19:37 - 2013-07-28 15:24 - 00003982 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D11E2A35-796A-4A81-A283-C39673DEED3D}
2015-07-13 19:34 - 2012-04-16 07:20 - 00000000 ____D C:\ProgramData\PDFC
2015-07-13 19:33 - 2012-08-16 02:46 - 00000804 _____ C:\windows\SysWOW64\bscs.ini
2015-07-13 19:33 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-13 19:33 - 2009-07-14 06:51 - 00086116 _____ C:\windows\setupact.log
2015-07-12 17:43 - 2013-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-12 17:42 - 2013-03-12 06:02 - 00000000 ____D C:\ProgramData\Skype
2015-07-12 17:11 - 2014-12-18 13:00 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 17:03 - 2010-11-21 05:47 - 00905254 _____ C:\windows\PFRO.log
2015-07-12 16:47 - 2014-04-10 22:42 - 00000956 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job
2015-07-12 15:56 - 2013-08-25 17:00 - 00000000 ____D C:\ProgramData\Avira
2015-07-12 00:29 - 2014-04-10 22:42 - 00000934 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job
2015-07-12 00:21 - 2013-03-12 06:10 - 00002127 _____ C:\windows\epplauncher.mif
2015-07-11 17:17 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-07-11 12:19 - 2013-07-28 13:15 - 00000000 ____D C:\Users\Tahir Kaptan
2015-07-11 12:12 - 2014-12-18 13:00 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-11 12:12 - 2014-12-18 13:00 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 12:12 - 2014-12-18 13:00 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-02 19:44 - 2013-07-28 15:25 - 00109696 _____ C:\Users\Tahir Kaptan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 19:34 - 2009-07-14 06:45 - 00409192 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-23 20:48 - 2013-07-29 22:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\Microsoft Help
2015-06-23 20:42 - 2009-07-14 04:34 - 00000478 _____ C:\windows\win.ini
2015-06-23 20:41 - 2012-04-16 07:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-23 20:40 - 2013-09-22 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-23 19:49 - 2012-04-16 05:53 - 01512802 _____ C:\windows\system32\perfh007.dat
2015-06-23 19:49 - 2012-04-16 05:53 - 00409628 _____ C:\windows\system32\perfc007.dat
2015-06-23 19:49 - 2009-07-14 07:13 - 00006476 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-23 19:34 - 2015-02-02 20:29 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Graphisoft
2015-06-23 19:34 - 2015-02-02 20:20 - 00000000 _____ C:\windows\vpd.properties
2015-06-23 19:30 - 2015-02-02 20:09 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Install.GS
2015-06-22 23:09 - 2015-04-05 00:17 - 00000000 ___SD C:\windows\system32\GWX
2015-06-22 23:09 - 2013-07-28 15:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\bluesoleil
2015-06-22 23:09 - 2012-04-16 05:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-22 23:09 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2015-06-22 22:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-21 10:08 - 2014-11-18 21:46 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieBrowserModeList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieUserList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieSiteList
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\Documents\Seas0nPass
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Seas0nPass
2015-06-21 07:24 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-21 07:24 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-21 07:19 - 2014-12-16 18:12 - 00000000 ____D C:\windows\system32\appraiser
2015-06-21 07:19 - 2014-05-10 21:04 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-21 07:18 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
Some files in TEMP:
====================
C:\Users\Tahir Kaptan\AppData\Local\Temp\avgnt.exe
C:\Users\Tahir Kaptan\AppData\Local\Temp\Quarantine.exe
C:\Users\Tahir Kaptan\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-11 14:41
==================== End of log ============================
[CODE] Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Tahir Kaptan at 2015-07-13 19:43:25
Running from C:\Users\Tahir Kaptan\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3795078193-2229101918-834789043-500 - Administrator - Disabled)
Gast (S-1-5-21-3795078193-2229101918-834789043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3795078193-2229101918-834789043-1003 - Limited - Enabled)
Tahir Kaptan (S-1-5-21-3795078193-2229101918-834789043-1002 - Administrator - Enabled) => C:\Users\Tahir Kaptan
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.01.4525 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.01.4525 - Hewlett-Packard Company) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{22706ADC-74A1-43A0-ABAE-47F84966B909}) (Version: 4.2.50.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 39.0 (x86 de) (HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
21-06-2015 09:11:43 Removed Avira Browser Safety
22-06-2015 23:05:46 Wiederherstellungsvorgang
22-06-2015 23:28:54 Removed Avira Browser Safety
22-06-2015 23:35:19 Windows Update
23-06-2015 20:20:36 Avira System Speedup 1.6.10
23-06-2015 20:35:07 Installed Microsoft Office Professional 2010
23-06-2015 20:41:55 Configured Microsoft Office Professional 2010
02-07-2015 19:54:27 Windows Update
11-07-2015 11:59:31 Windows Update
12-07-2015 15:57:23 Removed Avira Browser Safety
12-07-2015 17:36:15 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-07-11 17:13 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {68C0EAF4-5FBB-4C1A-B04A-1FB517F4D922} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {98F46F3C-C20F-4F0A-89DE-3C56D20E76BC} - System32\Tasks\{743DBFE6-3A95-4A20-9753-E23B9541B8B6} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {9F07C3AE-96FC-4CCC-B68C-654DF3BACFA5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {C90ED8AE-4303-46D3-B619-3A37285DC6C8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-11] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2012-01-18 01:57 - 2012-01-18 01:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-03-22 01:14 - 2012-03-22 01:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-14 23:11 - 2012-08-14 23:11 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2012-08-16 02:20 - 2012-08-16 02:20 - 00356352 _____ () C:\windows\system32\BsExtendFunc.dll
2012-03-27 05:33 - 2012-03-27 05:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-22 00:36 - 2012-03-22 00:36 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-08-14 23:13 - 2012-08-14 23:13 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-03-12 05:36 - 2012-03-28 19:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-08-14 23:16 - 2012-08-14 23:16 - 00072192 _____ () C:\windows\system32\BsProfilefunc.dll
2012-03-22 01:00 - 2012-03-22 01:00 - 02846720 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-03-22 00:59 - 2012-03-22 00:59 - 03002368 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-03-22 01:04 - 2012-03-22 01:04 - 02850816 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-03-22 01:02 - 2012-03-22 01:02 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-03-22 00:38 - 2012-03-22 00:38 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-03-22 00:39 - 2012-03-22 00:39 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2011-04-08 18:57 - 2011-04-08 18:57 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-11-02 12:12 - 2014-11-02 12:12 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-12 05:35 - 2012-03-28 19:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tahir Kaptan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B73572EA-181A-473E-9E73-82E1B4796BF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82C9ABA3-FCE5-4F65-AED7-8CC73134B0B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{055DEAA4-B1F0-4265-80AE-AF3BC6A98ED4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{677DC65D-22C8-4DD2-86FC-55A2D47BC355}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{954AF93E-519A-45D8-BDE3-FC3483D549FD}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{FED79AF1-187C-436F-B4E8-C9A65313DB46}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{27EFB973-567B-4886-9388-8ECA6E344847}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{80F19C5A-4766-4C87-B8A2-004AA77E47DE}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{32C72F66-8D18-4532-9BFF-204E4D18985C}] => (Allow) C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{BD1226FB-94E1-4395-B944-377D11D48EE7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{719282AC-E256-488C-9B03-38CE03211D5E}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [UDP Query User{0C239487-B0CB-4823-8325-AFBAC4826FAC}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [TCP Query User{B9957EFC-5602-4F24-99E9-02556D3AC843}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{1C507A6A-DC89-4969-A11C-0974C1B29BFD}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [TCP Query User{34F6ACFE-FBD6-4398-8F95-DDCC71FC803A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6A3E7B64-228D-46CD-8B27-ED1028EC390E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{EA7D6BD4-EC7F-4419-AB69-1583DB9E6B76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C438A324-7BD4-45C2-958E-F99B33316CCC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B525A517-110C-453E-914E-BB6DFF497F23}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Faulty Device Manager Devices =============
Name: Ralink Bluetooth 4.0 Adapter
Description: Ralink Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/13/2015 07:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x16f8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/13/2015 07:34:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 05:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x818
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/12/2015 05:18:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 05:15:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0xb30
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/12/2015 05:14:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 05:12:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x3e4
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/12/2015 05:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0xa10
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/12/2015 05:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x15cc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/12/2015 05:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x15d8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
System errors:
=============
Error: (07/13/2015 07:36:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/13/2015 07:33:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet:
%%3
Error: (07/12/2015 05:27:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (07/12/2015 05:27:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Power Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Connection Manager 4 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (07/13/2015 07:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa416f801d0bd929bdd6bd3C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exedb89be8e-2985-11e5-a268-b4b52f87dbdd
Error: (07/13/2015 07:34:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 05:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa481801d0bcb61bf2991bC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe5c77890f-28a9-11e5-9c65-b4b52f87dbdd
Error: (07/12/2015 05:18:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 05:15:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa4b3001d0bcb5999198dcC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exed7d1b90d-28a8-11e5-ae46-b4b52f87dbdd
Error: (07/12/2015 05:14:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 05:12:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa43e401d0bcb525d9a4aaC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe64a1734b-28a8-11e5-bca1-b4b52f87dbdd
Error: (07/12/2015 05:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa4a1001d0bcb481c7dc12C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exebf76c852-28a7-11e5-bca1-b4b52f87dbdd
Error: (07/12/2015 05:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa415cc01d0bcb4658b532dC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exea33ca0ce-28a7-11e5-bca1-b4b52f87dbdd
Error: (07/12/2015 05:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa415d801d0bcb446b3065aC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe867002b7-28a7-11e5-bca1-b4b52f87dbdd
CodeIntegrity Errors:
===================================
Date: 2015-07-11 17:12:08.412
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-07-11 17:12:08.366
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 78%
Total physical RAM: 3977.51 MB
Available physical RAM: 867.2 MB
Total Virtual: 7953.23 MB
Available Virtual: 4091.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:441.94 GB) (Free:327.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.53 GB) (Free:3.33 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End of log ============================
|
|
14.07.2015, 11:24
| #12 |
| /// TB-Ausbilder | Windows XP: Rechner extrem langsam nach Virenscan Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
16.07.2015, 05:59
| #13 |
| | Windows XP: Rechner extrem langsam nach VirenscanCode:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Tahir Kaptan at 2015-07-14 22:37:40 Run:1
Running from C:\Users\Tahir Kaptan\Desktop
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
RemoveProxy:
EmptyTemp:
end
*****************
Processes closed successfully.
"HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => 501.6 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 22:40:43 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# end=init
# utc_time=2015-07-14 09:10:09
# local_time=2015-07-14 11:10:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24797
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# end=updated
# utc_time=2015-07-14 09:13:43
# local_time=2015-07-14 11:13:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# engine=24797
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-14 09:32:47
# local_time=2015-07-14 11:32:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4934796 130223177 0 0
# scanned=26332
# found=0
# cleaned=0
# scan_time=1143
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# end=init
# utc_time=2015-07-15 05:47:54
# local_time=2015-07-15 07:47:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24812
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# end=updated
# utc_time=2015-07-15 05:48:40
# local_time=2015-07-15 07:48:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# engine=24812
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-15 11:11:14
# local_time=2015-07-16 01:11:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5027103 130315484 0 0
# scanned=237784
# found=2
# cleaned=0
# scan_time=19353
sh=DF678B81D0A2C063E5467C5113DCCFF238B44DC4 ft=1 fh=55941976f4437196 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\swsetup\WinZBas\Setup.exe"
sh=ED5C7FA74CB6DCD8F9AFEACDF9A3B8E5B395C832 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\143a28.msi"
Code:
ATTFilter Results of screen317's Security Check version 1.004
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version 32-bit out of Date!
Adobe Flash Player 18.0.0.209
Mozilla Firefox 34.0.5 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Tahir Kaptan (administrator) on TAHIRKAPTAN-HP on 16-07-2015 03:31:52
Running from C:\Users\Tahir Kaptan\Desktop
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-03-07] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-16] (IVT Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-22] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{21551550-B0A9-41BF-A30D-B5C3B0A963AC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C90B9278-EF9A-4E49-BEE2-C6A98355A624}: [DhcpNameServer] 172.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3795078193-2229101918-834789043-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Avira Browser Safety - C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default\Extensions\abs@avira.com [2015-05-28]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-03-12]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation) [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-22] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23104 2011-08-13] (Ralink Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [51776 2012-04-03] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48320 2012-03-05] (Ralink Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-22] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [685152 2012-06-14] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 03:31 - 2015-07-16 03:31 - 00000858 _____ C:\Users\Tahir Kaptan\Desktop\checkup.txt
2015-07-16 03:29 - 2015-07-16 03:29 - 00852662 _____ C:\Users\Tahir Kaptan\Desktop\SecurityCheck.exe
2015-07-14 23:10 - 2015-07-14 23:10 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-14 23:09 - 2015-07-14 23:09 - 02870984 _____ (ESET) C:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe
2015-07-13 19:43 - 2015-07-13 19:44 - 00035238 _____ C:\Users\Tahir Kaptan\Desktop\Addition.txt
2015-07-13 19:42 - 2015-07-16 03:32 - 00018587 _____ C:\Users\Tahir Kaptan\Desktop\FRST.txt
2015-07-13 19:40 - 2015-07-13 19:40 - 02133504 _____ (Farbar) C:\Users\Tahir Kaptan\Desktop\FRST64.exe
2015-07-12 17:42 - 2015-07-12 17:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-12 17:42 - 2015-07-12 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-12 17:25 - 2015-07-12 17:25 - 00000964 _____ C:\Users\Tahir Kaptan\Desktop\JRT.txt
2015-07-12 17:23 - 2015-07-12 17:23 - 00000207 _____ C:\windows\tweaking.com-regbackup-TAHIRKAPTAN-HP-Windows-7-Professional-(64-bit).dat
2015-07-12 17:23 - 2015-07-12 17:23 - 00000000 ____D C:\RegBackup
2015-07-12 17:22 - 2015-07-12 17:22 - 03034102 _____ (Malwarebytes Corporation) C:\Users\Tahir Kaptan\Desktop\JRT.exe
2015-07-12 17:21 - 2015-07-12 17:21 - 00001634 _____ C:\Users\Tahir Kaptan\Desktop\mbam.txt
2015-07-12 17:01 - 2015-07-12 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 16:12 - 2015-07-12 17:20 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-12 16:12 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-12 16:10 - 2015-07-12 16:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tahir Kaptan\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00000992 _____ C:\Users\Tahir Kaptan\Desktop\AdwCleaner[S0].txt
2015-07-12 16:03 - 2015-07-12 16:05 - 00000000 ____D C:\AdwCleaner
2015-07-12 16:03 - 2015-07-12 16:03 - 02248704 _____ C:\Users\Tahir Kaptan\Downloads\AdwCleaner_4.208.exe
2015-07-11 17:24 - 2015-07-11 17:24 - 00026167 _____ C:\ComboFix.txt
2015-07-11 17:00 - 2015-07-11 17:24 - 00000000 ____D C:\ComboFix
2015-07-11 17:00 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-07-11 17:00 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-07-11 17:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-07-11 16:58 - 2015-07-11 17:24 - 00000000 ____D C:\Qoobox
2015-07-11 16:57 - 2015-07-11 17:22 - 00000000 ____D C:\windows\erdnt
2015-07-11 16:55 - 2015-07-11 16:56 - 05633250 ____R (Swearware) C:\Users\Tahir Kaptan\Downloads\ComboFix.exe
2015-07-11 12:26 - 2015-07-11 12:27 - 00037555 _____ C:\Users\Tahir Kaptan\Downloads\Addition.txt
2015-07-11 12:25 - 2015-07-11 12:27 - 00030165 _____ C:\Users\Tahir Kaptan\Downloads\FRST.txt
2015-07-11 12:24 - 2015-07-16 03:31 - 00000000 ____D C:\FRST
2015-07-11 12:23 - 2015-07-11 12:23 - 02130944 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST64.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 01634816 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST.exe
2015-07-11 12:19 - 2015-07-11 12:30 - 00000486 _____ C:\Users\Tahir Kaptan\Downloads\defogger_disable.log
2015-07-11 12:19 - 2015-07-11 12:19 - 00000000 _____ C:\Users\Tahir Kaptan\defogger_reenable
2015-07-11 12:18 - 2015-07-11 12:18 - 00050477 _____ C:\Users\Tahir Kaptan\Downloads\Defogger.exe
2015-07-11 12:11 - 2015-07-14 23:11 - 18524336 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-11 11:53 - 2015-07-11 11:53 - 00262144 _____ C:\windows\Minidump\071115-23415-01.dmp
2015-07-02 19:49 - 2015-07-02 19:49 - 00279960 _____ C:\windows\Minidump\070215-31122-01.dmp
2015-07-02 19:40 - 2015-07-11 11:53 - 00000000 ____D C:\windows\Minidump
2015-07-02 19:40 - 2015-07-02 19:40 - 00279960 _____ C:\windows\Minidump\070215-31527-01.dmp
2015-07-02 19:39 - 2015-07-11 11:53 - 527928465 _____ C:\windows\MEMORY.DMP
2015-06-23 20:09 - 2015-06-23 20:09 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tahir Kaptan\Downloads\avira_de_av_5723627653__ws(2).exe
2015-06-21 07:24 - 2015-06-21 07:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\GWX
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 03:11 - 2014-12-18 13:00 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-16 02:31 - 2013-03-12 05:29 - 01299898 _____ C:\windows\WindowsUpdate.log
2015-07-16 01:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-07-16 01:47 - 2014-04-10 22:42 - 00000956 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job
2015-07-16 00:44 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-16 00:44 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-16 00:40 - 2013-07-28 15:24 - 00003982 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D11E2A35-796A-4A81-A283-C39673DEED3D}
2015-07-16 00:38 - 2014-04-10 22:42 - 00000934 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job
2015-07-15 19:46 - 2012-08-16 02:46 - 00000804 _____ C:\windows\SysWOW64\bscs.ini
2015-07-15 19:46 - 2012-04-16 07:20 - 00000000 ____D C:\ProgramData\PDFC
2015-07-15 19:45 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-15 19:45 - 2009-07-14 06:51 - 00086284 _____ C:\windows\setupact.log
2015-07-14 23:11 - 2014-12-18 13:00 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 23:11 - 2014-12-18 13:00 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 23:11 - 2014-12-18 13:00 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 23:09 - 2012-04-16 05:53 - 01527594 _____ C:\windows\system32\perfh007.dat
2015-07-14 23:09 - 2012-04-16 05:53 - 00414364 _____ C:\windows\system32\perfc007.dat
2015-07-14 23:09 - 2009-07-14 07:13 - 00006476 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-12 17:43 - 2013-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-12 17:42 - 2013-03-12 06:02 - 00000000 ____D C:\ProgramData\Skype
2015-07-12 17:03 - 2010-11-21 05:47 - 00905254 _____ C:\windows\PFRO.log
2015-07-12 15:56 - 2013-08-25 17:00 - 00000000 ____D C:\ProgramData\Avira
2015-07-12 00:21 - 2013-03-12 06:10 - 00002127 _____ C:\windows\epplauncher.mif
2015-07-11 17:17 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-07-11 12:19 - 2013-07-28 13:15 - 00000000 ____D C:\Users\Tahir Kaptan
2015-07-02 19:44 - 2013-07-28 15:25 - 00109696 _____ C:\Users\Tahir Kaptan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 19:34 - 2009-07-14 06:45 - 00409192 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-23 20:48 - 2013-07-29 22:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\Microsoft Help
2015-06-23 20:42 - 2009-07-14 04:34 - 00000478 _____ C:\windows\win.ini
2015-06-23 20:41 - 2012-04-16 07:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-23 20:40 - 2013-09-22 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-23 19:34 - 2015-02-02 20:29 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Graphisoft
2015-06-23 19:34 - 2015-02-02 20:20 - 00000000 _____ C:\windows\vpd.properties
2015-06-23 19:30 - 2015-02-02 20:09 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Install.GS
2015-06-22 23:09 - 2015-04-05 00:17 - 00000000 ___SD C:\windows\system32\GWX
2015-06-22 23:09 - 2013-07-28 15:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\bluesoleil
2015-06-22 23:09 - 2012-04-16 05:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-22 23:09 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2015-06-22 22:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-21 10:08 - 2014-11-18 21:46 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieBrowserModeList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieUserList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieSiteList
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\Documents\Seas0nPass
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Seas0nPass
2015-06-21 07:24 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-21 07:24 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-21 07:19 - 2014-12-16 18:12 - 00000000 ____D C:\windows\system32\appraiser
2015-06-21 07:19 - 2014-05-10 21:04 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-21 07:18 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-16 01:39
==================== End of log ============================
[CODE] Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Tahir Kaptan at 2015-07-16 03:32:22
Running from C:\Users\Tahir Kaptan\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3795078193-2229101918-834789043-500 - Administrator - Disabled)
Gast (S-1-5-21-3795078193-2229101918-834789043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3795078193-2229101918-834789043-1003 - Limited - Enabled)
Tahir Kaptan (S-1-5-21-3795078193-2229101918-834789043-1002 - Administrator - Enabled) => C:\Users\Tahir Kaptan
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.01.4525 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.01.4525 - Hewlett-Packard Company) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{22706ADC-74A1-43A0-ABAE-47F84966B909}) (Version: 4.2.50.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 39.0 (x86 de) (HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
12-07-2015 17:36:15 Windows Update
16-07-2015 00:57:18 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-07-11 17:13 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {68C0EAF4-5FBB-4C1A-B04A-1FB517F4D922} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {98F46F3C-C20F-4F0A-89DE-3C56D20E76BC} - System32\Tasks\{743DBFE6-3A95-4A20-9753-E23B9541B8B6} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {9F07C3AE-96FC-4CCC-B68C-654DF3BACFA5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {C90ED8AE-4303-46D3-B619-3A37285DC6C8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2012-01-18 01:57 - 2012-01-18 01:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-03-22 01:14 - 2012-03-22 01:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-14 23:11 - 2012-08-14 23:11 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2009-07-14 01:57 - 2009-07-14 03:40 - 00069120 _____ () C:\windows\system32\BWContextHandler.dll
2012-08-14 23:13 - 2012-08-14 23:13 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2012-08-14 23:13 - 2012-08-14 23:13 - 00052736 _____ () C:\windows\system32\BlueSoleilCSps.dll
2012-03-27 05:33 - 2012-03-27 05:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-22 00:36 - 2012-03-22 00:36 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-03-12 05:36 - 2012-03-28 19:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-08-14 23:16 - 2012-08-14 23:16 - 00072192 _____ () C:\windows\system32\BsProfilefunc.dll
2012-08-16 02:20 - 2012-08-16 02:20 - 00356352 _____ () C:\windows\system32\BsExtendFunc.dll
2012-03-22 01:00 - 2012-03-22 01:00 - 02846720 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-03-22 00:59 - 2012-03-22 00:59 - 03002368 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-03-22 01:04 - 2012-03-22 01:04 - 02850816 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-03-22 01:02 - 2012-03-22 01:02 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-03-22 00:38 - 2012-03-22 00:38 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-03-22 00:39 - 2012-03-22 00:39 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2011-04-08 18:57 - 2011-04-08 18:57 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-11-02 12:12 - 2014-11-02 12:12 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-12 05:35 - 2012-03-28 19:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tahir Kaptan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B73572EA-181A-473E-9E73-82E1B4796BF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82C9ABA3-FCE5-4F65-AED7-8CC73134B0B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{055DEAA4-B1F0-4265-80AE-AF3BC6A98ED4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{677DC65D-22C8-4DD2-86FC-55A2D47BC355}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{954AF93E-519A-45D8-BDE3-FC3483D549FD}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{FED79AF1-187C-436F-B4E8-C9A65313DB46}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{27EFB973-567B-4886-9388-8ECA6E344847}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{80F19C5A-4766-4C87-B8A2-004AA77E47DE}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{32C72F66-8D18-4532-9BFF-204E4D18985C}] => (Allow) C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{BD1226FB-94E1-4395-B944-377D11D48EE7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{719282AC-E256-488C-9B03-38CE03211D5E}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [UDP Query User{0C239487-B0CB-4823-8325-AFBAC4826FAC}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [TCP Query User{B9957EFC-5602-4F24-99E9-02556D3AC843}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{1C507A6A-DC89-4969-A11C-0974C1B29BFD}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [TCP Query User{34F6ACFE-FBD6-4398-8F95-DDCC71FC803A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6A3E7B64-228D-46CD-8B27-ED1028EC390E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{EA7D6BD4-EC7F-4419-AB69-1583DB9E6B76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C438A324-7BD4-45C2-958E-F99B33316CCC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B525A517-110C-453E-914E-BB6DFF497F23}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Faulty Device Manager Devices =============
Name: Ralink Bluetooth 4.0 Adapter
Description: Ralink Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/16/2015 03:29:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15615
Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15615
Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/15/2015 07:47:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/15/2015 07:46:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/14/2015 11:09:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
System errors:
=============
Error: (07/16/2015 01:50:18 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{21551550-B0A9-41BF-A30D-B5C3B0A963AC}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (07/15/2015 07:48:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/15/2015 07:48:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\TAHIRK~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (07/15/2015 07:48:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/15/2015 07:48:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\TAHIRK~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (07/15/2015 07:48:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/15/2015 07:48:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\TAHIRK~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (07/15/2015 07:48:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/15/2015 07:48:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\TAHIRK~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (07/15/2015 07:48:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Microsoft Office:
=========================
Error: (07/16/2015 03:29:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe
Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15615
Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15615
Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/15/2015 07:47:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe
Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe
Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe
Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe
Error: (07/15/2015 07:46:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/14/2015 11:09:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2015-07-11 17:12:08.412
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-07-11 17:12:08.366
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 52%
Total physical RAM: 3977.51 MB
Available physical RAM: 1890.29 MB
Total Virtual: 7953.23 MB
Available Virtual: 5143.93 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:441.94 GB) (Free:325.23 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Elements) (Fixed) (Total:931.48 GB) (Free:927.92 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.53 GB) (Free:3.33 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 9A9B2E6B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
16.07.2015, 14:36
| #14 | ||||||||||
| /// TB-Ausbilder | Windows XP: Rechner extrem langsam nach Virenscan Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\swsetup
C:\Windows\Installer\143a28.msi
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
16.07.2015, 21:51
| #15 |
| | Windows XP: Rechner extrem langsam nach VirenscanCode:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Tahir Kaptan at 2015-07-16 22:21:31 Run:2
Running from C:\Users\Tahir Kaptan\Desktop
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
C:\swsetup
C:\Windows\Installer\143a28.msi
EmptyTemp:
end
*****************
Processes closed successfully.
C:\swsetup => moved successfully.
C:\Windows\Installer\143a28.msi => moved successfully.
EmptyTemp: => 485.5 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 22:21:32 ====
Der Rechner läuft wieder wie gewohnt schneller  Dankeeeeee !!! MfG |
|
| Themen zu Windows XP: Rechner extrem langsam nach Virenscan |
| brauch, device driver, durchgeführt, extrem, extrem langsam, hängt, lange, langsam, laptop, malwarebytes, rechner, scan, sehr langsam, tagen, virenscan, windows, windows xp |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
