| Jagjilee | 12.07.2015 16:35 |
Alles klar, habe AntiVir entfernt.
AdwCleaner Logfile: Code:
# AdwCleaner v4.208 - Bericht erstellt 12/07/2015 um 16:05:43
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-11.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Tahir Kaptan - TAHIRKAPTAN-HP
# Gestarted von : C:\Users\Tahir Kaptan\Downloads\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v34.0.5 (x86 de)
*************************
AdwCleaner[R0].txt - [876 Bytes] - [12/07/2015 16:03:51]
AdwCleaner[R1].txt - [934 Bytes] - [12/07/2015 16:05:16]
AdwCleaner[S0].txt - [855 Bytes] - [12/07/2015 16:05:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [913 Bytes] ##########
--- --- ---
[/CODE] Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, Rootkit Database, 2015.2.25.1, 2015.7.10.1,
Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, Remediation Database, 2015.3.9.1, 2015.7.1.2,
Update, 12.07.2015 16:12:58, SYSTEM, TAHIRKAPTAN-HP, Manual, Malware Database, 2015.3.9.5, 2015.7.12.2,
Scan, 12.07.2015 16:59:59, SYSTEM, TAHIRKAPTAN-HP, Manual, Start: 12.07.2015 16:13:52, Dauer: 46 Minuten 7 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung,
Error, 12.07.2015 17:04:43, SYSTEM, TAHIRKAPTAN-HP, Protection, IsLicensed, 13,
Protection, 12.07.2015 17:04:43, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopping,
Protection, 12.07.2015 17:04:43, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopped,
Error, 12.07.2015 17:14:16, SYSTEM, TAHIRKAPTAN-HP, Protection, IsLicensed, 13,
Protection, 12.07.2015 17:14:16, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopping,
Protection, 12.07.2015 17:14:16, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopped,
Error, 12.07.2015 17:18:32, SYSTEM, TAHIRKAPTAN-HP, Protection, IsLicensed, 13,
Protection, 12.07.2015 17:18:32, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopping,
Protection, 12.07.2015 17:18:32, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopped,
(end)
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.5 (07.12.2015:1)
OS: Windows 7 Professional x64
Ran by Tahir Kaptan on 12.07.2015 at 17:23:04,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\DIGITA~1
Successfully deleted: [Folder] C:\Users\Tahir Kaptan\appdata\local\DIGITA~1
Successfully deleted: [Folder] C:\Users\Tahir Kaptan\AppData\Roaming\DIGITA~1
~~~ FireFox
Emptied folder: C:\Users\Tahir Kaptan\AppData\Roaming\mozilla\firefox\profiles\uz2w2c3i.default\minidumps [6 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.07.2015 at 17:25:11,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Tahir Kaptan at 2015-07-12 17:30:41
Running from C:\Users\Tahir Kaptan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZI1FRRA
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3795078193-2229101918-834789043-500 - Administrator - Disabled)
Gast (S-1-5-21-3795078193-2229101918-834789043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3795078193-2229101918-834789043-1003 - Limited - Enabled)
Tahir Kaptan (S-1-5-21-3795078193-2229101918-834789043-1002 - Administrator - Enabled) => C:\Users\Tahir Kaptan
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.01.4525 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.01.4525 - Hewlett-Packard Company) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{22706ADC-74A1-43A0-ABAE-47F84966B909}) (Version: 4.2.50.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 39.0 (x86 de) (HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
21-06-2015 09:11:43 Removed Avira Browser Safety
22-06-2015 23:05:46 Wiederherstellungsvorgang
22-06-2015 23:28:54 Removed Avira Browser Safety
22-06-2015 23:35:19 Windows Update
23-06-2015 20:20:36 Avira System Speedup 1.6.10
23-06-2015 20:35:07 Installed Microsoft Office Professional 2010
23-06-2015 20:41:55 Configured Microsoft Office Professional 2010
02-07-2015 19:54:27 Windows Update
11-07-2015 11:59:31 Windows Update
12-07-2015 15:57:23 Removed Avira Browser Safety
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-07-11 17:13 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {68C0EAF4-5FBB-4C1A-B04A-1FB517F4D922} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {98F46F3C-C20F-4F0A-89DE-3C56D20E76BC} - System32\Tasks\{743DBFE6-3A95-4A20-9753-E23B9541B8B6} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {9F07C3AE-96FC-4CCC-B68C-654DF3BACFA5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {C90ED8AE-4303-46D3-B619-3A37285DC6C8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-11] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-14 23:11 - 2012-08-14 23:11 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tahir Kaptan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B73572EA-181A-473E-9E73-82E1B4796BF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82C9ABA3-FCE5-4F65-AED7-8CC73134B0B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{055DEAA4-B1F0-4265-80AE-AF3BC6A98ED4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{677DC65D-22C8-4DD2-86FC-55A2D47BC355}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{954AF93E-519A-45D8-BDE3-FC3483D549FD}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{FED79AF1-187C-436F-B4E8-C9A65313DB46}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{F77828F1-B247-42E1-B1C1-200531265D64}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{27EFB973-567B-4886-9388-8ECA6E344847}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{80F19C5A-4766-4C87-B8A2-004AA77E47DE}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{32C72F66-8D18-4532-9BFF-204E4D18985C}] => (Allow) C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{BD1226FB-94E1-4395-B944-377D11D48EE7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{719282AC-E256-488C-9B03-38CE03211D5E}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [UDP Query User{0C239487-B0CB-4823-8325-AFBAC4826FAC}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [TCP Query User{B9957EFC-5602-4F24-99E9-02556D3AC843}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{1C507A6A-DC89-4969-A11C-0974C1B29BFD}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [TCP Query User{34F6ACFE-FBD6-4398-8F95-DDCC71FC803A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6A3E7B64-228D-46CD-8B27-ED1028EC390E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{EA7D6BD4-EC7F-4419-AB69-1583DB9E6B76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C438A324-7BD4-45C2-958E-F99B33316CCC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
==================== Faulty Device Manager Devices =============
Name: Ralink Bluetooth 4.0 Adapter
Description: Ralink Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/12/2015 05:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x818
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/12/2015 05:18:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 05:15:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0xb30
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/12/2015 05:14:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 05:12:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x3e4
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/12/2015 05:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0xa10
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/12/2015 05:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x15cc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/12/2015 05:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x15d8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/12/2015 05:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 04:08:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/12/2015 05:27:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (07/12/2015 05:27:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Power Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Connection Manager 4 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (07/12/2015 05:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa481801d0bcb61bf2991bC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe5c77890f-28a9-11e5-9c65-b4b52f87dbdd
Error: (07/12/2015 05:18:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 05:15:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa4b3001d0bcb5999198dcC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exed7d1b90d-28a8-11e5-ae46-b4b52f87dbdd
Error: (07/12/2015 05:14:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 05:12:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa43e401d0bcb525d9a4aaC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe64a1734b-28a8-11e5-bca1-b4b52f87dbdd
Error: (07/12/2015 05:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa4a1001d0bcb481c7dc12C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exebf76c852-28a7-11e5-bca1-b4b52f87dbdd
Error: (07/12/2015 05:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa415cc01d0bcb4658b532dC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exea33ca0ce-28a7-11e5-bca1-b4b52f87dbdd
Error: (07/12/2015 05:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa415d801d0bcb446b3065aC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe867002b7-28a7-11e5-bca1-b4b52f87dbdd
Error: (07/12/2015 05:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 04:08:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2015-07-11 17:12:08.412
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-07-11 17:12:08.366
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 39%
Total physical RAM: 3977.51 MB
Available physical RAM: 2408.82 MB
Total Virtual: 7953.23 MB
Available Virtual: 6200.67 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:441.94 GB) (Free:327.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.53 GB) (Free:3.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End of log ============================
--- --- ---
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Tahir Kaptan (administrator) on TAHIRKAPTAN-HP on 12-07-2015 17:29:56
Running from C:\Users\Tahir Kaptan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZI1FRRA
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-03-07] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-16] (IVT Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-22] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{21551550-B0A9-41BF-A30D-B5C3B0A963AC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C90B9278-EF9A-4E49-BEE2-C6A98355A624}: [DhcpNameServer] 172.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3795078193-2229101918-834789043-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Avira Browser Safety - C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default\Extensions\abs@avira.com [2015-05-28]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-03-12]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation) [File not signed]
S3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation) [File not signed]
S2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-22] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
S2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23104 2011-08-13] (Ralink Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [51776 2012-04-03] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48320 2012-03-05] (Ralink Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-22] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [685152 2012-06-14] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 17:25 - 2015-07-12 17:25 - 00000964 _____ C:\Users\Tahir Kaptan\Desktop\JRT.txt
2015-07-12 17:23 - 2015-07-12 17:23 - 00000207 _____ C:\windows\tweaking.com-regbackup-TAHIRKAPTAN-HP-Windows-7-Professional-(64-bit).dat
2015-07-12 17:23 - 2015-07-12 17:23 - 00000000 ____D C:\RegBackup
2015-07-12 17:22 - 2015-07-12 17:22 - 03034102 _____ (Malwarebytes Corporation) C:\Users\Tahir Kaptan\Desktop\JRT.exe
2015-07-12 17:21 - 2015-07-12 17:21 - 00001634 _____ C:\Users\Tahir Kaptan\Desktop\mbam.txt
2015-07-12 17:01 - 2015-07-12 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 16:12 - 2015-07-12 17:20 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-12 16:12 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-12 16:10 - 2015-07-12 16:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tahir Kaptan\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00000992 _____ C:\Users\Tahir Kaptan\Desktop\AdwCleaner[S0].txt
2015-07-12 16:03 - 2015-07-12 16:05 - 00000000 ____D C:\AdwCleaner
2015-07-12 16:03 - 2015-07-12 16:03 - 02248704 _____ C:\Users\Tahir Kaptan\Downloads\AdwCleaner_4.208.exe
2015-07-11 17:24 - 2015-07-11 17:24 - 00026167 _____ C:\ComboFix.txt
2015-07-11 17:00 - 2015-07-11 17:24 - 00000000 ____D C:\ComboFix
2015-07-11 17:00 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-07-11 17:00 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-07-11 17:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-07-11 16:58 - 2015-07-11 17:24 - 00000000 ____D C:\Qoobox
2015-07-11 16:57 - 2015-07-11 17:22 - 00000000 ____D C:\windows\erdnt
2015-07-11 16:55 - 2015-07-11 16:56 - 05633250 ____R (Swearware) C:\Users\Tahir Kaptan\Downloads\ComboFix.exe
2015-07-11 12:26 - 2015-07-11 12:27 - 00037555 _____ C:\Users\Tahir Kaptan\Downloads\Addition.txt
2015-07-11 12:25 - 2015-07-11 12:27 - 00030165 _____ C:\Users\Tahir Kaptan\Downloads\FRST.txt
2015-07-11 12:24 - 2015-07-12 17:30 - 00000000 ____D C:\FRST
2015-07-11 12:23 - 2015-07-11 12:23 - 02130944 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST64.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 01634816 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST.exe
2015-07-11 12:19 - 2015-07-11 12:30 - 00000486 _____ C:\Users\Tahir Kaptan\Downloads\defogger_disable.log
2015-07-11 12:19 - 2015-07-11 12:19 - 00000000 _____ C:\Users\Tahir Kaptan\defogger_reenable
2015-07-11 12:18 - 2015-07-11 12:18 - 00050477 _____ C:\Users\Tahir Kaptan\Downloads\Defogger.exe
2015-07-11 12:11 - 2015-07-11 12:11 - 18174128 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-11 11:53 - 2015-07-11 11:53 - 00262144 _____ C:\windows\Minidump\071115-23415-01.dmp
2015-07-02 19:49 - 2015-07-02 19:49 - 00279960 _____ C:\windows\Minidump\070215-31122-01.dmp
2015-07-02 19:40 - 2015-07-11 11:53 - 00000000 ____D C:\windows\Minidump
2015-07-02 19:40 - 2015-07-02 19:40 - 00279960 _____ C:\windows\Minidump\070215-31527-01.dmp
2015-07-02 19:39 - 2015-07-11 11:53 - 527928465 _____ C:\windows\MEMORY.DMP
2015-06-23 20:09 - 2015-06-23 20:09 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tahir Kaptan\Downloads\avira_de_av_5723627653__ws(2).exe
2015-06-21 07:24 - 2015-06-21 07:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\GWX
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 17:23 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 17:23 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 17:22 - 2013-03-12 05:29 - 01137623 _____ C:\windows\WindowsUpdate.log
2015-07-12 17:18 - 2012-08-16 02:46 - 00000804 _____ C:\windows\SysWOW64\bscs.ini
2015-07-12 17:18 - 2012-04-16 07:20 - 00000000 ____D C:\ProgramData\PDFC
2015-07-12 17:18 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-12 17:17 - 2009-07-14 06:51 - 00086060 _____ C:\windows\setupact.log
2015-07-12 17:11 - 2014-12-18 13:00 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 17:03 - 2010-11-21 05:47 - 00905254 _____ C:\windows\PFRO.log
2015-07-12 16:47 - 2014-04-10 22:42 - 00000956 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job
2015-07-12 15:56 - 2013-08-25 17:00 - 00000000 ____D C:\ProgramData\Avira
2015-07-12 00:29 - 2014-04-10 22:42 - 00000934 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job
2015-07-12 00:21 - 2013-03-12 06:10 - 00002127 _____ C:\windows\epplauncher.mif
2015-07-11 17:17 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-07-11 12:21 - 2013-07-28 15:24 - 00003982 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D11E2A35-796A-4A81-A283-C39673DEED3D}
2015-07-11 12:19 - 2013-07-28 13:15 - 00000000 ____D C:\Users\Tahir Kaptan
2015-07-11 12:17 - 2013-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-11 12:12 - 2014-12-18 13:00 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-11 12:12 - 2014-12-18 13:00 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 12:12 - 2014-12-18 13:00 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-02 19:44 - 2013-07-28 15:25 - 00109696 _____ C:\Users\Tahir Kaptan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 19:34 - 2009-07-14 06:45 - 00409192 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-23 20:48 - 2013-07-29 22:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\Microsoft Help
2015-06-23 20:42 - 2009-07-14 04:34 - 00000478 _____ C:\windows\win.ini
2015-06-23 20:41 - 2012-04-16 07:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-23 20:40 - 2013-09-22 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-23 19:49 - 2012-04-16 05:53 - 01512802 _____ C:\windows\system32\perfh007.dat
2015-06-23 19:49 - 2012-04-16 05:53 - 00409628 _____ C:\windows\system32\perfc007.dat
2015-06-23 19:49 - 2009-07-14 07:13 - 00006476 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-23 19:34 - 2015-02-02 20:29 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Graphisoft
2015-06-23 19:34 - 2015-02-02 20:20 - 00000000 _____ C:\windows\vpd.properties
2015-06-23 19:30 - 2015-02-02 20:09 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Install.GS
2015-06-22 23:09 - 2015-04-05 00:17 - 00000000 ___SD C:\windows\system32\GWX
2015-06-22 23:09 - 2013-07-28 15:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\bluesoleil
2015-06-22 23:09 - 2012-04-16 05:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-22 23:09 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2015-06-22 22:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-21 10:08 - 2014-11-18 21:46 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieBrowserModeList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieUserList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieSiteList
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\Documents\Seas0nPass
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Seas0nPass
2015-06-21 07:24 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-21 07:24 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-21 07:19 - 2014-12-16 18:12 - 00000000 ____D C:\windows\system32\appraiser
2015-06-21 07:19 - 2014-05-10 21:04 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-21 07:18 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
Some files in TEMP:
====================
C:\Users\Tahir Kaptan\AppData\Local\Temp\avgnt.exe
C:\Users\Tahir Kaptan\AppData\Local\Temp\Quarantine.exe
C:\Users\Tahir Kaptan\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-11 14:41
==================== End of log ============================
--- --- ---
|
So funktioniert es:
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
SecurityCheck und:
