System freeze, Wordprobleme, touch screen und thunderbird laufen nur teilweise .... Trojanerbefall?

APLAS · 05.08.2014, 12:15

Liebe Formumsmitglieder,

seit einigen Wochen laeuft mein Computer immer schlechter:

- Word macht komische Sachen: Aenderung der Maus
- Die virtuelle Tastatur springt von selber an
- Mein Thunderbird funktioniert nucht mehr
- Das System friert ein
- Control - Alt - Delete funktioniert nicht mehr
- Der Touch screen geht auch nur noch teilweise

Was ich gemacht habe:

- Verschiede Virden und Malwareprogramme heruntergeladen und einen Scan gemacht. ES wurde kaum was gefunden.

Mittlerweille muss ich pro Tag den Coomputer 2-3 mal am Tag hart ueber den Ein- und Ausschaltknopf neu starten.

Ich wollte wie angegeben mit dem Defogger arbeiten, ich bekomme aber leider keinen Log Bericht.

Daher habe ich mit Hijack this gearbeitet. Das Resultat zeigt das zum Beispiel viele Files von Windows defender geloscht wurden. Das war ich allerdings nicht (oder zumindest nicht absichtlich)

Ich bin ein ComputerLaie und ersuche euch / Dich um Hilfe!

Vielen herzlichen Dank

Alex

Hier ist der Logfile:

Scan saved at 12:39:08, on 05.08.2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)

FIREFOX: 31.0 (x86 de)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files (x86)\Evaer\videochannel.exe
C:\Program Files (x86)\Evaer\evaer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Users\AP\Downloads\hijackthis.exe
C:\Program Files\Microsoft Office 15\root\office15\winword.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [MP3 Skype recorder] C:\Users\AP\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
O4 - HKCU\..\Run: [Bitdefender-Geldbörse-Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
O4 - HKCU\..\Run: [Bitdefender-Geldbörse] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
O4 - HKCU\..\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
O4 - HKCU\..\Run: [avichannel] "C:\Program Files (x86)\Evaer\videochannel.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender-Geldbörse-Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender-Geldbörse] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender-Geldbörse-Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14644 bytes

Hier ist der Logfile

Hier habe ich eine Kopie des Log

Machiavelli · 05.08.2014, 12:18

Hallo und willkommen an Board, APLAS

Mein Name ist Machiavelli und werde bei Deinem Malware Problemen behilflich sein. Falls Du Dich im abgesicherten Modus befindest, würde ich Dir raten, alle Anweisungen von mir auszudrucken, um besseren Überblick auf die Gesamtsituation zu bekommen. Ich bin hier im Malwareteam und daher ist es mir möglich, Dir zu helfen.

Damit eine Bereinigung ermöglicht werden kann, musst Du ein paar Regeln/Tipps beachten:

Malware zu entfernen ist normalerweise recht schwierig
Heutige Malware kann sich sehr gut verstecken, so kann es sein, dass es bestimmte Tools nicht sehen. Eine Neuinstallation ist daher oft das klügere.
Bitte folge meinen Anweisung bis in das kleinste Detail
Falls Du was falsches machst, wie z.B. irgendwas fixt, was nicht durch mich genehmigt wurde, kann der PC dadurch beschädigt werden. Daher folge meinen Anweisungen ganz genau
Bleibe mit mir in Kontakt, bis Deine Probleme vollständig gelöst sind
Themen, in welchen innerhalb von 4 Tagen keine Antwort gepostet wird, werden geschlossen.
Bitte lasse keine anderen Tools laufen, während ich bereinige
Wenn Du Tools wie z.B. Malwarebytes etc. ohne meines Wissens laufen lässt, kann es unter Umständen Ergebnisse verfälschen.
Ließ meine Posts vollständig durch
Falls nicht, kann das zu schwerwiegenden Problemen (z.B. PC bootet nicht mehr) führen oder der Prozess der Malwareentfernung wird länger

Zitat:

- Verschiede Virden und Malwareprogramme heruntergeladen und einen Scan gemacht. ES wurde kaum was gefunden.

Was heißt kaum?

Warum lässt Du ein Tool laufen, dass seit mehreren Jahren outdated ist?

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

APLAS · 05.08.2014, 12:43

Hallo Macciavelli,

danke fuer Deine schnelle Reaktion..

Deine Fragen:

Kaum:
- Es wiurden ein paar Tracking cokkies gefunden, die geloescht wurden
- Spyware terminator hat ein paar files als Trojaner identifiziert, die aber wahrscheinlich Falschmeldungen sind (so meine Internetrecherche. Keine andere Software hat sie gefunden.

Hier die gewuenschten Daten:

FRST.txt:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by AP (administrator) on DELL on 05-08-2014 13:31:55
Running from C:\Users\AP\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Evaer Technology) C:\Program Files (x86)\Evaer\videochannel.exe
(Evaer.com) C:\Program Files (x86)\Evaer\evaer.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Trend Micro Inc.) C:\Users\AP\Downloads\hijackthis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-05-27] (Bitdefender)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] ( (Qualcomm®Atheros®))
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-05-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-05-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-05-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-05-27] (Bitdefender)
HKU\S-1-5-21-2887110303-965766443-280294267-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2887110303-965766443-280294267-1001\...\Run: [MP3 Skype recorder] => C:\Users\AP\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
HKU\S-1-5-21-2887110303-965766443-280294267-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-27] (Bitdefender)
HKU\S-1-5-21-2887110303-965766443-280294267-1001\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-05-27] (Bitdefender)
HKU\S-1-5-21-2887110303-965766443-280294267-1001\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-05-27] (Bitdefender)
HKU\S-1-5-21-2887110303-965766443-280294267-1001\...\Run: [avichannel] => C:\Program Files (x86)\Evaer\videochannel.exe [1781760 2014-04-12] (Evaer Technology)
HKU\S-1-5-21-2887110303-965766443-280294267-1001\...\MountPoints2: {a1fcfdb8-ff7b-11e3-8270-485ab66a629c} - "G:\AutoRun.exe" 
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\AP\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_4\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\AP\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_4\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\AP\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_4\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\AP\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_4\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\AP\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_4\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\AP\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_4\SkyDriveShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {51C3A8DA-6F7E-4437-B3E6-C36697E67761} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {51C3A8DA-6F7E-4437-B3E6-C36697E67761} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - {51C3A8DA-6F7E-4437-B3E6-C36697E67761} URL = 
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 203.121.65.30 203.121.16.120 165.21.83.88

FireFox:
========
FF ProfilePath: C:\Users\AP\AppData\Roaming\Mozilla\Firefox\Profiles\f3rjgws1.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ads Removal - C:\Users\AP\AppData\Roaming\Mozilla\Firefox\Profiles\f3rjgws1.default\Extensions\adremoveext@adremoveext.net [2014-08-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-04-22]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-04-02]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-07]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-04-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-04-07]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-04-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-04]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-02-15] (Kaspersky Lab ZAO)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-11] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915408 2013-10-18] (SoftThinks SAS)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1526800 2014-05-27] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-08-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2014-04-22] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-05-27] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-15] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-02-15] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-04-07] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-04-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-04-07] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-02-15] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-04-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-02-15] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-08-26] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-08-26] ()
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-12] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 13:31 - 2014-08-05 13:32 - 00030573 _____ () C:\Users\AP\Downloads\FRST.txt
2014-08-05 13:30 - 2014-08-05 13:31 - 00000000 ____D () C:\FRST
2014-08-05 13:29 - 2014-08-05 13:29 - 02094080 _____ (Farbar) C:\Users\AP\Downloads\FRST64.exe
2014-08-05 12:40 - 2014-08-05 12:40 - 00014646 _____ () C:\Users\AP\Documents\hijackthis.log
2014-08-05 12:31 - 2014-08-05 12:36 - 00000466 _____ () C:\Users\AP\Downloads\defogger_disable.log
2014-08-05 12:31 - 2014-08-05 12:31 - 00000000 _____ () C:\Users\AP\defogger_reenable
2014-08-05 12:28 - 2014-08-05 12:28 - 00050477 _____ () C:\Users\AP\Downloads\Defogger.exe
2014-08-05 12:14 - 2014-08-05 12:14 - 00001587 _____ () C:\ProgramData\1407233676.bdinstall.bin
2014-08-05 12:11 - 2014-08-05 12:11 - 00001587 _____ () C:\ProgramData\1407233483.bdinstall.bin
2014-08-05 12:10 - 2014-08-05 12:10 - 00001587 _____ () C:\ProgramData\1407233439.bdinstall.bin
2014-08-05 12:08 - 2014-08-05 12:39 - 00014646 _____ () C:\Users\AP\Downloads\hijackthis.log
2014-08-05 12:05 - 2014-08-05 12:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\AP\Downloads\hijackthis.exe
2014-08-05 11:57 - 2014-08-05 11:57 - 00000000 ___RD () C:\Users\AP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-05 11:53 - 2014-08-05 11:53 - 00003088 _____ () C:\Windows\System32\Tasks\{86A2CDD7-17AF-4F03-8853-C9C09445E848}
2014-08-05 05:24 - 2014-08-05 05:24 - 01361309 _____ () C:\Users\AP\Downloads\adwcleaner_3.302(1).exe
2014-08-04 17:20 - 2014-08-04 17:20 - 00002042 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-08-04 17:20 - 2014-08-04 17:20 - 00001982 _____ () C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
2014-08-04 17:20 - 2014-08-04 17:20 - 00000000 ____D () C:\Users\AP\AppData\Roaming\AVAST Software
2014-08-04 17:20 - 2014-08-04 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-04 17:17 - 2014-08-04 17:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-04 17:17 - 2014-08-04 17:18 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-04 17:17 - 2014-08-04 17:16 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-04 17:17 - 2014-08-04 17:16 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-04 17:17 - 2014-08-04 17:16 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-04 17:17 - 2014-08-04 17:16 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-04 17:17 - 2014-08-04 17:16 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-04 17:17 - 2014-08-04 17:16 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-04 17:17 - 2014-08-04 17:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-04 17:17 - 2014-08-04 17:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-04 17:17 - 2014-08-04 17:14 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-08-04 17:16 - 2014-08-04 17:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-04 17:04 - 2014-08-04 17:07 - 121232624 _____ (AVAST Software) C:\Users\AP\Downloads\avast_pro_antivirus_setup_2021.exe
2014-08-04 13:12 - 2014-08-04 13:12 - 00000902 _____ () C:\Users\AP\Documents\IObit Malware Fighter Report.log
2014-08-04 13:11 - 2014-08-04 17:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 13:10 - 2014-08-04 13:10 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 13:10 - 2014-08-04 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-04 13:10 - 2014-08-04 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 13:10 - 2014-08-04 13:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-04 13:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 13:10 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-04 13:10 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-04 13:07 - 2014-08-04 13:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\AP\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-04 13:04 - 2014-08-04 17:54 - 00000000 ____D () C:\ProgramData\IObit
2014-08-04 13:04 - 2014-08-04 13:04 - 00001191 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-08-04 13:04 - 2014-08-04 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-08-04 13:04 - 2014-08-04 13:04 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-04 13:01 - 2014-08-04 13:03 - 26163624 _____ (IObit ) C:\Users\AP\Downloads\IObit-Malware-Figher-Setup2.4.1.16.exe
2014-08-04 11:14 - 2013-08-22 15:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140804-111427.backup
2014-08-04 10:43 - 2014-08-04 10:43 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2014-08-04 10:42 - 2014-08-05 11:36 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-08-04 10:42 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\AP\AppData\Roaming\Panda Security
2014-08-04 10:39 - 2014-08-05 11:11 - 00000000 ____D () C:\ProgramData\Panda Security
2014-08-04 10:38 - 2014-08-04 10:38 - 01369712 _____ () C:\Users\AP\Downloads\PandaCloud301Antivirus.exe
2014-08-04 10:26 - 2014-08-04 10:26 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-04 10:25 - 2014-08-04 10:25 - 05049344 _____ (Crawler.com ) C:\Users\AP\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-08-04 10:18 - 2014-08-05 06:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-04 10:18 - 2014-08-04 10:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-04 10:18 - 2014-08-04 10:18 - 00001405 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-04 10:18 - 2014-08-04 10:18 - 00001393 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-04 10:18 - 2014-08-04 10:18 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-04 10:18 - 2014-08-04 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-04 10:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-04 10:14 - 2014-08-04 10:15 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\AP\Downloads\spybot-2.4.exe
2014-08-04 10:05 - 2014-08-05 12:16 - 00305939 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 10:05 - 2014-08-04 10:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-04 10:05 - 2014-08-04 10:05 - 00000000 _____ () C:\Windows\setupact.log
2014-08-04 10:04 - 2014-08-05 11:55 - 00002506 _____ () C:\Windows\PFRO.log
2014-08-04 09:56 - 2014-08-04 09:57 - 01361309 _____ () C:\Users\AP\Downloads\adwcleaner_3.302.exe
2014-07-30 18:18 - 2014-07-30 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-30 18:18 - 2014-07-30 18:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-30 18:18 - 2014-07-30 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 18:16 - 2014-07-30 18:16 - 13087456 _____ (Microsoft Corporation) C:\Users\AP\Downloads\Silverlight_x64.exe
2014-07-30 07:54 - 2014-07-30 07:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 12:34 - 2014-07-30 20:17 - 00000000 ____D () C:\Users\AP\AppData\Roaming\Evaer
2014-07-29 12:34 - 2014-07-30 20:12 - 00000000 ____D () C:\Users\AP\Documents\Evaer
2014-07-29 12:34 - 2014-07-29 12:34 - 00000000 ____D () C:\Users\AP\AppData\Local\CrashRpt
2014-07-29 12:01 - 2014-07-29 12:02 - 00000000 ____D () C:\Users\AP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evaer
2014-07-29 12:01 - 2014-07-29 12:02 - 00000000 ____D () C:\Program Files (x86)\Evaer
2014-07-29 12:01 - 2014-07-29 12:01 - 00000959 _____ () C:\Users\AP\Desktop\Evaer.lnk
2014-07-29 11:59 - 2014-07-29 11:59 - 00699016 _____ (CNET Download.com) C:\Users\AP\Downloads\cbsidlm-cbsi213-Evaer_Skype_Video_Recorder-SEO-75329700(1).exe
2014-07-29 11:56 - 2014-07-29 11:57 - 00699016 _____ (CNET Download.com) C:\Users\AP\Downloads\cbsidlm-cbsi213-Evaer_Skype_Video_Recorder-SEO-75329700.exe
2014-07-20 13:27 - 2014-07-27 15:45 - 00079421 _____ () C:\Users\AP\Documents\Haushaltsplan Marcela-komentare von Marcela.xlsx
2014-07-14 17:38 - 2014-07-14 17:38 - 00002230 _____ () C:\Users\AP\Desktop\Kindle.lnk
2014-07-14 17:38 - 2014-07-14 17:38 - 00000000 ____D () C:\Users\AP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-07-14 17:37 - 2014-07-14 17:38 - 38157960 _____ (Amazon.com) C:\Users\AP\Downloads\KindleForPC-installer.exe
2014-07-14 09:54 - 2014-08-05 05:55 - 00004944 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for dell-AP dell
2014-07-10 12:05 - 2014-07-10 12:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 12:03 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-09 16:21 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 16:21 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 16:21 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 16:21 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 16:21 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 16:21 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 16:21 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 16:21 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 16:21 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 16:21 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 16:19 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 16:19 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 16:19 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 16:19 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 12:57 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 12:57 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 12:57 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-09 12:57 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 12:57 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 12:57 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 12:57 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 12:57 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 12:57 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 12:57 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 12:57 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 12:57 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 12:57 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 12:57 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 12:57 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 12:57 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 12:57 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 12:57 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 12:57 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 12:57 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 12:57 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 12:57 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 12:57 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 12:57 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 12:57 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 12:57 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 12:57 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 12:57 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 12:57 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-09 12:57 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-09 12:57 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-09 12:57 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 12:57 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 12:57 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-09 12:57 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-09 12:57 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 12:57 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 12:57 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 12:57 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-09 12:57 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-09 12:57 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 12:57 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 12:57 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 12:55 - 2014-07-09 12:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-07 14:24 - 2014-07-07 14:25 - 00330604 _____ () C:\Users\AP\Downloads\Aufteilung und Auszahlung Margen Mai2013.jpeg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 13:32 - 2014-08-05 13:31 - 00030573 _____ () C:\Users\AP\Downloads\FRST.txt
2014-08-05 13:31 - 2014-08-05 13:30 - 00000000 ____D () C:\FRST
2014-08-05 13:30 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\AP\AppData\Local\CrashDumps
2014-08-05 13:29 - 2014-08-05 13:29 - 02094080 _____ (Farbar) C:\Users\AP\Downloads\FRST64.exe
2014-08-05 13:26 - 2014-02-17 09:42 - 00000000 ____D () C:\Users\AP\AppData\Roaming\Skype
2014-08-05 13:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-05 12:59 - 2014-03-01 05:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 12:40 - 2014-08-05 12:40 - 00014646 _____ () C:\Users\AP\Documents\hijackthis.log
2014-08-05 12:39 - 2014-08-05 12:08 - 00014646 _____ () C:\Users\AP\Downloads\hijackthis.log
2014-08-05 12:36 - 2014-08-05 12:31 - 00000466 _____ () C:\Users\AP\Downloads\defogger_disable.log
2014-08-05 12:31 - 2014-08-05 12:31 - 00000000 _____ () C:\Users\AP\defogger_reenable
2014-08-05 12:31 - 2014-02-16 15:54 - 00000000 ____D () C:\Users\AP
2014-08-05 12:28 - 2014-08-05 12:28 - 00050477 _____ () C:\Users\AP\Downloads\Defogger.exe
2014-08-05 12:16 - 2014-08-04 10:05 - 00305939 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 12:14 - 2014-08-05 12:14 - 00001587 _____ () C:\ProgramData\1407233676.bdinstall.bin
2014-08-05 12:11 - 2014-08-05 12:11 - 00001587 _____ () C:\ProgramData\1407233483.bdinstall.bin
2014-08-05 12:10 - 2014-08-05 12:10 - 00001587 _____ () C:\ProgramData\1407233439.bdinstall.bin
2014-08-05 12:05 - 2014-08-05 12:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\AP\Downloads\hijackthis.exe
2014-08-05 12:04 - 2013-12-17 17:45 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-08-05 12:01 - 2014-02-16 16:01 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2887110303-965766443-280294267-1001
2014-08-05 11:57 - 2014-08-05 11:57 - 00000000 ___RD () C:\Users\AP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-05 11:56 - 2014-04-07 16:00 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-05 11:55 - 2014-08-04 10:04 - 00002506 _____ () C:\Windows\PFRO.log
2014-08-05 11:55 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 11:53 - 2014-08-05 11:53 - 00003088 _____ () C:\Windows\System32\Tasks\{86A2CDD7-17AF-4F03-8853-C9C09445E848}
2014-08-05 11:36 - 2014-08-04 10:42 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-08-05 11:36 - 2013-08-22 16:44 - 00371160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-05 11:11 - 2014-08-04 10:39 - 00000000 ____D () C:\ProgramData\Panda Security
2014-08-05 11:10 - 2014-08-04 10:42 - 00000000 ____D () C:\Users\AP\AppData\Roaming\Panda Security
2014-08-05 07:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-05 06:20 - 2014-08-04 10:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-05 05:55 - 2014-07-14 09:54 - 00004944 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for dell-AP dell
2014-08-05 05:42 - 2014-02-16 20:07 - 00003898 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9E5CE4D1-69FA-4973-B4B2-7C7837485382}
2014-08-05 05:29 - 2014-06-12 11:59 - 00000000 ____D () C:\AdwCleaner
2014-08-05 05:24 - 2014-08-05 05:24 - 01361309 _____ () C:\Users\AP\Downloads\adwcleaner_3.302(1).exe
2014-08-04 17:54 - 2014-08-04 13:04 - 00000000 ____D () C:\ProgramData\IObit
2014-08-04 17:20 - 2014-08-04 17:20 - 00002042 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-08-04 17:20 - 2014-08-04 17:20 - 00001982 _____ () C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
2014-08-04 17:20 - 2014-08-04 17:20 - 00000000 ____D () C:\Users\AP\AppData\Roaming\AVAST Software
2014-08-04 17:20 - 2014-08-04 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-04 17:20 - 2014-08-04 17:17 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-04 17:18 - 2014-08-04 17:17 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-04 17:16 - 2014-08-04 17:17 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-04 17:16 - 2014-08-04 17:17 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-04 17:16 - 2014-08-04 17:17 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-04 17:16 - 2014-08-04 17:17 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-04 17:16 - 2014-08-04 17:17 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-04 17:16 - 2014-08-04 17:17 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-04 17:16 - 2014-08-04 17:17 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-04 17:16 - 2014-08-04 17:17 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-04 17:16 - 2014-08-04 17:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-04 17:14 - 2014-08-04 17:17 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-04 17:11 - 2014-04-03 13:54 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-04 17:07 - 2014-08-04 17:04 - 121232624 _____ (AVAST Software) C:\Users\AP\Downloads\avast_pro_antivirus_setup_2021.exe
2014-08-04 17:01 - 2014-08-04 13:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 16:45 - 2014-02-16 20:05 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-04 13:12 - 2014-08-04 13:12 - 00000902 _____ () C:\Users\AP\Documents\IObit Malware Fighter Report.log
2014-08-04 13:10 - 2014-08-04 13:10 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 13:10 - 2014-08-04 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-04 13:10 - 2014-08-04 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 13:10 - 2014-08-04 13:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-04 13:09 - 2014-08-04 13:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\AP\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-04 13:04 - 2014-08-04 13:04 - 00001191 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-08-04 13:04 - 2014-08-04 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-08-04 13:04 - 2014-08-04 13:04 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-04 13:04 - 2014-06-13 16:15 - 00000000 ____D () C:\Users\AP\AppData\Roaming\IObit
2014-08-04 13:03 - 2014-08-04 13:01 - 26163624 _____ (IObit ) C:\Users\AP\Downloads\IObit-Malware-Figher-Setup2.4.1.16.exe
2014-08-04 10:43 - 2014-08-04 10:43 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2014-08-04 10:38 - 2014-08-04 10:38 - 01369712 _____ () C:\Users\AP\Downloads\PandaCloud301Antivirus.exe
2014-08-04 10:26 - 2014-08-04 10:26 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-04 10:25 - 2014-08-04 10:25 - 05049344 _____ (Crawler.com ) C:\Users\AP\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-08-04 10:21 - 2014-08-04 10:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-04 10:18 - 2014-08-04 10:18 - 00001405 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-04 10:18 - 2014-08-04 10:18 - 00001393 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-04 10:18 - 2014-08-04 10:18 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-04 10:18 - 2014-08-04 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-04 10:15 - 2014-08-04 10:14 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\AP\Downloads\spybot-2.4.exe
2014-08-04 10:05 - 2014-08-04 10:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-04 10:05 - 2014-08-04 10:05 - 00000000 _____ () C:\Windows\setupact.log
2014-08-04 09:57 - 2014-08-04 09:56 - 01361309 _____ () C:\Users\AP\Downloads\adwcleaner_3.302.exe
2014-08-03 09:16 - 2014-04-22 00:47 - 06766592 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
2014-08-02 06:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-01 20:00 - 2013-12-17 17:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-01 06:51 - 2014-02-17 09:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-31 14:32 - 2014-02-17 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 20:17 - 2014-07-29 12:34 - 00000000 ____D () C:\Users\AP\AppData\Roaming\Evaer
2014-07-30 20:12 - 2014-07-29 12:34 - 00000000 ____D () C:\Users\AP\Documents\Evaer
2014-07-30 20:11 - 2014-04-07 16:36 - 00000000 ____D () C:\Windows\Minidump
2014-07-30 19:19 - 2014-02-16 15:55 - 00000000 ____D () C:\Users\AP\AppData\Local\Packages
2014-07-30 18:18 - 2014-07-30 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-30 18:18 - 2014-07-30 18:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-30 18:18 - 2014-07-30 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 18:16 - 2014-07-30 18:16 - 13087456 _____ (Microsoft Corporation) C:\Users\AP\Downloads\Silverlight_x64.exe
2014-07-30 10:28 - 2014-06-29 14:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-07-30 07:54 - 2014-07-30 07:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 16:51 - 2013-12-17 17:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-07-29 12:34 - 2014-07-29 12:34 - 00000000 ____D () C:\Users\AP\AppData\Local\CrashRpt
2014-07-29 12:02 - 2014-07-29 12:01 - 00000000 ____D () C:\Users\AP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evaer
2014-07-29 12:02 - 2014-07-29 12:01 - 00000000 ____D () C:\Program Files (x86)\Evaer
2014-07-29 12:01 - 2014-07-29 12:01 - 00000959 _____ () C:\Users\AP\Desktop\Evaer.lnk
2014-07-29 11:59 - 2014-07-29 11:59 - 00699016 _____ (CNET Download.com) C:\Users\AP\Downloads\cbsidlm-cbsi213-Evaer_Skype_Video_Recorder-SEO-75329700(1).exe
2014-07-29 11:57 - 2014-07-29 11:56 - 00699016 _____ (CNET Download.com) C:\Users\AP\Downloads\cbsidlm-cbsi213-Evaer_Skype_Video_Recorder-SEO-75329700.exe
2014-07-28 17:26 - 2013-12-17 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2014-07-27 15:45 - 2014-07-20 13:27 - 00079421 _____ () C:\Users\AP\Documents\Haushaltsplan Marcela-komentare von Marcela.xlsx
2014-07-25 10:09 - 2013-12-17 17:26 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 19:02 - 2014-02-17 09:53 - 00000000 ____D () C:\Users\AP\Documents\My Kindle Content
2014-07-23 13:58 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-20 06:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-07-17 07:16 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-07-16 20:23 - 2014-02-17 11:00 - 00000000 ____D () C:\Users\AP\AppData\Roaming\PCDr
2014-07-14 17:38 - 2014-07-14 17:38 - 00002230 _____ () C:\Users\AP\Desktop\Kindle.lnk
2014-07-14 17:38 - 2014-07-14 17:38 - 00000000 ____D () C:\Users\AP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-07-14 17:38 - 2014-07-14 17:37 - 38157960 _____ (Amazon.com) C:\Users\AP\Downloads\KindleForPC-installer.exe
2014-07-14 17:29 - 2014-02-17 09:53 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-07-10 20:39 - 2014-02-16 20:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-10 12:05 - 2014-07-10 12:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 12:05 - 2014-02-23 20:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 12:05 - 2013-08-22 21:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 12:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-10 12:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 12:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 12:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-10 12:04 - 2014-02-23 20:52 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 12:04 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 12:04 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-09 12:55 - 2014-07-09 12:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-09 07:59 - 2014-03-01 05:03 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-07 14:41 - 2014-05-28 13:26 - 00000000 ____D () C:\Users\AP\AppData\Local\Microsoft Help
2014-07-07 14:25 - 2014-07-07 14:24 - 00330604 _____ () C:\Users\AP\Downloads\Aufteilung und Auszahlung Margen Mai2013.jpeg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-30 22:48

==================== End Of Log ============================

--- --- ---
und hier die additionstxt.filles:FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by AP at 2014-08-05 13:32:48
Running from C:\Users\AP\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Disabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Bitdefender Spyware-Schutz (Disabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: Bitdefender Firewall (Disabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD Accelerated Video Transcoding (Version: 13.15.100.30819 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{91F3C30F-BC39-AD82-0AF7-F2013AB529A5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Pro Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.27.0.1146 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.2 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Evaer Video Recorder for Skype 1.5.3.37 (HKLM-x32\...\Evaer Video Recorder for Skype) (Version: 1.5.3.37 - Evaer Technology)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{2950ED4F-18AD-4571-9045-27D6EBF62320}) (Version: 4.3.0.0 - Alexander Nikiforov)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2887110303-965766443-280294267-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\AP\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_4\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2887110303-965766443-280294267-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\AP\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_4\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2887110303-965766443-280294267-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\AP\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_4\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2887110303-965766443-280294267-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\AP\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_4\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

10-07-2014 06:13:09 Windows Update
21-07-2014 07:42:36 Scheduled Checkpoint
28-07-2014 05:10:10 Dell Update: Intel Management Engine Interface Driver
29-07-2014 10:01:32 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
04-08-2014 15:10:19 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-08-04 11:14 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {115CCE34-C0B9-444F-BFBF-BDAB8EA8860B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-12] (Synaptics Incorporated)
Task: {20842C87-8E5D-445F-B5AC-60E446493ECB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {218DD13A-E8E8-4511-B44C-811E756582C0} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2F9CA47D-62F8-4D3F-9A79-C32DE4B29B86} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4110E50D-1CB4-4F8F-860F-AE5334608454} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {453A24ED-40EC-42DC-981E-4F53A8A1C3AF} - System32\Tasks\Bitdefender Auto-Scan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2013-06-19] (Bitdefender)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4DA9B5C4-9ECC-40D5-8059-29AFE7923112} - System32\Tasks\PCDEventLauncherTask => C:\PROGRAM FILES\MY DELL\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {51A7284B-21F6-4CA4-9F80-01B967297151} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {59E78178-4BD2-407E-9062-3A6034A4382F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6E8DF5B6-244E-429E-8221-F0F19D1C0B0B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for dell-AP dell => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7857F6E8-4EF1-477D-8B31-E001B4C15292} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {7D8C278B-77B4-4759-A22F-7D4BB372375B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {87F23F3D-3BD1-43DD-AEFD-E5DAD12331CA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9162ECB7-185F-4F62-8E2F-ABAFD23B37FC} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9DE9972E-CD3E-433C-9E89-08DF7969494C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A57E6A48-E797-4C21-85CF-C2141F1738BA} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {B4D267D4-D54D-4304-A453-2EFAF20A1CBC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
Task: {BE0F914D-59ED-445D-A5D5-0587B4F5E835} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {C55367CC-271F-44A3-B342-721441DFB7F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CA7AABC2-C6BC-4BB8-BE14-193C9746D3E3} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CD55EA0D-584C-4F66-B242-D79312BFA926} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EA4B8056-8206-4455-912D-E2F06AE1D273} - System32\Tasks\Dell\Dell Produktregistrierung (AP) => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-22 13:48 - 2013-06-19 11:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-04-13 22:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-22 13:48 - 2013-03-25 15:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2014-07-10 20:38 - 2014-05-20 18:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-17 17:45 - 2013-08-19 20:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-12-17 17:45 - 2013-08-19 20:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-12-17 17:45 - 2013-08-19 20:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2013-09-05 09:20 - 2013-09-05 09:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-05 09:17 - 2013-09-05 09:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-05 09:24 - 2013-09-05 09:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2013-12-17 17:45 - 2013-08-19 20:21 - 00484640 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-08-04 17:15 - 2014-08-04 17:15 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-05 11:06 - 2014-08-05 11:06 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080500\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-08-04 10:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-04 10:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-04 10:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-04 10:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-04 10:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-04-22 13:48 - 2014-03-15 00:05 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2012-07-04 02:13 - 2012-07-04 02:13 - 00014848 _____ () C:\Program Files (x86)\Evaer\lame_enc.dll
2013-03-22 15:51 - 2013-03-22 15:51 - 00060928 _____ () C:\Program Files (x86)\Evaer\CrashRpt1300.dll
2014-07-29 16:50 - 2013-12-11 07:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-30 07:54 - 2014-07-30 07:54 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-17 17:45 - 2013-10-12 02:21 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-12-17 17:45 - 2012-11-26 09:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-12-17 17:45 - 2012-11-26 09:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2014-06-12 15:53 - 2014-06-12 15:53 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "bdruninstaller"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKCU\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2014 01:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x00002170
Faulting process id: 0xf18
Faulting application start time: 0xERUNT.exe0
Faulting application path: ERUNT.exe1
Faulting module path: ERUNT.exe2
Report Id: ERUNT.exe3
Faulting package full name: ERUNT.exe4
Faulting package-relative application ID: ERUNT.exe5

Error: (08/05/2014 11:56:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xb5c
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5

Error: (08/05/2014 11:56:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x9dc
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5

Error: (08/05/2014 11:55:39 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (08/05/2014 11:42:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: dell)
Description: Activation of app Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/05/2014 11:37:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xdd4
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5

Error: (08/05/2014 11:37:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xaf8
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5

Error: (08/05/2014 11:36:38 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (08/05/2014 11:04:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xfd4
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5

Error: (08/05/2014 11:04:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xacc
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5


System errors:
=============
Error: (08/05/2014 11:56:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/05/2014 11:56:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053

Error: (08/05/2014 11:56:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (08/05/2014 11:37:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/05/2014 11:37:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053

Error: (08/05/2014 11:37:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (08/05/2014 11:36:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:03:22 on ‎05.‎08.‎2014 was unexpected.

Error: (08/05/2014 11:09:44 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (08/05/2014 11:04:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/05/2014 11:04:54 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5


Microsoft Office Sessions:
=========================
Error: (08/05/2014 01:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ERUNT.exe0.0.0.02a425e19ERUNT.exe0.0.0.02a425e19c000000500002170f1801cfb0a0a5d38ebcC:\Windows\ERUNT.exeC:\Windows\ERUNT.exee3bbb58c-1c93-11e4-829c-485ab66a629c

Error: (08/05/2014 11:56:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8ab5c01cfb0937f446f3fC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exec61a33a7-1c86-11e4-829c-485ab66a629c

Error: (08/05/2014 11:56:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd9dc01cfb09374fa409bC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllbcdde989-1c86-11e4-829c-485ab66a629c

Error: (08/05/2014 11:55:39 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: 

Error: (08/05/2014 11:42:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: dell)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader-2144927142

Error: (08/05/2014 11:37:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8add401cfb090e2c47b21C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe2b2a390e-1c84-11e4-829b-485ab66a629c

Error: (08/05/2014 11:37:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdaf801cfb090d26975f9C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll1fab919f-1c84-11e4-829b-485ab66a629c

Error: (08/05/2014 11:36:38 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: 

Error: (08/05/2014 11:04:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8afd401cfb08c38adc618C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe81dcffa3-1c7f-11e4-829a-485ab66a629c

Error: (08/05/2014 11:04:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdacc01cfb08c2a8489ccC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll762aa40b-1c7f-11e4-829a-485ab66a629c


CodeIntegrity Errors:
===================================
  Date: 2014-04-09 22:29:15.370
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-09 22:25:42.948
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 8072.96 MB
Available physical RAM: 5194.72 MB
Total Pagefile: 16264.96 MB
Available Pagefile: 12996.2 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================



Drive c: (OS) (Fixed) (Total:543.34 GB) (Free:269.28 GB) NTFS
Drive e: (AP) (Fixed) (Total:147.07 GB) (Free:146.93 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.19 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.1 GB) (Free:0.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 8F613466)

Partition: GPT Partition Type.

==================== End Of Log ============================

--- --- ---
Vielen Dank!

PS: LAesst sich eigentlich etwas ueber die Herkunft der Schaedlinge sagen?

LG Alex

Machiavelli · 05.08.2014, 12:54

Zitat:

- Spyware terminator hat ein paar files als Trojaner identifiziert, die aber wahrscheinlich Falschmeldungen sind (so meine Internetrecherche. Keine andere Software hat sie gefunden.

Welche Dateien?

Zitat:

Running from C:\Users\AP\Downloads

Was haben die Anweisungen gesagt? Bitte speichere es auf Deinem Desktop ab.

Zitat:

AV: Bitdefender Antivirus (Disabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Bitdefender Spyware-Schutz (Disabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: Bitdefender Firewall (Disabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

OK, das sieht man selten, so viele AV/AS/FW sind nicht gut für Dein System. Ich empfehle Dir folgende Software zu deinstallieren:

Bitdefender Antivirus
Kaspersky Internet Security
Bitdefender Spyware-Schutz
Kaspersky Internet Security
IObit Malware Fighter
Kaspersky Internet Security
Bitdefender Firewall

Dein Log ist ziemlich sauber, dennoch paar Entries sollten weg.

Schritt 1: FRSTFix

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2887110303-965766443-280294267-1001\...\MountPoints2: {a1fcfdb8-ff7b-11e3-8270-485ab66a629c} - "G:\AutoRun.exe" 
SearchScopes: HKCU - {51C3A8DA-6F7E-4437-B3E6-C36697E67761} URL = 
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2: Adwarecleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3: Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4: FRST Scan

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

APLAS · 05.08.2014, 16:35

Hallo Macciavelli,

Du arbeitest sehr schnell... Vielen Dank dafuer!

Eine Frage: Ich verstehe gerne was ich machen soll. Was bedeutet denn der folgende Code:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2887110303-965766443-280294267-1001\...\MountPoints2: {a1fcfdb8-ff7b-11e3-8270-485ab66a629c} - "G:\AutoRun.exe"
SearchScopes: HKCU - {51C3A8DA-6F7E-4437-B3E6-C36697E67761} URL =
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo

Vielen Dank!

Alexander

APLAS · 05.08.2014, 16:59

Hallo Macciavelli,

hier noch ein paar Screen shots von Fehlerberichten die ich mir gemacht habe.

Zuaetzlich erinnere ich mich an von Kaspersky gefundene Fehlerdateien, die in meinen Thuderbirdprofilen abgespeichert waren. Sie sind dann allerdings komischerweise wiedergekommen und wurden dann erneut von KASP geloescht.

Eine Frage:

Ist es normal, dass alle System Restore Punkte vor dem 12-06 geleoscht wurden. Ich habe den Computer schon seit Februar und Mitte Juni hatte ich den Computer dann einem Computerladen zur Reparatur gegeben. Vielleicht wurde er dort manipuliert.

Danke fuer Deine Unterstuetzung.

Alex

Machiavelli · 05.08.2014, 20:05

Zitat:

Eine Frage: Ich verstehe gerne was ich machen soll. Was bedeutet denn der folgende Code:

Das einiges, sogenannte Überreste, gefixt werden, d.h. von Deinem System entfernt werden.

APLAS · 07.08.2014, 08:34

Hallo Macciavelli, danke fuer den Hinweis..

was meinst Du ... sind die PDFs die ich Dir in dem letzten Post gesandt habe ein Hinweis auf Trojanerbefall?

Hier haenge ich Dir auch noch ein weiteres Dokument an. Es zeigt ein regelmaessiges Problem. Oeffnet sich ein pulsierender Kreise (oder Kreise) oder ein Rechteck auf meinem Screen und dann ist mein Cursor stark beeintraechtigt.

Vielen Dank fuer Deine Unterstuetzung!

Alexander

Machiavelli · 07.08.2014, 12:10

Kann muss, aber nicht. Du hast nichts angehangen. Jedenfalls - warum folgst Du meinen Answeiungen nicht?

Machiavelli · 11.08.2014, 13:33

Noch da?

System freeze, Wordprobleme, touch screen und thunderbird laufen nur teilweise .... Trojanerbefall?

Log-Analyse und Auswertung: System freeze, Wordprobleme, touch screen und thunderbird laufen nur teilweise .... Trojanerbefall?