Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows XP: Rechner extrem langsam nach Virenscan

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.07.2015, 13:00   #1
Jagjilee
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Hallo,

seit ein paar Tagen ist mein Laptop sehr langsam und braucht sehr lange zum hochfahren.

Ich hab schon Virenscan und Malwarebytes durchgeführt, jedoch ist er immer noch langsam und hängt sich auf.

Könnt ihr mir bitte helfen?


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Tahir Kaptan (administrator) on TAHIRKAPTAN-HP on 11-07-2015 12:25:06
Running from C:\Users\Tahir Kaptan\Downloads
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_191.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_191.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-03-07] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-16] (IVT Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-05-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [Facebook Update] => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-10] (Facebook Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_191_Plugin.exe [927920 2015-07-11] (Adobe Systems Incorporated)
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3795078193-2229101918-834789043-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-22] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{21551550-B0A9-41BF-A30D-B5C3B0A963AC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C90B9278-EF9A-4E49-BEE2-C6A98355A624}: [DhcpNameServer] 172.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3795078193-2229101918-834789043-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Avira Browser Safety - C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default\Extensions\abs@avira.com [2015-05-28]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-03-12]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation) [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-22] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-05-27] (Avira Operations GmbH & Co. KG)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23104 2011-08-13] (Ralink Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [51776 2012-04-03] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48320 2012-03-05] (Ralink Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-06-22] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-22] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [685152 2012-06-14] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 12:25 - 2015-07-11 12:25 - 00020946 _____ C:\Users\Tahir Kaptan\Downloads\FRST.txt
2015-07-11 12:24 - 2015-07-11 12:25 - 00000000 ____D C:\FRST
2015-07-11 12:23 - 2015-07-11 12:23 - 02130944 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST64.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 01634816 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST.exe
2015-07-11 12:19 - 2015-07-11 12:19 - 00000486 _____ C:\Users\Tahir Kaptan\Downloads\defogger_disable.log
2015-07-11 12:19 - 2015-07-11 12:19 - 00000000 _____ C:\Users\Tahir Kaptan\defogger_reenable
2015-07-11 12:18 - 2015-07-11 12:18 - 00050477 _____ C:\Users\Tahir Kaptan\Downloads\Defogger.exe
2015-07-11 12:11 - 2015-07-11 12:11 - 18174128 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-11 11:53 - 2015-07-11 11:53 - 00262144 _____ C:\windows\Minidump\071115-23415-01.dmp
2015-07-02 19:49 - 2015-07-02 19:49 - 00279960 _____ C:\windows\Minidump\070215-31122-01.dmp
2015-07-02 19:40 - 2015-07-11 11:53 - 00000000 ____D C:\windows\Minidump
2015-07-02 19:40 - 2015-07-02 19:40 - 00279960 _____ C:\windows\Minidump\070215-31527-01.dmp
2015-07-02 19:39 - 2015-07-11 11:53 - 527928465 _____ C:\windows\MEMORY.DMP
2015-06-23 20:21 - 2015-06-23 20:21 - 00001129 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-06-23 20:21 - 2015-06-23 20:21 - 00001129 _____ C:\ProgramData\Desktop\Avira System Speedup.lnk
2015-06-23 20:21 - 2015-06-23 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-06-23 20:20 - 2015-06-23 20:20 - 00003320 _____ C:\windows\System32\Tasks\AviraSpeedup
2015-06-23 20:19 - 2015-06-23 20:20 - 00000000 ____D C:\Users\Public\Speedup Sessions
2015-06-23 20:19 - 2015-06-23 20:19 - 00003432 _____ C:\windows\System32\Tasks\Avira Browser Safety Updater Task
2015-06-23 20:18 - 2015-06-23 20:18 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Avira
2015-06-23 20:17 - 2015-05-27 13:11 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-06-23 20:17 - 2015-05-27 13:11 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-06-23 20:17 - 2015-05-27 13:11 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-06-23 20:17 - 2015-05-27 13:11 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-06-23 20:11 - 2015-06-23 20:11 - 00001192 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-23 20:11 - 2015-06-23 20:11 - 00001192 _____ C:\ProgramData\Desktop\Avira.lnk
2015-06-23 20:10 - 2015-07-11 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-23 20:10 - 2015-06-23 20:20 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-23 20:09 - 2015-06-23 20:09 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tahir Kaptan\Downloads\avira_de_av_5723627653__ws(2).exe
2015-06-21 07:24 - 2015-06-21 07:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 12:23 - 2013-03-12 05:29 - 01857323 _____ C:\windows\WindowsUpdate.log
2015-07-11 12:21 - 2013-07-28 15:24 - 00003982 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D11E2A35-796A-4A81-A283-C39673DEED3D}
2015-07-11 12:19 - 2013-07-28 13:15 - 00000000 ____D C:\Users\Tahir Kaptan
2015-07-11 12:17 - 2013-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-11 12:12 - 2014-12-18 13:00 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-11 12:12 - 2014-12-18 13:00 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 12:12 - 2014-12-18 13:00 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-11 12:12 - 2014-12-18 13:00 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-11 12:02 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 12:02 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 11:56 - 2012-04-16 07:20 - 00000000 ____D C:\ProgramData\PDFC
2015-07-11 11:54 - 2012-08-16 02:46 - 00000804 _____ C:\windows\SysWOW64\bscs.ini
2015-07-11 11:54 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-11 11:54 - 2009-07-14 06:51 - 00085612 _____ C:\windows\setupact.log
2015-07-02 22:47 - 2014-04-10 22:42 - 00000956 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job
2015-07-02 22:47 - 2014-04-10 22:42 - 00000934 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job
2015-07-02 19:44 - 2013-07-28 15:25 - 00109696 _____ C:\Users\Tahir Kaptan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 19:34 - 2009-07-14 06:45 - 00409192 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-02 19:33 - 2010-11-21 05:47 - 00903512 _____ C:\windows\PFRO.log
2015-06-23 20:48 - 2013-07-29 22:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\Microsoft Help
2015-06-23 20:42 - 2009-07-14 04:34 - 00000478 _____ C:\windows\win.ini
2015-06-23 20:41 - 2012-04-16 07:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-23 20:40 - 2013-09-22 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-23 20:17 - 2013-08-25 17:00 - 00000000 ____D C:\ProgramData\Avira
2015-06-23 19:49 - 2012-04-16 05:53 - 01512802 _____ C:\windows\system32\perfh007.dat
2015-06-23 19:49 - 2012-04-16 05:53 - 00409628 _____ C:\windows\system32\perfc007.dat
2015-06-23 19:49 - 2009-07-14 07:13 - 00006476 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-23 19:34 - 2015-02-02 20:29 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Graphisoft
2015-06-23 19:34 - 2015-02-02 20:20 - 00000000 _____ C:\windows\vpd.properties
2015-06-23 19:30 - 2015-02-02 20:09 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Install.GS
2015-06-22 23:34 - 2015-01-18 20:43 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 23:09 - 2015-04-05 00:17 - 00000000 ___SD C:\windows\system32\GWX
2015-06-22 23:09 - 2013-07-28 15:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\bluesoleil
2015-06-22 23:09 - 2012-04-16 05:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-22 23:09 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2015-06-22 22:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-21 10:08 - 2014-11-18 21:46 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieBrowserModeList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieUserList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieSiteList
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\Documents\Seas0nPass
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Seas0nPass
2015-06-21 07:24 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-21 07:24 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-21 07:19 - 2014-12-16 18:12 - 00000000 ____D C:\windows\system32\appraiser
2015-06-21 07:19 - 2014-05-10 21:04 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-21 07:18 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions

Some files in TEMP:
====================
C:\Users\Tahir Kaptan\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-29 18:14

==================== End of log ============================
         
--- --- ---

FRST Additions Logfile:
[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Tahir Kaptan at 2015-07-11 12:26:16
Running from C:\Users\Tahir Kaptan\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3795078193-2229101918-834789043-500 - Administrator - Disabled)
Gast (S-1-5-21-3795078193-2229101918-834789043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3795078193-2229101918-834789043-1003 - Limited - Enabled)
Tahir Kaptan (S-1-5-21-3795078193-2229101918-834789043-1002 - Administrator - Enabled) => C:\Users\Tahir Kaptan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6.10.1246 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.01.4525 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.01.4525 - Hewlett-Packard Company) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{22706ADC-74A1-43A0-ABAE-47F84966B909}) (Version: 4.2.50.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 38.0.5 (x86 de) (HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-06-2015 07:33:29 Windows Update
21-06-2015 09:11:43 Removed Avira Browser Safety
22-06-2015 23:05:46 Wiederherstellungsvorgang
22-06-2015 23:28:54 Removed Avira Browser Safety
22-06-2015 23:35:19 Windows Update
23-06-2015 20:20:36 Avira System Speedup 1.6.10
23-06-2015 20:35:07 Installed Microsoft Office Professional 2010
23-06-2015 20:41:55 Configured Microsoft Office Professional 2010
02-07-2015 19:54:27 Windows Update
11-07-2015 11:59:31 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0254C8A5-BF21-435B-8DD4-63E318A4E3AE} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-06-17] (Avira Operations GmbH & Co. KG)
Task: {68C0EAF4-5FBB-4C1A-B04A-1FB517F4D922} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {98F46F3C-C20F-4F0A-89DE-3C56D20E76BC} - System32\Tasks\{743DBFE6-3A95-4A20-9753-E23B9541B8B6} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {9F07C3AE-96FC-4CCC-B68C-654DF3BACFA5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {9F6E086D-4C2D-4C55-BBEB-DF446C651068} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {C90ED8AE-4303-46D3-B619-3A37285DC6C8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-11] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-01-18 01:57 - 2012-01-18 01:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-03-22 01:14 - 2012-03-22 01:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-14 23:11 - 2012-08-14 23:11 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2012-03-22 00:36 - 2012-03-22 00:36 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-08-14 23:13 - 2012-08-14 23:13 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2012-03-27 05:33 - 2012-03-27 05:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-03-12 05:36 - 2012-03-28 19:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-22 01:00 - 2012-03-22 01:00 - 02846720 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-03-22 00:59 - 2012-03-22 00:59 - 03002368 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-03-22 01:04 - 2012-03-22 01:04 - 02850816 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-03-22 01:02 - 2012-03-22 01:02 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-03-22 00:38 - 2012-03-22 00:38 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-03-22 00:39 - 2012-03-22 00:39 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-08-14 23:16 - 2012-08-14 23:16 - 00072192 _____ () C:\windows\system32\BsProfilefunc.dll
2012-08-16 02:20 - 2012-08-16 02:20 - 00356352 _____ () C:\windows\system32\BsExtendFunc.dll
2011-04-08 18:57 - 2011-04-08 18:57 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-11-02 12:12 - 2014-11-02 12:12 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-12 05:35 - 2012-03-28 19:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-07-11 12:12 - 2015-07-11 12:12 - 16867504 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tahir Kaptan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B73572EA-181A-473E-9E73-82E1B4796BF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82C9ABA3-FCE5-4F65-AED7-8CC73134B0B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{055DEAA4-B1F0-4265-80AE-AF3BC6A98ED4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{677DC65D-22C8-4DD2-86FC-55A2D47BC355}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{954AF93E-519A-45D8-BDE3-FC3483D549FD}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{FED79AF1-187C-436F-B4E8-C9A65313DB46}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{F77828F1-B247-42E1-B1C1-200531265D64}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{27EFB973-567B-4886-9388-8ECA6E344847}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{80F19C5A-4766-4C87-B8A2-004AA77E47DE}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{32C72F66-8D18-4532-9BFF-204E4D18985C}] => (Allow) C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{BD1226FB-94E1-4395-B944-377D11D48EE7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{719282AC-E256-488C-9B03-38CE03211D5E}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [UDP Query User{0C239487-B0CB-4823-8325-AFBAC4826FAC}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [TCP Query User{B9957EFC-5602-4F24-99E9-02556D3AC843}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{1C507A6A-DC89-4969-A11C-0974C1B29BFD}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [TCP Query User{34F6ACFE-FBD6-4398-8F95-DDCC71FC803A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6A3E7B64-228D-46CD-8B27-ED1028EC390E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{EA7D6BD4-EC7F-4419-AB69-1583DB9E6B76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C438A324-7BD4-45C2-958E-F99B33316CCC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Ralink Bluetooth 4.0 Adapter
Description: Ralink Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2015 11:56:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 08:36:21 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (07/02/2015 08:36:20 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{468a0e39-8ac4-11e2-abf7-806e6f6e6963} - 000000000000013C,0x0053c010,00000000001932E0,0,00000000001942F0,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (07/02/2015 07:52:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 07:43:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 07:36:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 08:51:42 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=c4109e90-6c4a-44f6-b380-ef6137122f16

Error: (06/23/2015 08:51:42 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0xC004C003

Error: (06/23/2015 08:48:00 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=c4109e90-6c4a-44f6-b380-ef6137122f16

Error: (06/23/2015 08:48:00 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0xC004C003


System errors:
=============
Error: (07/11/2015 12:22:37 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/11/2015 12:15:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.201.739.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (07/11/2015 12:15:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.201.739.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (07/11/2015 12:15:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.201.739.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (07/11/2015 12:15:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Update für Office-Dateiüberprüfung 2010, 32-Bit-Edition (KB2553065)

Error: (07/11/2015 12:15:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Update für Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit-Edition

Error: (07/11/2015 12:04:25 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/11/2015 11:58:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/11/2015 11:54:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet: 
%%3

Error: (07/11/2015 11:53:57 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x0000000000000006, 0xfffffa80093a1b50, 0xfffffa8009253340, 0xfffff800031c3df0)C:\windows\MEMORY.DMP071115-23415-01


Microsoft Office:
=========================
Error: (07/11/2015 11:56:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 08:36:21 PM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (07/02/2015 08:36:20 PM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{468a0e39-8ac4-11e2-abf7-806e6f6e6963} - 000000000000013C,0x0053c010,00000000001932E0,0,00000000001942F0,4096,[0])

Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (07/02/2015 07:52:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 07:43:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 07:36:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 08:51:42 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: )
Description: hr=0xC004C003c4109e90-6c4a-44f6-b380-ef6137122f16

Error: (06/23/2015 08:51:42 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00300010001(0x00000000, 20:51:42:238 - hxxp://go.microsoft.com/fwlink/?LinkID=120751)
00020001(0x00000000, 20:51:42:238)
00030001(0x00000000, 20:51:42:238 - hxxp://go.microsoft.com)
00030002(0x00000000, 20:51:42:238 - 1)
00020005(0x00000000, 20:51:42:238 - 0)
0002000C(0x00000000, 20:51:42:362 - 302)
0002000E(0x00000000, 20:51:42:362 - https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx?configextension=o14)
00020001(0x00000000, 20:51:42:362)
00030001(0x00000000, 20:51:42:362 - https://activation.sls.microsoft.com)
00030002(0x00000000, 20:51:42:362 - 1)
00020005(0x00000000, 20:51:42:362 - 0)
0002000C(0x00000000, 20:51:42:565 - 500)
00010002(0x8004FC01, 20:51:42:565 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked.  ---&gt; Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 20:51:42:565)

Error: (06/23/2015 08:48:00 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: )
Description: hr=0xC004C003c4109e90-6c4a-44f6-b380-ef6137122f16

Error: (06/23/2015 08:48:00 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00300010001(0x00000000, 20:47:59:863 - hxxp://go.microsoft.com/fwlink/?LinkID=120751)
00020001(0x00000000, 20:47:59:863)
00030001(0x00000000, 20:47:59:863 - hxxp://go.microsoft.com)
00030002(0x00000000, 20:47:59:863 - 1)
00020005(0x00000000, 20:47:59:863 - 0)
0002000C(0x00000000, 20:48:00:081 - 302)
0002000E(0x00000000, 20:48:00:081 - https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx?configextension=o14)
00020001(0x00000000, 20:48:00:081)
00030001(0x00000000, 20:48:00:081 - https://activation.sls.microsoft.com)
00030002(0x00000000, 20:48:00:081 - 1)
00020005(0x00000000, 20:48:00:081 - 0)
0002000C(0x00000000, 20:48:00:721 - 500)
00010002(0x8004FC01, 20:48:00:737 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked.  ---&gt; Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 20:48:00:737)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 63%
Total physical RAM: 3977.51 MB
Available physical RAM: 1459.6 MB
Total Virtual: 7953.23 MB
Available Virtual: 4608.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.94 GB) (Free:326.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.53 GB) (Free:3.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End of log ============================
         
--- --- ---

--- --- ---

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-11 12:44:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HGST_HTS rev.GG2O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\TAHIRK~1\AppData\Local\Temp\kxliykoc.sys


---- Threads - GMER 2.1 ----

Thread  C:\windows\SysWOW64\ntdll.dll [3672:6440]                                                        0000000001341877
Thread  C:\windows\SysWOW64\ntdll.dll [3672:1500]                                                        00000000672ff8b0
Thread  C:\windows\SysWOW64\ntdll.dll [3672:6316]                                                        00000000672fe8a0
Thread  C:\windows\SysWOW64\ntdll.dll [3672:2188]                                                        00000000672ff2e0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2ac3e4e                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2ac3e4e@c4731e62ad5d         0x38 0xC7 0x34 0x80 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2ac3e4e (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2ac3e4e@c4731e62ad5d             0x38 0xC7 0x34 0x80 ...

---- EOF - GMER 2.1 ----
         
--- --- ---

Code:
ATTFilter

Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 2. Juli 2015  20:09


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : TAHIRKAPTAN-HP

Versionsinformationen:
BUILD.DAT      : 15.0.11.574   109728 Bytes  27.05.2015 13:12:00
AVSCAN.EXE     : 15.0.11.574  1040688 Bytes  27.05.2015 11:11:28
AVSCANRC.DLL   : 15.0.11.478    63792 Bytes  27.05.2015 11:11:29
LUKE.DLL       : 15.0.11.550    59696 Bytes  27.05.2015 11:11:48
AVSCPLR.DLL    : 15.0.11.550    95024 Bytes  27.05.2015 11:11:29
REPAIR.DLL     : 15.0.11.572   463608 Bytes  27.05.2015 11:11:27
REPAIR.RDF     : 1.0.8.58      941676 Bytes  02.07.2015 18:01:40
AVREG.DLL      : 15.0.11.550   276784 Bytes  27.05.2015 11:11:27
AVLODE.DLL     : 15.0.11.572   611632 Bytes  27.05.2015 11:11:26
AVLODE.RDF     : 14.0.4.70      79227 Bytes  27.05.2015 11:11:26
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 11:11:53
XBV00092.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:27
XBV00093.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:27
XBV00094.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:27
XBV00095.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:27
XBV00096.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:27
XBV00097.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:28
XBV00098.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:28
XBV00099.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:28
XBV00100.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:28
XBV00101.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:28
XBV00102.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:28
XBV00103.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:28
XBV00104.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:28
XBV00105.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:28
XBV00106.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:28
XBV00107.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:28
XBV00108.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00109.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00110.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00111.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00112.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00113.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00114.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00115.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00116.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00117.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00118.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00119.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00120.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00121.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00122.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00123.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:29
XBV00124.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00125.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00126.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00127.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00128.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00129.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00130.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00131.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00132.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00133.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00134.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00135.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00136.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00137.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00138.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:30
XBV00139.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:31
XBV00140.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:31
XBV00141.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:31
XBV00142.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:31
XBV00143.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:31
XBV00144.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:31
XBV00145.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:31
XBV00146.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:31
XBV00147.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:31
XBV00148.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:32
XBV00149.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:32
XBV00150.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:32
XBV00151.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:32
XBV00152.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:32
XBV00153.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:32
XBV00154.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:32
XBV00155.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:32
XBV00156.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:33
XBV00157.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:33
XBV00158.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:33
XBV00159.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:33
XBV00160.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:33
XBV00161.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:33
XBV00162.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:33
XBV00163.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:33
XBV00164.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:33
XBV00165.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:34
XBV00166.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:34
XBV00167.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:34
XBV00168.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:34
XBV00169.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:34
XBV00170.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:34
XBV00171.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:34
XBV00172.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:34
XBV00173.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:34
XBV00174.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:34
XBV00175.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:35
XBV00176.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:35
XBV00177.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:35
XBV00178.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:35
XBV00179.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:35
XBV00180.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:35
XBV00181.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:35
XBV00182.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:35
XBV00183.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:35
XBV00184.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:35
XBV00185.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:35
XBV00186.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:36
XBV00187.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:36
XBV00188.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:36
XBV00189.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:36
XBV00190.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:36
XBV00191.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:36
XBV00192.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:36
XBV00193.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:36
XBV00194.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:36
XBV00195.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:36
XBV00196.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:36
XBV00197.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:37
XBV00198.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:37
XBV00199.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:37
XBV00200.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:37
XBV00201.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:38
XBV00202.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:38
XBV00203.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:38
XBV00204.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:38
XBV00205.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:38
XBV00206.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:38
XBV00207.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:38
XBV00208.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:39
XBV00209.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:39
XBV00210.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:39
XBV00211.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:39
XBV00212.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:39
XBV00213.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:39
XBV00214.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:39
XBV00215.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:39
XBV00216.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:40
XBV00217.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:40
XBV00218.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:40
XBV00219.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:40
XBV00220.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:40
XBV00221.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:40
XBV00222.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:40
XBV00223.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:40
XBV00224.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:41
XBV00225.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:41
XBV00226.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:41
XBV00227.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:41
XBV00228.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:42
XBV00229.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:42
XBV00230.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:42
XBV00231.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:42
XBV00232.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:42
XBV00233.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:42
XBV00234.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:42
XBV00235.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:42
XBV00236.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:42
XBV00237.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:42
XBV00238.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:42
XBV00239.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:43
XBV00240.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:43
XBV00241.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:43
XBV00242.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:43
XBV00243.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:43
XBV00244.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:43
XBV00245.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:44
XBV00246.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:44
XBV00247.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:44
XBV00248.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:44
XBV00249.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:44
XBV00250.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:45
XBV00251.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:45
XBV00252.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:45
XBV00253.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:45
XBV00254.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:46
XBV00255.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 18:00:46
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 11:11:53
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 11:11:53
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 11:11:53
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 11:11:53
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 11:11:53
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 11:11:53
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 11:11:53
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 11:11:53
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 11:11:53
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 11:11:53
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 11:11:53
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 11:11:53
XBV00012.VDF   : 8.11.190.32  1876992 Bytes  03.12.2014 11:11:53
XBV00013.VDF   : 8.11.201.28  2973696 Bytes  14.01.2015 11:11:53
XBV00014.VDF   : 8.11.206.252  2695680 Bytes  04.02.2015 11:11:53
XBV00015.VDF   : 8.11.213.84  3175936 Bytes  03.03.2015 11:11:53
XBV00016.VDF   : 8.11.213.176   212480 Bytes  05.03.2015 11:11:53
XBV00017.VDF   : 8.11.219.166  2033664 Bytes  25.03.2015 11:11:53
XBV00018.VDF   : 8.11.225.88  2367488 Bytes  22.04.2015 11:11:53
XBV00019.VDF   : 8.11.230.186  1674752 Bytes  13.05.2015 11:11:53
XBV00020.VDF   : 8.11.237.30  4711936 Bytes  02.06.2015 18:19:34
XBV00021.VDF   : 8.11.243.12  2747904 Bytes  26.06.2015 18:00:20
XBV00042.VDF   : 8.11.243.20     3584 Bytes  26.06.2015 18:00:20
XBV00043.VDF   : 8.11.243.28     2048 Bytes  26.06.2015 18:00:20
XBV00044.VDF   : 8.11.243.36     2048 Bytes  26.06.2015 18:00:20
XBV00045.VDF   : 8.11.243.46    38912 Bytes  26.06.2015 18:00:21
XBV00046.VDF   : 8.11.243.48     3584 Bytes  26.06.2015 18:00:21
XBV00047.VDF   : 8.11.243.52    27136 Bytes  27.06.2015 18:00:21
XBV00048.VDF   : 8.11.243.54    36864 Bytes  27.06.2015 18:00:21
XBV00049.VDF   : 8.11.243.56     8704 Bytes  27.06.2015 18:00:21
XBV00050.VDF   : 8.11.243.60    83968 Bytes  28.06.2015 18:00:21
XBV00051.VDF   : 8.11.243.62     2048 Bytes  28.06.2015 18:00:21
XBV00052.VDF   : 8.11.243.70     6656 Bytes  28.06.2015 18:00:22
XBV00053.VDF   : 8.11.243.78     8192 Bytes  28.06.2015 18:00:22
XBV00054.VDF   : 8.11.243.86     3584 Bytes  28.06.2015 18:00:22
XBV00055.VDF   : 8.11.243.94    68608 Bytes  29.06.2015 18:00:22
XBV00056.VDF   : 8.11.243.96     4608 Bytes  29.06.2015 18:00:22
XBV00057.VDF   : 8.11.243.98     5120 Bytes  29.06.2015 18:00:22
XBV00058.VDF   : 8.11.243.100     5632 Bytes  29.06.2015 18:00:22
XBV00059.VDF   : 8.11.243.102     5120 Bytes  29.06.2015 18:00:23
XBV00060.VDF   : 8.11.243.122    46080 Bytes  29.06.2015 18:00:23
XBV00061.VDF   : 8.11.243.124     2048 Bytes  29.06.2015 18:00:23
XBV00062.VDF   : 8.11.243.126    26624 Bytes  29.06.2015 18:00:23
XBV00063.VDF   : 8.11.243.128     2048 Bytes  29.06.2015 18:00:23
XBV00064.VDF   : 8.11.243.134    18944 Bytes  29.06.2015 18:00:23
XBV00065.VDF   : 8.11.243.138    33280 Bytes  30.06.2015 18:00:23
XBV00066.VDF   : 8.11.243.146    30208 Bytes  30.06.2015 18:00:23
XBV00067.VDF   : 8.11.243.152    14336 Bytes  30.06.2015 18:00:24
XBV00068.VDF   : 8.11.243.158     3584 Bytes  30.06.2015 18:00:24
XBV00069.VDF   : 8.11.243.170    33792 Bytes  30.06.2015 18:00:24
XBV00070.VDF   : 8.11.243.176     2560 Bytes  30.06.2015 18:00:24
XBV00071.VDF   : 8.11.243.184    29184 Bytes  30.06.2015 18:00:24
XBV00072.VDF   : 8.11.243.186    15360 Bytes  30.06.2015 18:00:25
XBV00073.VDF   : 8.11.243.188    10752 Bytes  30.06.2015 18:00:25
XBV00074.VDF   : 8.11.243.192    85504 Bytes  01.07.2015 18:00:25
XBV00075.VDF   : 8.11.243.194     2048 Bytes  01.07.2015 18:00:25
XBV00076.VDF   : 8.11.243.196     2048 Bytes  01.07.2015 18:00:25
XBV00077.VDF   : 8.11.243.198     2048 Bytes  01.07.2015 18:00:25
XBV00078.VDF   : 8.11.243.200    12288 Bytes  01.07.2015 18:00:26
XBV00079.VDF   : 8.11.243.234    47104 Bytes  01.07.2015 18:00:26
XBV00080.VDF   : 8.11.244.42    33792 Bytes  01.07.2015 18:00:26
XBV00081.VDF   : 8.11.244.74    42496 Bytes  01.07.2015 18:00:26
XBV00082.VDF   : 8.11.244.106    23040 Bytes  01.07.2015 18:00:26
XBV00083.VDF   : 8.11.244.142    17408 Bytes  01.07.2015 18:00:26
XBV00084.VDF   : 8.11.244.148    59904 Bytes  02.07.2015 18:00:26
XBV00085.VDF   : 8.11.244.152     2048 Bytes  02.07.2015 18:00:26
XBV00086.VDF   : 8.11.244.154     8192 Bytes  02.07.2015 18:00:27
XBV00087.VDF   : 8.11.244.156     5120 Bytes  02.07.2015 18:00:27
XBV00088.VDF   : 8.11.244.158     3584 Bytes  02.07.2015 18:00:27
XBV00089.VDF   : 8.11.244.160     3584 Bytes  02.07.2015 18:00:27
XBV00090.VDF   : 8.11.244.164    34816 Bytes  02.07.2015 18:00:27
XBV00091.VDF   : 8.11.244.166     2048 Bytes  02.07.2015 18:00:27
LOCAL000.VDF   : 8.11.244.166 129902080 Bytes  02.07.2015 18:05:25
Engineversion  : 8.3.32.12 
AEBB.DLL       : 8.1.2.0        60448 Bytes  27.05.2015 11:11:22
AECORE.DLL     : 8.3.7.2       249920 Bytes  23.06.2015 18:19:25
AEDROID.DLL    : 8.4.3.280    1480616 Bytes  02.07.2015 18:00:13
AEEMU.DLL      : 8.1.3.4       399264 Bytes  27.05.2015 11:11:22
AEEXP.DLL      : 8.4.2.88      266296 Bytes  27.05.2015 11:11:22
AEGEN.DLL      : 8.1.7.42      457576 Bytes  02.07.2015 17:59:46
AEHELP.DLL     : 8.3.2.2       281456 Bytes  02.07.2015 17:59:46
AEHEUR.DLL     : 8.1.4.1758   8523840 Bytes  02.07.2015 18:00:06
AEMOBILE.DLL   : 8.1.7.4       280488 Bytes  23.06.2015 18:19:30
AEOFFICE.DLL   : 8.3.1.42      399272 Bytes  02.07.2015 18:00:07
AEPACK.DLL     : 8.4.0.82      792488 Bytes  02.07.2015 18:00:09
AERDL.DLL      : 8.2.1.20      731040 Bytes  27.05.2015 11:11:22
AESBX.DLL      : 8.2.21.0     1622072 Bytes  27.05.2015 11:11:22
AESCN.DLL      : 8.3.2.10      142456 Bytes  27.05.2015 11:11:22
AESCRIPT.DLL   : 8.2.2.76      528448 Bytes  02.07.2015 18:00:11
AEVDF.DLL      : 8.3.1.6       133992 Bytes  27.05.2015 11:11:22
AVWINLL.DLL    : 15.0.11.478    25904 Bytes  27.05.2015 11:11:31
AVPREF.DLL     : 15.0.11.478    54216 Bytes  27.05.2015 11:11:27
AVREP.DLL      : 15.0.11.478   220464 Bytes  27.05.2015 11:11:27
AVARKT.DLL     : 15.0.11.478   228088 Bytes  27.05.2015 11:11:23
AVEVTLOG.DLL   : 15.0.11.550   195320 Bytes  27.05.2015 11:11:24
SQLITE3.DLL    : 15.0.11.478   455472 Bytes  27.05.2015 11:11:52
AVSMTP.DLL     : 15.0.11.478    79096 Bytes  27.05.2015 11:11:30
NETNT.DLL      : 15.0.11.478    16384 Bytes  27.05.2015 11:11:49
CommonImageRc.dll: 15.0.11.478  4279600 Bytes  27.05.2015 11:11:51
CommonTextRc.dll: 15.0.11.478    69936 Bytes  27.05.2015 11:11:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\Antivirus\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, G:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 2. Juli 2015  20:09

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, E:, G:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsMpEng.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'DpHostW.exe' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '172' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV64.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Hpservice.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vcsFPService.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'DPAgent.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '199' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'BlueSoleilCS.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'GWX.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPFSService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPHotkeyMonitor.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'MfeEpeHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdfsvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'uArcCapture.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqWmiEx.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'BsHelpCS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'NisSrv.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'MpCmdRun.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'MpCmdRun.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'DPAgent.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray64.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'msseces.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplePhotoStreams.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'iCloudServices.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBController.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtTray.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'coreshredder.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpConnectionManager.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '141' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpCMSrv.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPPA_Service.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPPA_Main.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDKCOMServer.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdiSdkHelperx64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'AM_Delta.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'MpSigStub.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'msfeedssync.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1376' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
    [0] Archivtyp: RSRC
    --> C:\Program Files\Hewlett-Packard\Drivers\Global\HPMDP\x86\WUDFUpdate_01009.dll
        [1] Archivtyp: RSRC
      --> C:\swsetup\HP3DDG\drivers\amd64\WUDFUpdate_01009.dll
          [2] Archivtyp: RSRC
        --> C:\swsetup\HP3DDG\drivers\x86\WUDFUpdate_01009.dll
            [3] Archivtyp: RSRC
          --> C:\Users\Tahir Kaptan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHGI70JK\1[1].zip
              [4] Archivtyp: ZIP
            --> sweetsearch@gmail.com!1.0.0.1031.xpi
                [5] Archivtyp: ZIP
              --> chrome/content/toolbar.js
                  [FUND]      Enthält Muster der Software PUA/Trollbar.AO
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
            --> ffv2_0.0.4.xpi
                [5] Archivtyp: ZIP
              --> chrome/content/js/js.js
                  [FUND]      Enthält Muster der Software PUA/QuickSearch.P
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> install.rdf
                  [FUND]      Enthält Muster der Software PUA/QuickSearch.Y
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Tahir Kaptan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHGI70JK\1[1].zip
  [FUND]      Enthält Muster der Software PUA/QuickSearch.Y
Beginne mit der Suche in 'E:\' <HP_TOOLS>
Beginne mit der Suche in 'G:\' <HP_RECOVERY>

Beginne mit der Desinfektion:
C:\Users\Tahir Kaptan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHGI70JK\1[1].zip
  [FUND]      Enthält Muster der Software PUA/QuickSearch.Y
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '494e27fe.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 2. Juli 2015  22:51
Benötigte Zeit:  2:29:41 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  32454 Verzeichnisse wurden überprüft
 758584 Dateien wurden geprüft
      4 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 758580 Dateien ohne Befall
   5299 Archive wurden durchsucht
      3 Warnungen
      1 Hinweise
 980282 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         

Alt 11.07.2015, 13:03   #2
M-K-D-B
/// TB-Ausbilder
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!



Logdatei von MBAM bitte noch posten!
__________________

__________________

Alt 11.07.2015, 14:22   #3
Jagjilee
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Danke für die schnelle Antwort!


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.06.2015
Suchlauf-Zeit: 23:35:20
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.06.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Tahir Kaptan

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 347963
Verstrichene Zeit: 43 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [ada054eea5e521151c6adca20bf8f010], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [ada054eea5e521151c6adca20bf8f010], 

Dateien: 1
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [ada054eea5e521151c6adca20bf8f010], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
__________________

Alt 11.07.2015, 16:47   #4
M-K-D-B
/// TB-Ausbilder
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Servus,



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alt 11.07.2015, 17:28   #5
Jagjilee
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Bitte


Combofix Logfile:
Code:
ATTFilter
ComboFix 15-07-10.01 - Tahir Kaptan 11.07.2015  17:03:12.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3978.1764 [GMT 2:00]
ausgeführt von:: c:\users\Tahir Kaptan\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Phone\Skype.exe
c:\users\Tahir Kaptan\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\TAHIRK~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-11 bis 2015-07-11  ))))))))))))))))))))))))))))))
.
.
2015-07-11 10:24 . 2015-07-11 10:27	--------	d-----w-	C:\FRST
2015-07-11 10:24 . 2015-07-02 17:56	1190000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6ABA531-35F2-4AF5-ADAD-51BEBE8327BF}\gapaengine.dll
2015-07-11 10:16 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91427FA3-C6CB-4968-9F86-DE989ABA972E}\mpengine.dll
2015-07-11 10:11 . 2015-07-11 10:11	18174128	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-07-02 17:57 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-23 18:19 . 2015-06-23 18:20	--------	d-----w-	c:\users\Public\Speedup Sessions
2015-06-23 18:18 . 2015-06-23 18:18	--------	d-----w-	c:\users\Tahir Kaptan\AppData\Roaming\Avira
2015-06-23 18:17 . 2015-05-27 11:11	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-06-23 18:17 . 2015-05-27 11:11	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2015-06-23 18:17 . 2015-05-27 11:11	132656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-06-23 18:17 . 2015-05-27 11:11	153256	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-06-23 18:10 . 2015-06-23 18:20	--------	d-----w-	c:\program files (x86)\Avira
2015-06-23 18:10 . 2015-06-23 18:10	--------	d-----w-	c:\programdata\Package Cache
2015-06-21 05:24 . 2015-06-21 05:24	--------	d-----w-	c:\users\Tahir Kaptan\AppData\Local\GWX
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-11 12:17 . 2015-01-18 18:43	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-11 10:12 . 2014-12-18 11:00	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-11 10:12 . 2014-12-18 11:00	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-02 17:56 . 2014-01-09 21:33	1190000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-10 20:51 . 2014-01-05 19:24	140135120	----a-w-	c:\windows\system32\MRT.exe
2015-06-01 19:16 . 2015-06-10 19:50	389840	----a-w-	c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-10 19:50	24917504	----a-w-	c:\windows\system32\mshtml.dll
2015-05-25 18:24 . 2015-06-10 19:53	5569984	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-10 19:53	155584	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:23 . 2015-06-10 19:53	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:21 . 2015-06-10 19:53	1728960	----a-w-	c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 19:53	243712	----a-w-	c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 19:53	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 19:52	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 19:53	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 19:53	1255424	----a-w-	c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 19:53	210944	----a-w-	c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-10 19:53	879104	----a-w-	c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 19:53	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-10 19:53	136192	----a-w-	c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-10 19:53	29184	----a-w-	c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-10 19:53	503808	----a-w-	c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 19:53	113664	----a-w-	c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 19:53	50176	----a-w-	c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 19:53	28160	----a-w-	c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-10 19:53	342016	----a-w-	c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-10 19:53	314880	----a-w-	c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-10 19:53	309760	----a-w-	c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-10 19:53	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 19:53	728576	----a-w-	c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-10 19:53	424960	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 19:53	1162752	----a-w-	c:\windows\system32\kernel32.dll
2015-05-25 18:19 . 2015-06-10 19:53	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-05-25 18:18 . 2015-06-10 19:53	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 19:53	22016	----a-w-	c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-10 19:53	879104	----a-w-	c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 19:53	404992	----a-w-	c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 19:53	47104	----a-w-	c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 19:53	112640	----a-w-	c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 19:53	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 19:53	43008	----a-w-	c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 19:53	104448	----a-w-	c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 19:53	31232	----a-w-	c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-10 19:53	19456	----a-w-	c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 19:53	338432	----a-w-	c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-10 19:53	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-10 19:52	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-10 19:52	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-10 19:52	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 19:52	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 19:52	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-10 19:53	3989440	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 19:53	3934144	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 19:53	1310744	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 19:53	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-10 19:53	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-10 19:53	635392	----a-w-	c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 19:53	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 19:53	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 19:53	92160	----a-w-	c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 19:53	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-10 19:53	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-10 19:53	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 19:53	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-10 19:53	551424	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-10 19:53	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-10 19:53	641536	----a-w-	c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 19:53	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 19:53	40448	----a-w-	c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 19:53	364544	----a-w-	c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 19:53	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 19:53	37888	----a-w-	c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 19:53	82944	----a-w-	c:\windows\SysWow64\logman.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-03-01 56088]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-03-07 684024]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-03-14 319360]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-03-15 184704]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-08-16 364032]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-03-22 12310616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-06-02 134368]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-05-27 730416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-11-19 17:12	75648	----a-w-	c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-18 10:12]
.
2015-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job
- c:\users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10 20:42]
.
2015-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job
- c:\users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10 20:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 439064]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-05 1425408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-MfeEpePcMonitor - c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-07-11  17:24:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-07-11 15:24
.
Vor Suchlauf: 12 Verzeichnis(se), 351.456.911.360 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 351.351.971.840 Bytes frei
.
- - End Of File - - A4D98E29A772B5C3813948F8F2900081
         
--- --- ---


Alt 11.07.2015, 23:09   #6
M-K-D-B
/// TB-Ausbilder
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Servus,



Mehrere Anti-Virus-Programme

Code:
ATTFilter
Microsoft
Avira
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.






Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
__________________
--> Windows XP: Rechner extrem langsam nach Virenscan

Alt 12.07.2015, 00:26   #7
Jagjilee
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Servus,

bevor ich eins von den beiden Anti-Virus Programme lösche, würde ich gerne nach deiner Meinung fragen, welchen von den beiden ich eher löschen sollte?!

Danach gehe ich die 4 Schritte durch

Alt 12.07.2015, 12:19   #8
M-K-D-B
/// TB-Ausbilder
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Zitat:
Zitat von Jagjilee Beitrag anzeigen
bevor ich eins von den beiden Anti-Virus Programme lösche, würde ich gerne nach deiner Meinung fragen, welchen von den beiden ich eher löschen sollte?!
Wir empfehlen Avira nicht mehr, weil es einem eine lästige Toolbar (Ask) unterjubelt und mit Werbung nervt.
Bei MSE gibt es keine Werbung.

Allerdings ist die Erkennungsrate von Avira wohl besser als bei MSE.

Ich verwende schon seit einiger Zeit MSE + MBAM, läuft gut zusammen.

Letztendlich ist es deine Entscheidung.

Alt 12.07.2015, 17:35   #9
Jagjilee
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Alles klar, habe AntiVir entfernt.

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 12/07/2015 um 16:05:43
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-11.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Tahir Kaptan - TAHIRKAPTAN-HP
# Gestarted von : C:\Users\Tahir Kaptan\Downloads\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v34.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [876 Bytes] - [12/07/2015 16:03:51]
AdwCleaner[R1].txt - [934 Bytes] - [12/07/2015 16:05:16]
AdwCleaner[S0].txt - [855 Bytes] - [12/07/2015 16:05:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [913  Bytes] ##########
         
--- --- ---

[/CODE]

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, Domain Database, 0.0.0.0, 2015.6.12.1, 
Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, IP Database, 0.0.0.0, 2015.6.12.1, 
Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, Rootkit Database, 2015.2.25.1, 2015.7.10.1, 
Update, 12.07.2015 16:12:51, SYSTEM, TAHIRKAPTAN-HP, Manual, Remediation Database, 2015.3.9.1, 2015.7.1.2, 
Update, 12.07.2015 16:12:58, SYSTEM, TAHIRKAPTAN-HP, Manual, Malware Database, 2015.3.9.5, 2015.7.12.2, 
Scan, 12.07.2015 16:59:59, SYSTEM, TAHIRKAPTAN-HP, Manual, Start: 12.07.2015 16:13:52, Dauer: 46 Minuten 7 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung, 
Error, 12.07.2015 17:04:43, SYSTEM, TAHIRKAPTAN-HP, Protection, IsLicensed, 13, 
Protection, 12.07.2015 17:04:43, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopping, 
Protection, 12.07.2015 17:04:43, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopped, 
Error, 12.07.2015 17:14:16, SYSTEM, TAHIRKAPTAN-HP, Protection, IsLicensed, 13, 
Protection, 12.07.2015 17:14:16, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopping, 
Protection, 12.07.2015 17:14:16, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopped, 
Error, 12.07.2015 17:18:32, SYSTEM, TAHIRKAPTAN-HP, Protection, IsLicensed, 13, 
Protection, 12.07.2015 17:18:32, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopping, 
Protection, 12.07.2015 17:18:32, SYSTEM, TAHIRKAPTAN-HP, Protection, Malware Protection, Stopped, 

(end)
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.5 (07.12.2015:1)
OS: Windows 7 Professional x64
Ran by Tahir Kaptan on 12.07.2015 at 17:23:04,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\DIGITA~1
Successfully deleted: [Folder] C:\Users\Tahir Kaptan\appdata\local\DIGITA~1
Successfully deleted: [Folder] C:\Users\Tahir Kaptan\AppData\Roaming\DIGITA~1



~~~ FireFox

Emptied folder: C:\Users\Tahir Kaptan\AppData\Roaming\mozilla\firefox\profiles\uz2w2c3i.default\minidumps [6 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.07.2015 at 17:25:11,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Tahir Kaptan at 2015-07-12 17:30:41
Running from C:\Users\Tahir Kaptan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZI1FRRA
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3795078193-2229101918-834789043-500 - Administrator - Disabled)
Gast (S-1-5-21-3795078193-2229101918-834789043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3795078193-2229101918-834789043-1003 - Limited - Enabled)
Tahir Kaptan (S-1-5-21-3795078193-2229101918-834789043-1002 - Administrator - Enabled) => C:\Users\Tahir Kaptan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.01.4525 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.01.4525 - Hewlett-Packard Company) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{22706ADC-74A1-43A0-ABAE-47F84966B909}) (Version: 4.2.50.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 39.0 (x86 de) (HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-06-2015 09:11:43 Removed Avira Browser Safety
22-06-2015 23:05:46 Wiederherstellungsvorgang
22-06-2015 23:28:54 Removed Avira Browser Safety
22-06-2015 23:35:19 Windows Update
23-06-2015 20:20:36 Avira System Speedup 1.6.10
23-06-2015 20:35:07 Installed Microsoft Office Professional 2010
23-06-2015 20:41:55 Configured Microsoft Office Professional 2010
02-07-2015 19:54:27 Windows Update
11-07-2015 11:59:31 Windows Update
12-07-2015 15:57:23 Removed Avira Browser Safety

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-11 17:13 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {68C0EAF4-5FBB-4C1A-B04A-1FB517F4D922} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {98F46F3C-C20F-4F0A-89DE-3C56D20E76BC} - System32\Tasks\{743DBFE6-3A95-4A20-9753-E23B9541B8B6} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {9F07C3AE-96FC-4CCC-B68C-654DF3BACFA5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {C90ED8AE-4303-46D3-B619-3A37285DC6C8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-11] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-14 23:11 - 2012-08-14 23:11 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tahir Kaptan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B73572EA-181A-473E-9E73-82E1B4796BF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82C9ABA3-FCE5-4F65-AED7-8CC73134B0B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{055DEAA4-B1F0-4265-80AE-AF3BC6A98ED4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{677DC65D-22C8-4DD2-86FC-55A2D47BC355}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{954AF93E-519A-45D8-BDE3-FC3483D549FD}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{FED79AF1-187C-436F-B4E8-C9A65313DB46}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{F77828F1-B247-42E1-B1C1-200531265D64}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{27EFB973-567B-4886-9388-8ECA6E344847}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{80F19C5A-4766-4C87-B8A2-004AA77E47DE}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{32C72F66-8D18-4532-9BFF-204E4D18985C}] => (Allow) C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{BD1226FB-94E1-4395-B944-377D11D48EE7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{719282AC-E256-488C-9B03-38CE03211D5E}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [UDP Query User{0C239487-B0CB-4823-8325-AFBAC4826FAC}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [TCP Query User{B9957EFC-5602-4F24-99E9-02556D3AC843}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{1C507A6A-DC89-4969-A11C-0974C1B29BFD}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [TCP Query User{34F6ACFE-FBD6-4398-8F95-DDCC71FC803A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6A3E7B64-228D-46CD-8B27-ED1028EC390E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{EA7D6BD4-EC7F-4419-AB69-1583DB9E6B76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C438A324-7BD4-45C2-958E-F99B33316CCC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Ralink Bluetooth 4.0 Adapter
Description: Ralink Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2015 05:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x818
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/12/2015 05:18:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 05:15:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0xb30
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/12/2015 05:14:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 05:12:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x3e4
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/12/2015 05:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0xa10
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/12/2015 05:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x15cc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/12/2015 05:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x15d8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/12/2015 05:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 04:08:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/12/2015 05:27:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/12/2015 05:27:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Power Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Connection Manager 4 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (07/12/2015 05:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa481801d0bcb61bf2991bC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe5c77890f-28a9-11e5-9c65-b4b52f87dbdd

Error: (07/12/2015 05:18:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 05:15:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa4b3001d0bcb5999198dcC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exed7d1b90d-28a8-11e5-ae46-b4b52f87dbdd

Error: (07/12/2015 05:14:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 05:12:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa43e401d0bcb525d9a4aaC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe64a1734b-28a8-11e5-bca1-b4b52f87dbdd

Error: (07/12/2015 05:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa4a1001d0bcb481c7dc12C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exebf76c852-28a7-11e5-bca1-b4b52f87dbdd

Error: (07/12/2015 05:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa415cc01d0bcb4658b532dC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exea33ca0ce-28a7-11e5-bca1-b4b52f87dbdd

Error: (07/12/2015 05:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa415d801d0bcb446b3065aC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe867002b7-28a7-11e5-bca1-b4b52f87dbdd

Error: (07/12/2015 05:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 04:08:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-07-11 17:12:08.412
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-11 17:12:08.366
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 39%
Total physical RAM: 3977.51 MB
Available physical RAM: 2408.82 MB
Total Virtual: 7953.23 MB
Available Virtual: 6200.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.94 GB) (Free:327.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.53 GB) (Free:3.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End of log ============================
         
--- --- --- FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Tahir Kaptan (administrator) on TAHIRKAPTAN-HP on 12-07-2015 17:29:56
Running from C:\Users\Tahir Kaptan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZI1FRRA
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-03-07] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-16] (IVT Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-22] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{21551550-B0A9-41BF-A30D-B5C3B0A963AC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C90B9278-EF9A-4E49-BEE2-C6A98355A624}: [DhcpNameServer] 172.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3795078193-2229101918-834789043-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Avira Browser Safety - C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default\Extensions\abs@avira.com [2015-05-28]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-03-12]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation) [File not signed]
S3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation) [File not signed]
S2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-22] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
S2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23104 2011-08-13] (Ralink Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [51776 2012-04-03] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48320 2012-03-05] (Ralink Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-22] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [685152 2012-06-14] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 17:25 - 2015-07-12 17:25 - 00000964 _____ C:\Users\Tahir Kaptan\Desktop\JRT.txt
2015-07-12 17:23 - 2015-07-12 17:23 - 00000207 _____ C:\windows\tweaking.com-regbackup-TAHIRKAPTAN-HP-Windows-7-Professional-(64-bit).dat
2015-07-12 17:23 - 2015-07-12 17:23 - 00000000 ____D C:\RegBackup
2015-07-12 17:22 - 2015-07-12 17:22 - 03034102 _____ (Malwarebytes Corporation) C:\Users\Tahir Kaptan\Desktop\JRT.exe
2015-07-12 17:21 - 2015-07-12 17:21 - 00001634 _____ C:\Users\Tahir Kaptan\Desktop\mbam.txt
2015-07-12 17:01 - 2015-07-12 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 16:12 - 2015-07-12 17:20 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-12 16:12 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-12 16:10 - 2015-07-12 16:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tahir Kaptan\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00000992 _____ C:\Users\Tahir Kaptan\Desktop\AdwCleaner[S0].txt
2015-07-12 16:03 - 2015-07-12 16:05 - 00000000 ____D C:\AdwCleaner
2015-07-12 16:03 - 2015-07-12 16:03 - 02248704 _____ C:\Users\Tahir Kaptan\Downloads\AdwCleaner_4.208.exe
2015-07-11 17:24 - 2015-07-11 17:24 - 00026167 _____ C:\ComboFix.txt
2015-07-11 17:00 - 2015-07-11 17:24 - 00000000 ____D C:\ComboFix
2015-07-11 17:00 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-07-11 17:00 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-07-11 17:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-07-11 16:58 - 2015-07-11 17:24 - 00000000 ____D C:\Qoobox
2015-07-11 16:57 - 2015-07-11 17:22 - 00000000 ____D C:\windows\erdnt
2015-07-11 16:55 - 2015-07-11 16:56 - 05633250 ____R (Swearware) C:\Users\Tahir Kaptan\Downloads\ComboFix.exe
2015-07-11 12:26 - 2015-07-11 12:27 - 00037555 _____ C:\Users\Tahir Kaptan\Downloads\Addition.txt
2015-07-11 12:25 - 2015-07-11 12:27 - 00030165 _____ C:\Users\Tahir Kaptan\Downloads\FRST.txt
2015-07-11 12:24 - 2015-07-12 17:30 - 00000000 ____D C:\FRST
2015-07-11 12:23 - 2015-07-11 12:23 - 02130944 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST64.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 01634816 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST.exe
2015-07-11 12:19 - 2015-07-11 12:30 - 00000486 _____ C:\Users\Tahir Kaptan\Downloads\defogger_disable.log
2015-07-11 12:19 - 2015-07-11 12:19 - 00000000 _____ C:\Users\Tahir Kaptan\defogger_reenable
2015-07-11 12:18 - 2015-07-11 12:18 - 00050477 _____ C:\Users\Tahir Kaptan\Downloads\Defogger.exe
2015-07-11 12:11 - 2015-07-11 12:11 - 18174128 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-11 11:53 - 2015-07-11 11:53 - 00262144 _____ C:\windows\Minidump\071115-23415-01.dmp
2015-07-02 19:49 - 2015-07-02 19:49 - 00279960 _____ C:\windows\Minidump\070215-31122-01.dmp
2015-07-02 19:40 - 2015-07-11 11:53 - 00000000 ____D C:\windows\Minidump
2015-07-02 19:40 - 2015-07-02 19:40 - 00279960 _____ C:\windows\Minidump\070215-31527-01.dmp
2015-07-02 19:39 - 2015-07-11 11:53 - 527928465 _____ C:\windows\MEMORY.DMP
2015-06-23 20:09 - 2015-06-23 20:09 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tahir Kaptan\Downloads\avira_de_av_5723627653__ws(2).exe
2015-06-21 07:24 - 2015-06-21 07:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 17:23 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 17:23 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 17:22 - 2013-03-12 05:29 - 01137623 _____ C:\windows\WindowsUpdate.log
2015-07-12 17:18 - 2012-08-16 02:46 - 00000804 _____ C:\windows\SysWOW64\bscs.ini
2015-07-12 17:18 - 2012-04-16 07:20 - 00000000 ____D C:\ProgramData\PDFC
2015-07-12 17:18 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-12 17:17 - 2009-07-14 06:51 - 00086060 _____ C:\windows\setupact.log
2015-07-12 17:11 - 2014-12-18 13:00 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 17:03 - 2010-11-21 05:47 - 00905254 _____ C:\windows\PFRO.log
2015-07-12 16:47 - 2014-04-10 22:42 - 00000956 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job
2015-07-12 15:56 - 2013-08-25 17:00 - 00000000 ____D C:\ProgramData\Avira
2015-07-12 00:29 - 2014-04-10 22:42 - 00000934 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job
2015-07-12 00:21 - 2013-03-12 06:10 - 00002127 _____ C:\windows\epplauncher.mif
2015-07-11 17:17 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-07-11 12:21 - 2013-07-28 15:24 - 00003982 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D11E2A35-796A-4A81-A283-C39673DEED3D}
2015-07-11 12:19 - 2013-07-28 13:15 - 00000000 ____D C:\Users\Tahir Kaptan
2015-07-11 12:17 - 2013-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-11 12:12 - 2014-12-18 13:00 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-11 12:12 - 2014-12-18 13:00 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 12:12 - 2014-12-18 13:00 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-02 19:44 - 2013-07-28 15:25 - 00109696 _____ C:\Users\Tahir Kaptan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 19:34 - 2009-07-14 06:45 - 00409192 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-23 20:48 - 2013-07-29 22:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\Microsoft Help
2015-06-23 20:42 - 2009-07-14 04:34 - 00000478 _____ C:\windows\win.ini
2015-06-23 20:41 - 2012-04-16 07:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-23 20:40 - 2013-09-22 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-23 19:49 - 2012-04-16 05:53 - 01512802 _____ C:\windows\system32\perfh007.dat
2015-06-23 19:49 - 2012-04-16 05:53 - 00409628 _____ C:\windows\system32\perfc007.dat
2015-06-23 19:49 - 2009-07-14 07:13 - 00006476 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-23 19:34 - 2015-02-02 20:29 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Graphisoft
2015-06-23 19:34 - 2015-02-02 20:20 - 00000000 _____ C:\windows\vpd.properties
2015-06-23 19:30 - 2015-02-02 20:09 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Install.GS
2015-06-22 23:09 - 2015-04-05 00:17 - 00000000 ___SD C:\windows\system32\GWX
2015-06-22 23:09 - 2013-07-28 15:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\bluesoleil
2015-06-22 23:09 - 2012-04-16 05:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-22 23:09 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2015-06-22 22:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-21 10:08 - 2014-11-18 21:46 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieBrowserModeList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieUserList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieSiteList
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\Documents\Seas0nPass
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Seas0nPass
2015-06-21 07:24 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-21 07:24 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-21 07:19 - 2014-12-16 18:12 - 00000000 ____D C:\windows\system32\appraiser
2015-06-21 07:19 - 2014-05-10 21:04 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-21 07:18 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions

Some files in TEMP:
====================
C:\Users\Tahir Kaptan\AppData\Local\Temp\avgnt.exe
C:\Users\Tahir Kaptan\AppData\Local\Temp\Quarantine.exe
C:\Users\Tahir Kaptan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-11 14:41

==================== End of log ============================
         
--- --- ---

Alt 13.07.2015, 13:51   #10
M-K-D-B
/// TB-Ausbilder
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Servus,

Zitat:
Running from C:\Users\Tahir Kaptan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZI1FRRA
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.




Nochmal FRST, dieses mal bitte vom Desktop:
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.

Alt 13.07.2015, 19:48   #11
Jagjilee
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Sorry, war keine Absicht ! Jetzt müsste es richtig sein.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Tahir Kaptan (administrator) on TAHIRKAPTAN-HP on 13-07-2015 19:42:13
Running from C:\Users\Tahir Kaptan\Desktop
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-03-07] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-16] (IVT Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-22] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{21551550-B0A9-41BF-A30D-B5C3B0A963AC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C90B9278-EF9A-4E49-BEE2-C6A98355A624}: [DhcpNameServer] 172.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3795078193-2229101918-834789043-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Avira Browser Safety - C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default\Extensions\abs@avira.com [2015-05-28]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-03-12]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation) [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-22] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23104 2011-08-13] (Ralink Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [51776 2012-04-03] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48320 2012-03-05] (Ralink Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-22] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [685152 2012-06-14] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 19:42 - 2015-07-13 19:42 - 00018617 _____ C:\Users\Tahir Kaptan\Desktop\FRST.txt
2015-07-13 19:40 - 2015-07-13 19:40 - 02133504 _____ (Farbar) C:\Users\Tahir Kaptan\Desktop\FRST64.exe
2015-07-12 17:42 - 2015-07-12 17:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-12 17:42 - 2015-07-12 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-12 17:25 - 2015-07-12 17:25 - 00000964 _____ C:\Users\Tahir Kaptan\Desktop\JRT.txt
2015-07-12 17:23 - 2015-07-12 17:23 - 00000207 _____ C:\windows\tweaking.com-regbackup-TAHIRKAPTAN-HP-Windows-7-Professional-(64-bit).dat
2015-07-12 17:23 - 2015-07-12 17:23 - 00000000 ____D C:\RegBackup
2015-07-12 17:22 - 2015-07-12 17:22 - 03034102 _____ (Malwarebytes Corporation) C:\Users\Tahir Kaptan\Desktop\JRT.exe
2015-07-12 17:21 - 2015-07-12 17:21 - 00001634 _____ C:\Users\Tahir Kaptan\Desktop\mbam.txt
2015-07-12 17:01 - 2015-07-12 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 16:12 - 2015-07-12 17:20 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-12 16:12 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-12 16:10 - 2015-07-12 16:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tahir Kaptan\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00000992 _____ C:\Users\Tahir Kaptan\Desktop\AdwCleaner[S0].txt
2015-07-12 16:03 - 2015-07-12 16:05 - 00000000 ____D C:\AdwCleaner
2015-07-12 16:03 - 2015-07-12 16:03 - 02248704 _____ C:\Users\Tahir Kaptan\Downloads\AdwCleaner_4.208.exe
2015-07-11 17:24 - 2015-07-11 17:24 - 00026167 _____ C:\ComboFix.txt
2015-07-11 17:00 - 2015-07-11 17:24 - 00000000 ____D C:\ComboFix
2015-07-11 17:00 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-07-11 17:00 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-07-11 17:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-07-11 16:58 - 2015-07-11 17:24 - 00000000 ____D C:\Qoobox
2015-07-11 16:57 - 2015-07-11 17:22 - 00000000 ____D C:\windows\erdnt
2015-07-11 16:55 - 2015-07-11 16:56 - 05633250 ____R (Swearware) C:\Users\Tahir Kaptan\Downloads\ComboFix.exe
2015-07-11 12:26 - 2015-07-11 12:27 - 00037555 _____ C:\Users\Tahir Kaptan\Downloads\Addition.txt
2015-07-11 12:25 - 2015-07-11 12:27 - 00030165 _____ C:\Users\Tahir Kaptan\Downloads\FRST.txt
2015-07-11 12:24 - 2015-07-13 19:42 - 00000000 ____D C:\FRST
2015-07-11 12:23 - 2015-07-11 12:23 - 02130944 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST64.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 01634816 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST.exe
2015-07-11 12:19 - 2015-07-11 12:30 - 00000486 _____ C:\Users\Tahir Kaptan\Downloads\defogger_disable.log
2015-07-11 12:19 - 2015-07-11 12:19 - 00000000 _____ C:\Users\Tahir Kaptan\defogger_reenable
2015-07-11 12:18 - 2015-07-11 12:18 - 00050477 _____ C:\Users\Tahir Kaptan\Downloads\Defogger.exe
2015-07-11 12:11 - 2015-07-11 12:11 - 18174128 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-11 11:53 - 2015-07-11 11:53 - 00262144 _____ C:\windows\Minidump\071115-23415-01.dmp
2015-07-02 19:49 - 2015-07-02 19:49 - 00279960 _____ C:\windows\Minidump\070215-31122-01.dmp
2015-07-02 19:40 - 2015-07-11 11:53 - 00000000 ____D C:\windows\Minidump
2015-07-02 19:40 - 2015-07-02 19:40 - 00279960 _____ C:\windows\Minidump\070215-31527-01.dmp
2015-07-02 19:39 - 2015-07-11 11:53 - 527928465 _____ C:\windows\MEMORY.DMP
2015-06-23 20:09 - 2015-06-23 20:09 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tahir Kaptan\Downloads\avira_de_av_5723627653__ws(2).exe
2015-06-21 07:24 - 2015-06-21 07:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 19:42 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 19:42 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 19:40 - 2013-03-12 05:29 - 01638151 _____ C:\windows\WindowsUpdate.log
2015-07-13 19:37 - 2013-07-28 15:24 - 00003982 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D11E2A35-796A-4A81-A283-C39673DEED3D}
2015-07-13 19:34 - 2012-04-16 07:20 - 00000000 ____D C:\ProgramData\PDFC
2015-07-13 19:33 - 2012-08-16 02:46 - 00000804 _____ C:\windows\SysWOW64\bscs.ini
2015-07-13 19:33 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-13 19:33 - 2009-07-14 06:51 - 00086116 _____ C:\windows\setupact.log
2015-07-12 17:43 - 2013-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-12 17:42 - 2013-03-12 06:02 - 00000000 ____D C:\ProgramData\Skype
2015-07-12 17:11 - 2014-12-18 13:00 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 17:03 - 2010-11-21 05:47 - 00905254 _____ C:\windows\PFRO.log
2015-07-12 16:47 - 2014-04-10 22:42 - 00000956 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job
2015-07-12 15:56 - 2013-08-25 17:00 - 00000000 ____D C:\ProgramData\Avira
2015-07-12 00:29 - 2014-04-10 22:42 - 00000934 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job
2015-07-12 00:21 - 2013-03-12 06:10 - 00002127 _____ C:\windows\epplauncher.mif
2015-07-11 17:17 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-07-11 12:19 - 2013-07-28 13:15 - 00000000 ____D C:\Users\Tahir Kaptan
2015-07-11 12:12 - 2014-12-18 13:00 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-11 12:12 - 2014-12-18 13:00 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 12:12 - 2014-12-18 13:00 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-02 19:44 - 2013-07-28 15:25 - 00109696 _____ C:\Users\Tahir Kaptan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 19:34 - 2009-07-14 06:45 - 00409192 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-23 20:48 - 2013-07-29 22:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\Microsoft Help
2015-06-23 20:42 - 2009-07-14 04:34 - 00000478 _____ C:\windows\win.ini
2015-06-23 20:41 - 2012-04-16 07:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-23 20:40 - 2013-09-22 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-23 19:49 - 2012-04-16 05:53 - 01512802 _____ C:\windows\system32\perfh007.dat
2015-06-23 19:49 - 2012-04-16 05:53 - 00409628 _____ C:\windows\system32\perfc007.dat
2015-06-23 19:49 - 2009-07-14 07:13 - 00006476 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-23 19:34 - 2015-02-02 20:29 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Graphisoft
2015-06-23 19:34 - 2015-02-02 20:20 - 00000000 _____ C:\windows\vpd.properties
2015-06-23 19:30 - 2015-02-02 20:09 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Install.GS
2015-06-22 23:09 - 2015-04-05 00:17 - 00000000 ___SD C:\windows\system32\GWX
2015-06-22 23:09 - 2013-07-28 15:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\bluesoleil
2015-06-22 23:09 - 2012-04-16 05:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-22 23:09 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2015-06-22 22:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-21 10:08 - 2014-11-18 21:46 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieBrowserModeList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieUserList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieSiteList
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\Documents\Seas0nPass
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Seas0nPass
2015-06-21 07:24 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-21 07:24 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-21 07:19 - 2014-12-16 18:12 - 00000000 ____D C:\windows\system32\appraiser
2015-06-21 07:19 - 2014-05-10 21:04 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-21 07:18 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions

Some files in TEMP:
====================
C:\Users\Tahir Kaptan\AppData\Local\Temp\avgnt.exe
C:\Users\Tahir Kaptan\AppData\Local\Temp\Quarantine.exe
C:\Users\Tahir Kaptan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-11 14:41

==================== End of log ============================
         
--- --- ---


[CODE]
Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Tahir Kaptan at 2015-07-13 19:43:25
Running from C:\Users\Tahir Kaptan\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3795078193-2229101918-834789043-500 - Administrator - Disabled)
Gast (S-1-5-21-3795078193-2229101918-834789043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3795078193-2229101918-834789043-1003 - Limited - Enabled)
Tahir Kaptan (S-1-5-21-3795078193-2229101918-834789043-1002 - Administrator - Enabled) => C:\Users\Tahir Kaptan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.01.4525 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.01.4525 - Hewlett-Packard Company) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{22706ADC-74A1-43A0-ABAE-47F84966B909}) (Version: 4.2.50.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 39.0 (x86 de) (HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-06-2015 09:11:43 Removed Avira Browser Safety
22-06-2015 23:05:46 Wiederherstellungsvorgang
22-06-2015 23:28:54 Removed Avira Browser Safety
22-06-2015 23:35:19 Windows Update
23-06-2015 20:20:36 Avira System Speedup 1.6.10
23-06-2015 20:35:07 Installed Microsoft Office Professional 2010
23-06-2015 20:41:55 Configured Microsoft Office Professional 2010
02-07-2015 19:54:27 Windows Update
11-07-2015 11:59:31 Windows Update
12-07-2015 15:57:23 Removed Avira Browser Safety
12-07-2015 17:36:15 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-11 17:13 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {68C0EAF4-5FBB-4C1A-B04A-1FB517F4D922} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {98F46F3C-C20F-4F0A-89DE-3C56D20E76BC} - System32\Tasks\{743DBFE6-3A95-4A20-9753-E23B9541B8B6} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {9F07C3AE-96FC-4CCC-B68C-654DF3BACFA5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {C90ED8AE-4303-46D3-B619-3A37285DC6C8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-11] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-01-18 01:57 - 2012-01-18 01:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-03-22 01:14 - 2012-03-22 01:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-14 23:11 - 2012-08-14 23:11 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2012-08-16 02:20 - 2012-08-16 02:20 - 00356352 _____ () C:\windows\system32\BsExtendFunc.dll
2012-03-27 05:33 - 2012-03-27 05:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-22 00:36 - 2012-03-22 00:36 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-08-14 23:13 - 2012-08-14 23:13 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-03-12 05:36 - 2012-03-28 19:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-08-14 23:16 - 2012-08-14 23:16 - 00072192 _____ () C:\windows\system32\BsProfilefunc.dll
2012-03-22 01:00 - 2012-03-22 01:00 - 02846720 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-03-22 00:59 - 2012-03-22 00:59 - 03002368 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-03-22 01:04 - 2012-03-22 01:04 - 02850816 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-03-22 01:02 - 2012-03-22 01:02 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-03-22 00:38 - 2012-03-22 00:38 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-03-22 00:39 - 2012-03-22 00:39 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2011-04-08 18:57 - 2011-04-08 18:57 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-11-02 12:12 - 2014-11-02 12:12 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-12 05:35 - 2012-03-28 19:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tahir Kaptan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B73572EA-181A-473E-9E73-82E1B4796BF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82C9ABA3-FCE5-4F65-AED7-8CC73134B0B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{055DEAA4-B1F0-4265-80AE-AF3BC6A98ED4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{677DC65D-22C8-4DD2-86FC-55A2D47BC355}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{954AF93E-519A-45D8-BDE3-FC3483D549FD}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{FED79AF1-187C-436F-B4E8-C9A65313DB46}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{27EFB973-567B-4886-9388-8ECA6E344847}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{80F19C5A-4766-4C87-B8A2-004AA77E47DE}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{32C72F66-8D18-4532-9BFF-204E4D18985C}] => (Allow) C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{BD1226FB-94E1-4395-B944-377D11D48EE7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{719282AC-E256-488C-9B03-38CE03211D5E}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [UDP Query User{0C239487-B0CB-4823-8325-AFBAC4826FAC}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [TCP Query User{B9957EFC-5602-4F24-99E9-02556D3AC843}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{1C507A6A-DC89-4969-A11C-0974C1B29BFD}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [TCP Query User{34F6ACFE-FBD6-4398-8F95-DDCC71FC803A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6A3E7B64-228D-46CD-8B27-ED1028EC390E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{EA7D6BD4-EC7F-4419-AB69-1583DB9E6B76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C438A324-7BD4-45C2-958E-F99B33316CCC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B525A517-110C-453E-914E-BB6DFF497F23}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Faulty Device Manager Devices =============

Name: Ralink Bluetooth 4.0 Adapter
Description: Ralink Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2015 07:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x16f8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/13/2015 07:34:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 05:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x818
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/12/2015 05:18:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 05:15:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0xb30
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/12/2015 05:14:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 05:12:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x3e4
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/12/2015 05:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0xa10
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/12/2015 05:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x15cc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/12/2015 05:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001aa4
ID des fehlerhaften Prozesses: 0x15d8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3


System errors:
=============
Error: (07/13/2015 07:36:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/13/2015 07:33:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet: 
%%3

Error: (07/12/2015 05:27:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/12/2015 05:27:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/12/2015 05:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Power Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2015 05:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Connection Manager 4 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/13/2015 07:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa416f801d0bd929bdd6bd3C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exedb89be8e-2985-11e5-a268-b4b52f87dbdd

Error: (07/13/2015 07:34:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 05:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa481801d0bcb61bf2991bC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe5c77890f-28a9-11e5-9c65-b4b52f87dbdd

Error: (07/12/2015 05:18:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 05:15:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa4b3001d0bcb5999198dcC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exed7d1b90d-28a8-11e5-ae46-b4b52f87dbdd

Error: (07/12/2015 05:14:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2015 05:12:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa43e401d0bcb525d9a4aaC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe64a1734b-28a8-11e5-bca1-b4b52f87dbdd

Error: (07/12/2015 05:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa4a1001d0bcb481c7dc12C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exebf76c852-28a7-11e5-bca1-b4b52f87dbdd

Error: (07/12/2015 05:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa415cc01d0bcb4658b532dC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exea33ca0ce-28a7-11e5-bca1-b4b52f87dbdd

Error: (07/12/2015 05:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80firefox.exe39.0.0.565955933a80c000000500001aa415d801d0bcb446b3065aC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe867002b7-28a7-11e5-bca1-b4b52f87dbdd


CodeIntegrity Errors:
===================================
  Date: 2015-07-11 17:12:08.412
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-11 17:12:08.366
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 78%
Total physical RAM: 3977.51 MB
Available physical RAM: 867.2 MB
Total Virtual: 7953.23 MB
Available Virtual: 4091.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.94 GB) (Free:327.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.53 GB) (Free:3.33 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End of log ============================
         
--- --- ---

Alt 14.07.2015, 12:24   #12
M-K-D-B
/// TB-Ausbilder
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
RemoveProxy:
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die beiden neuen Logdateien von FRST.

Alt 16.07.2015, 06:59   #13
Jagjilee
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Tahir Kaptan at 2015-07-14 22:37:40 Run:1
Running from C:\Users\Tahir Kaptan\Desktop
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
RemoveProxy:
EmptyTemp:
end
*****************

Processes closed successfully.
"HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 501.6 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 22:40:43 ====
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# end=init
# utc_time=2015-07-14 09:10:09
# local_time=2015-07-14 11:10:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24797
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# end=updated
# utc_time=2015-07-14 09:13:43
# local_time=2015-07-14 11:13:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# engine=24797
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-14 09:32:47
# local_time=2015-07-14 11:32:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4934796 130223177 0 0
# scanned=26332
# found=0
# cleaned=0
# scan_time=1143
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# end=init
# utc_time=2015-07-15 05:47:54
# local_time=2015-07-15 07:47:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24812
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# end=updated
# utc_time=2015-07-15 05:48:40
# local_time=2015-07-15 07:48:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2a102a22730c2f44a4d07005c91e7a14
# engine=24812
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-15 11:11:14
# local_time=2015-07-16 01:11:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5027103 130315484 0 0
# scanned=237784
# found=2
# cleaned=0
# scan_time=19353
sh=DF678B81D0A2C063E5467C5113DCCFF238B44DC4 ft=1 fh=55941976f4437196 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\swsetup\WinZBas\Setup.exe"
sh=ED5C7FA74CB6DCD8F9AFEACDF9A3B8E5B395C832 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\143a28.msi"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version 32-bit out of Date! 
 Adobe Flash Player 18.0.0.209  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Tahir Kaptan (administrator) on TAHIRKAPTAN-HP on 16-07-2015 03:31:52
Running from C:\Users\Tahir Kaptan\Desktop
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-03-07] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [364032 2012-08-16] (IVT Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-22] (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-22] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{21551550-B0A9-41BF-A30D-B5C3B0A963AC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C90B9278-EF9A-4E49-BEE2-C6A98355A624}: [DhcpNameServer] 172.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3795078193-2229101918-834789043-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Avira Browser Safety - C:\Users\Tahir Kaptan\AppData\Roaming\Mozilla\Firefox\Profiles\uz2w2c3i.default\Extensions\abs@avira.com [2015-05-28]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-03-12]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1578496 2012-08-14] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-08-14] (IVT Corporation) [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-22] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23104 2011-08-13] (Ralink Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [51776 2012-04-03] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48320 2012-03-05] (Ralink Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-22] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-22] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [685152 2012-06-14] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34880 2011-08-13] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 03:31 - 2015-07-16 03:31 - 00000858 _____ C:\Users\Tahir Kaptan\Desktop\checkup.txt
2015-07-16 03:29 - 2015-07-16 03:29 - 00852662 _____ C:\Users\Tahir Kaptan\Desktop\SecurityCheck.exe
2015-07-14 23:10 - 2015-07-14 23:10 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-14 23:09 - 2015-07-14 23:09 - 02870984 _____ (ESET) C:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe
2015-07-13 19:43 - 2015-07-13 19:44 - 00035238 _____ C:\Users\Tahir Kaptan\Desktop\Addition.txt
2015-07-13 19:42 - 2015-07-16 03:32 - 00018587 _____ C:\Users\Tahir Kaptan\Desktop\FRST.txt
2015-07-13 19:40 - 2015-07-13 19:40 - 02133504 _____ (Farbar) C:\Users\Tahir Kaptan\Desktop\FRST64.exe
2015-07-12 17:42 - 2015-07-12 17:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-12 17:42 - 2015-07-12 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-12 17:25 - 2015-07-12 17:25 - 00000964 _____ C:\Users\Tahir Kaptan\Desktop\JRT.txt
2015-07-12 17:23 - 2015-07-12 17:23 - 00000207 _____ C:\windows\tweaking.com-regbackup-TAHIRKAPTAN-HP-Windows-7-Professional-(64-bit).dat
2015-07-12 17:23 - 2015-07-12 17:23 - 00000000 ____D C:\RegBackup
2015-07-12 17:22 - 2015-07-12 17:22 - 03034102 _____ (Malwarebytes Corporation) C:\Users\Tahir Kaptan\Desktop\JRT.exe
2015-07-12 17:21 - 2015-07-12 17:21 - 00001634 _____ C:\Users\Tahir Kaptan\Desktop\mbam.txt
2015-07-12 17:01 - 2015-07-12 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 16:12 - 2015-07-12 17:20 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00001102 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-12 16:12 - 2015-07-12 16:12 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-12 16:12 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-12 16:12 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-12 16:10 - 2015-07-12 16:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tahir Kaptan\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-12 16:09 - 2015-07-12 16:09 - 00000992 _____ C:\Users\Tahir Kaptan\Desktop\AdwCleaner[S0].txt
2015-07-12 16:03 - 2015-07-12 16:05 - 00000000 ____D C:\AdwCleaner
2015-07-12 16:03 - 2015-07-12 16:03 - 02248704 _____ C:\Users\Tahir Kaptan\Downloads\AdwCleaner_4.208.exe
2015-07-11 17:24 - 2015-07-11 17:24 - 00026167 _____ C:\ComboFix.txt
2015-07-11 17:00 - 2015-07-11 17:24 - 00000000 ____D C:\ComboFix
2015-07-11 17:00 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-07-11 17:00 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-07-11 17:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-07-11 17:00 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-07-11 16:58 - 2015-07-11 17:24 - 00000000 ____D C:\Qoobox
2015-07-11 16:57 - 2015-07-11 17:22 - 00000000 ____D C:\windows\erdnt
2015-07-11 16:55 - 2015-07-11 16:56 - 05633250 ____R (Swearware) C:\Users\Tahir Kaptan\Downloads\ComboFix.exe
2015-07-11 12:26 - 2015-07-11 12:27 - 00037555 _____ C:\Users\Tahir Kaptan\Downloads\Addition.txt
2015-07-11 12:25 - 2015-07-11 12:27 - 00030165 _____ C:\Users\Tahir Kaptan\Downloads\FRST.txt
2015-07-11 12:24 - 2015-07-16 03:31 - 00000000 ____D C:\FRST
2015-07-11 12:23 - 2015-07-11 12:23 - 02130944 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST64.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 01634816 _____ (Farbar) C:\Users\Tahir Kaptan\Downloads\FRST.exe
2015-07-11 12:19 - 2015-07-11 12:30 - 00000486 _____ C:\Users\Tahir Kaptan\Downloads\defogger_disable.log
2015-07-11 12:19 - 2015-07-11 12:19 - 00000000 _____ C:\Users\Tahir Kaptan\defogger_reenable
2015-07-11 12:18 - 2015-07-11 12:18 - 00050477 _____ C:\Users\Tahir Kaptan\Downloads\Defogger.exe
2015-07-11 12:11 - 2015-07-14 23:11 - 18524336 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-11 11:53 - 2015-07-11 11:53 - 00262144 _____ C:\windows\Minidump\071115-23415-01.dmp
2015-07-02 19:49 - 2015-07-02 19:49 - 00279960 _____ C:\windows\Minidump\070215-31122-01.dmp
2015-07-02 19:40 - 2015-07-11 11:53 - 00000000 ____D C:\windows\Minidump
2015-07-02 19:40 - 2015-07-02 19:40 - 00279960 _____ C:\windows\Minidump\070215-31527-01.dmp
2015-07-02 19:39 - 2015-07-11 11:53 - 527928465 _____ C:\windows\MEMORY.DMP
2015-06-23 20:09 - 2015-06-23 20:09 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Tahir Kaptan\Downloads\avira_de_av_5723627653__ws(2).exe
2015-06-21 07:24 - 2015-06-21 07:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 03:11 - 2014-12-18 13:00 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-16 02:31 - 2013-03-12 05:29 - 01299898 _____ C:\windows\WindowsUpdate.log
2015-07-16 01:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-07-16 01:47 - 2014-04-10 22:42 - 00000956 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job
2015-07-16 00:44 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-16 00:44 - 2009-07-14 06:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-16 00:40 - 2013-07-28 15:24 - 00003982 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D11E2A35-796A-4A81-A283-C39673DEED3D}
2015-07-16 00:38 - 2014-04-10 22:42 - 00000934 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job
2015-07-15 19:46 - 2012-08-16 02:46 - 00000804 _____ C:\windows\SysWOW64\bscs.ini
2015-07-15 19:46 - 2012-04-16 07:20 - 00000000 ____D C:\ProgramData\PDFC
2015-07-15 19:45 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-15 19:45 - 2009-07-14 06:51 - 00086284 _____ C:\windows\setupact.log
2015-07-14 23:11 - 2014-12-18 13:00 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 23:11 - 2014-12-18 13:00 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 23:11 - 2014-12-18 13:00 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 23:09 - 2012-04-16 05:53 - 01527594 _____ C:\windows\system32\perfh007.dat
2015-07-14 23:09 - 2012-04-16 05:53 - 00414364 _____ C:\windows\system32\perfc007.dat
2015-07-14 23:09 - 2009-07-14 07:13 - 00006476 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-12 17:43 - 2013-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-12 17:42 - 2013-03-12 06:02 - 00000000 ____D C:\ProgramData\Skype
2015-07-12 17:03 - 2010-11-21 05:47 - 00905254 _____ C:\windows\PFRO.log
2015-07-12 15:56 - 2013-08-25 17:00 - 00000000 ____D C:\ProgramData\Avira
2015-07-12 00:21 - 2013-03-12 06:10 - 00002127 _____ C:\windows\epplauncher.mif
2015-07-11 17:17 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-07-11 12:19 - 2013-07-28 13:15 - 00000000 ____D C:\Users\Tahir Kaptan
2015-07-02 19:44 - 2013-07-28 15:25 - 00109696 _____ C:\Users\Tahir Kaptan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 19:34 - 2009-07-14 06:45 - 00409192 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-23 20:48 - 2013-07-29 22:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\Microsoft Help
2015-06-23 20:42 - 2009-07-14 04:34 - 00000478 _____ C:\windows\win.ini
2015-06-23 20:41 - 2012-04-16 07:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-23 20:40 - 2013-09-22 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-23 19:34 - 2015-02-02 20:29 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Graphisoft
2015-06-23 19:34 - 2015-02-02 20:20 - 00000000 _____ C:\windows\vpd.properties
2015-06-23 19:30 - 2015-02-02 20:09 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Install.GS
2015-06-22 23:09 - 2015-04-05 00:17 - 00000000 ___SD C:\windows\system32\GWX
2015-06-22 23:09 - 2013-07-28 15:24 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Local\bluesoleil
2015-06-22 23:09 - 2012-04-16 05:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-22 23:09 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2015-06-22 22:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-21 10:08 - 2014-11-18 21:46 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieBrowserModeList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieUserList
2015-06-21 10:08 - 2014-05-01 12:23 - 00000000 __SHD C:\Users\Tahir Kaptan\AppData\Local\EmieSiteList
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\Documents\Seas0nPass
2015-06-21 09:45 - 2015-03-03 20:33 - 00000000 ____D C:\Users\Tahir Kaptan\AppData\Roaming\Seas0nPass
2015-06-21 07:24 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-21 07:24 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-21 07:19 - 2014-12-16 18:12 - 00000000 ____D C:\windows\system32\appraiser
2015-06-21 07:19 - 2014-05-10 21:04 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-21 07:18 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-16 01:39

==================== End of log ============================
         
--- --- ---

[CODE]
Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Tahir Kaptan at 2015-07-16 03:32:22
Running from C:\Users\Tahir Kaptan\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3795078193-2229101918-834789043-500 - Administrator - Disabled)
Gast (S-1-5-21-3795078193-2229101918-834789043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3795078193-2229101918-834789043-1003 - Limited - Enabled)
Tahir Kaptan (S-1-5-21-3795078193-2229101918-834789043-1002 - Administrator - Enabled) => C:\Users\Tahir Kaptan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.01.4525 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.01.4525 - Hewlett-Packard Company) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{22706ADC-74A1-43A0-ABAE-47F84966B909}) (Version: 4.2.50.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1112.2_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 39.0 (x86 de) (HKU\S-1-5-21-3795078193-2229101918-834789043-1002\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

12-07-2015 17:36:15 Windows Update
16-07-2015 00:57:18 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-11 17:13 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {68C0EAF4-5FBB-4C1A-B04A-1FB517F4D922} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {98F46F3C-C20F-4F0A-89DE-3C56D20E76BC} - System32\Tasks\{743DBFE6-3A95-4A20-9753-E23B9541B8B6} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {9F07C3AE-96FC-4CCC-B68C-654DF3BACFA5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {C90ED8AE-4303-46D3-B619-3A37285DC6C8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002Core.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3795078193-2229101918-834789043-1002UA.job => C:\Users\Tahir Kaptan\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-01-18 01:57 - 2012-01-18 01:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-03-22 01:14 - 2012-03-22 01:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-14 23:11 - 2012-08-14 23:11 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2009-07-14 01:57 - 2009-07-14 03:40 - 00069120 _____ () C:\windows\system32\BWContextHandler.dll
2012-08-14 23:13 - 2012-08-14 23:13 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2012-08-14 23:13 - 2012-08-14 23:13 - 00052736 _____ () C:\windows\system32\BlueSoleilCSps.dll
2012-03-27 05:33 - 2012-03-27 05:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-22 00:36 - 2012-03-22 00:36 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-03-12 05:36 - 2012-03-28 19:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-08-14 23:16 - 2012-08-14 23:16 - 00072192 _____ () C:\windows\system32\BsProfilefunc.dll
2012-08-16 02:20 - 2012-08-16 02:20 - 00356352 _____ () C:\windows\system32\BsExtendFunc.dll
2012-03-22 01:00 - 2012-03-22 01:00 - 02846720 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-03-22 00:34 - 2012-03-22 00:34 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-03-22 00:59 - 2012-03-22 00:59 - 03002368 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-03-22 01:04 - 2012-03-22 01:04 - 02850816 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-03-22 01:02 - 2012-03-22 01:02 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-03-22 00:38 - 2012-03-22 00:38 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-03-22 00:39 - 2012-03-22 00:39 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2011-04-08 18:57 - 2011-04-08 18:57 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-11-02 12:12 - 2014-11-02 12:12 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-12 05:35 - 2012-03-28 19:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3795078193-2229101918-834789043-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tahir Kaptan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B73572EA-181A-473E-9E73-82E1B4796BF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82C9ABA3-FCE5-4F65-AED7-8CC73134B0B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{055DEAA4-B1F0-4265-80AE-AF3BC6A98ED4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{677DC65D-22C8-4DD2-86FC-55A2D47BC355}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{954AF93E-519A-45D8-BDE3-FC3483D549FD}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{FED79AF1-187C-436F-B4E8-C9A65313DB46}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{27EFB973-567B-4886-9388-8ECA6E344847}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{80F19C5A-4766-4C87-B8A2-004AA77E47DE}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{32C72F66-8D18-4532-9BFF-204E4D18985C}] => (Allow) C:\Users\Tahir Kaptan\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{BD1226FB-94E1-4395-B944-377D11D48EE7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{719282AC-E256-488C-9B03-38CE03211D5E}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [UDP Query User{0C239487-B0CB-4823-8325-AFBAC4826FAC}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe
FirewallRules: [TCP Query User{B9957EFC-5602-4F24-99E9-02556D3AC843}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{1C507A6A-DC89-4969-A11C-0974C1B29BFD}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe
FirewallRules: [TCP Query User{34F6ACFE-FBD6-4398-8F95-DDCC71FC803A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6A3E7B64-228D-46CD-8B27-ED1028EC390E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{EA7D6BD4-EC7F-4419-AB69-1583DB9E6B76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C438A324-7BD4-45C2-958E-F99B33316CCC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B525A517-110C-453E-914E-BB6DFF497F23}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Faulty Device Manager Devices =============

Name: Ralink Bluetooth 4.0 Adapter
Description: Ralink Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2015 03:29:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15615

Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15615

Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/15/2015 07:47:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/15/2015 07:46:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2015 11:09:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (07/16/2015 01:50:18 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{21551550-B0A9-41BF-A30D-B5C3B0A963AC}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/15/2015 07:48:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/15/2015 07:48:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\TAHIRK~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/15/2015 07:48:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/15/2015 07:48:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\TAHIRK~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/15/2015 07:48:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/15/2015 07:48:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\TAHIRK~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/15/2015 07:48:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/15/2015 07:48:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\TAHIRK~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/15/2015 07:48:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275


Microsoft Office:
=========================
Error: (07/16/2015 03:29:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe

Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15615

Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15615

Error: (07/15/2015 08:44:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/15/2015 07:47:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe

Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe

Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe

Error: (07/15/2015 07:47:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe

Error: (07/15/2015 07:46:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2015 11:09:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Tahir Kaptan\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-07-11 17:12:08.412
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-11 17:12:08.366
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 52%
Total physical RAM: 3977.51 MB
Available physical RAM: 1890.29 MB
Total Virtual: 7953.23 MB
Available Virtual: 5143.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.94 GB) (Free:325.23 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Elements) (Fixed) (Total:931.48 GB) (Free:927.92 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.53 GB) (Free:3.33 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 9A9B2E6B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---

Alt 16.07.2015, 15:36   #14
M-K-D-B
/// TB-Ausbilder
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
C:\swsetup
C:\Windows\Installer\143a28.msi
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!








Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 
 


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 16.07.2015, 22:51   #15
Jagjilee
 
Windows XP: Rechner extrem langsam nach Virenscan - Standard

Windows XP: Rechner extrem langsam nach Virenscan



Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Tahir Kaptan at 2015-07-16 22:21:31 Run:2
Running from C:\Users\Tahir Kaptan\Desktop
Loaded Profiles: Tahir Kaptan (Available Profiles: Tahir Kaptan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
C:\swsetup
C:\Windows\Installer\143a28.msi
EmptyTemp:
end
*****************

Processes closed successfully.
C:\swsetup => moved successfully.
C:\Windows\Installer\143a28.msi => moved successfully.
EmptyTemp: => 485.5 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 22:21:32 ====
         
Vielen Dank Matthias !!!

Der Rechner läuft wieder wie gewohnt schneller

Dankeeeeee !!!

MfG

Antwort

Themen zu Windows XP: Rechner extrem langsam nach Virenscan
brauch, device driver, durchgeführt, extrem, extrem langsam, hängt, lange, langsam, laptop, malwarebytes, rechner, scan, sehr langsam, tagen, virenscan, windows, windows xp



Ähnliche Themen: Windows XP: Rechner extrem langsam nach Virenscan


  1. Windows 8: automatische Updatefunktion in den Diensten fehlt, Rechner friert gelegentlich ein/wird extrem langsam
    Log-Analyse und Auswertung - 07.07.2015 (1)
  2. Windows XP - Rechner extrem Langsam/einige Programme starten gar nicht
    Plagegeister aller Art und deren Bekämpfung - 30.03.2015 (23)
  3. Windows 7: Computer extrem langsam nach Neustart
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (22)
  4. Windows 7 reagiert extrem langsam nach Grafikkartenfehler
    Log-Analyse und Auswertung - 26.09.2014 (31)
  5. Windows 7: Rechner extrem erlahmt // vorallem direkt nach dem Start
    Log-Analyse und Auswertung - 13.09.2014 (8)
  6. Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail
    Log-Analyse und Auswertung - 04.07.2014 (20)
  7. Windows 7 nach Zurücksetzen auf Werkseinstellungen extrem langsam, Windows Explorer stürzt dauernd ab
    Log-Analyse und Auswertung - 22.06.2014 (13)
  8. Windows 7, 100 PUP detected, Rechner extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 04.10.2013 (58)
  9. Windows 7: PC zeitweise extrem langsam nach Schädlingsbefall
    Plagegeister aller Art und deren Bekämpfung - 24.09.2013 (9)
  10. Rechner ist extrem langsam nach Befall mit Trojan.Win32.Jorik.Androm.pfm
    Log-Analyse und Auswertung - 21.05.2013 (5)
  11. Windows nach Start extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  12. Nach Desk-Alarm Update: Windows & Firefox extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (35)
  13. Rechner Extrem Langsam, auch nach Adaware Test, brauche dringend logfile Auswertung!
    Log-Analyse und Auswertung - 10.03.2010 (4)
  14. Windows Explorer langsam/ Rechner extrem lansam
    Log-Analyse und Auswertung - 28.07.2009 (9)
  15. Rechner total langsam nach virenscan
    Alles rund um Windows - 08.06.2007 (1)
  16. Rechner stürzt nach dem Hochfahren/während Virenscan ab
    Log-Analyse und Auswertung - 03.03.2005 (2)

Zum Thema Windows XP: Rechner extrem langsam nach Virenscan - Hallo, seit ein paar Tagen ist mein Laptop sehr langsam und braucht sehr lange zum hochfahren. Ich hab schon Virenscan und Malwarebytes durchgeführt, jedoch ist er immer noch langsam und - Windows XP: Rechner extrem langsam nach Virenscan...
Archiv
Du betrachtest: Windows XP: Rechner extrem langsam nach Virenscan auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.