| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.08.2014, 10:14
| #1 |
 |  AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet Hallo zusammen, beim Starten meines Anti-Vir Programmes öffnet sich die Fehlermeldung: "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert." Außerdem öffnen sich automatisch mit einer gewissen Regelmäßigkeit Downloads von JScript-Dateien namens dpx.js von i.simpli.fi und bk-coretag.js von tags.bkrtx.com Danke für jede Hilfe! Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by shehzad (administrator) on SHEHZAD-PC on 19-08-2014 10:57:18
Running from C:\Users\shehzad\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\LPT\srpts.exe
( ) C:\Windows\System32\lxeecoms.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Users\shehzad\AppData\Local\fst_de_1\upfst_de_1.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\LPT\srptm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\ScanTack\updateScanTack.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Java\jre8\bin\javaws.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
() C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [lxeemon.exe] => C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe [772712 2013-01-30] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe [150264 2013-01-30] ()
HKLM\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe [368640 2014-01-05] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [fst_de_1] => "C:\Program Files (x86)\fst_de_1\fst_de_1.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe [368640 2014-01-05] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [upfst_de_1.exe] => C:\Users\shehzad\AppData\Local\fst_de_1\upfst_de_1.exe [3267536 2014-04-08] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [GoogleChromeAutoLaunch_64528655D5F25C403B8633DE809A3F8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [PriceMeterW] => "C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [UhpeRfefh] => regsvr32.exe "C:\ProgramData\UhpeRfefh\UhpeRfefh.dat"
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe [368640 2014-01-05] ()
HKU\S-1-5-21-2564675894-2720206820-1579627790-1008\...\Run: [playnowradio] => C:\Users\alisha\AppData\Local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe [420352 2014-03-06] (Pay By Ads LTD)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-HA,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.findwide.com/?guid={FABB9A3B-020B-4955-9542-90B196036D71}&action=homepage_search
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-HA,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL =
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-HA,,&q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: ScanTack -> {d332cff8-358e-4c9e-8af3-a08872ef22c1} -> C:\Program Files (x86)\ScanTack\ScanTackbho.dll (ScanTack)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {CD0342DD-7582-4507-B58A-4C9EA18B13AA} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default
FF DefaultSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_114.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_114.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: MediaPlayerplus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-05-20]
FF Extension: Quick Start - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\quick_start@gmail.com [2014-05-21]
FF Extension: Shopping Helper Smartbar - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{14895be1-6013-6314-fc5c-52690c3f821a} [2014-04-27]
FF Extension: Boost - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\boost@boost.net.xpi [2014-05-16]
FF Extension: Adblock Plus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-27]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
Chrome:
=======
CHR Extension: (BonanzaDeals) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2014-08-19]
CHR Extension: (Skype Click to Call) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [dljhohhmfjfhgfhpgkfefjoojfobodhn] - C:\Program Files (x86)\Whilokii\dljhohhmfjfhgfhpgkfefjoojfobodhn.crx [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-23] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-23] (BonanzaDeals)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-09] ()
S2 lxeeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\Windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
R2 lxee_device; C:\Windows\SysWOW64\lxeecoms.exe [598696 2010-04-14] ( )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SecurityCenterServer1376075522; C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe [368640 2014-01-05] () [File not signed]
R2 Update ScanTack; C:\Program Files (x86)\ScanTack\updateScanTack.exe [317728 2014-05-30] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 {fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64; C:\Windows\System32\drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64.sys [61112 2014-05-22] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 10:57 - 2014-08-19 10:57 - 00023114 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 10:56 - 2014-08-19 10:57 - 00000000 ____D () C:\FRST
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 10:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 09:22 - 2014-08-19 09:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:36 - 2014-08-18 20:37 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:29 - 2014-08-18 20:30 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:25 - 2014-08-18 20:27 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:19 - 2014-08-18 20:20 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:19 - 2014-08-18 20:20 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:16 - 2014-08-18 19:17 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 17:30 - 2014-08-19 10:00 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-18 17:30 - 2014-08-18 17:30 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1376075522
2014-08-18 17:30 - 2014-08-18 17:30 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Vodeka
2014-08-18 17:30 - 2014-01-05 16:34 - 00368640 _____ () C:\Windows\SysWOW64\haiwuruc.exe
2014-08-18 17:29 - 2014-08-18 17:29 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-13 09:32 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 09:32 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 09:32 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 09:32 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 09:32 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 08:19 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 08:19 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 08:19 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 08:19 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 08:19 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 08:19 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 08:19 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 08:19 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 08:19 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 08:19 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 08:19 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 08:19 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 08:19 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 08:19 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 08:19 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 08:19 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 08:19 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 08:19 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 08:19 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 08:19 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 08:18 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 08:18 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 08:18 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 08:18 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 08:18 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 08:18 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 08:18 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 08:18 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 08:13 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 08:13 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 08:13 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 08:13 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:39 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-11 17:36 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 17:04 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Google
2014-08-11 17:04 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah.shehzad-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 17:04 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-11 17:04 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-11 17:04 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Macromedia
2014-08-11 17:04 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-11 17:04 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-11 11:47 - 2014-08-11 11:48 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:45 - 2014-08-11 11:46 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-07 17:34 - 2014-08-07 17:35 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:43 - 2014-08-01 21:44 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:35 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 11:35 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google
2014-08-01 11:35 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-01 11:35 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-01 11:35 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-01 11:35 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Macromedia
2014-08-01 11:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-01 11:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}
2014-07-20 20:14 - 2014-07-20 20:14 - 00978687 _____ () C:\ProgramData\SPLDC0.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 10:57 - 2014-08-19 10:57 - 00023114 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 10:57 - 2014-08-19 10:56 - 00000000 ____D () C:\FRST
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:40 - 2013-10-09 12:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 10:31 - 2014-05-25 14:31 - 00000286 _____ () C:\Windows\Tasks\FF Watcher {1DB6657B-232F-495A-B46A-89F94D0B7CE5}.job
2014-08-19 10:27 - 2013-10-23 13:21 - 00000928 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:10 - 2014-03-19 09:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 10:04 - 2014-08-19 09:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 10:04 - 2014-04-14 22:03 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-08-19 10:00 - 2014-08-18 17:30 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-19 09:24 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 09:24 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:23 - 2014-08-19 09:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-19 09:20 - 2013-10-09 21:52 - 01583736 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 09:19 - 2014-04-17 08:40 - 00000000 ____D () C:\Users\shehzad\AppData\Local\fst_de_1
2014-08-19 09:16 - 2014-04-10 23:21 - 00003126 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job
2014-08-19 09:16 - 2014-04-10 23:21 - 00002198 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job
2014-08-19 09:16 - 2014-04-10 23:21 - 00001508 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job
2014-08-19 09:16 - 2014-04-10 23:21 - 00001430 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job
2014-08-19 09:16 - 2014-04-10 23:21 - 00001418 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job
2014-08-19 09:16 - 2013-10-23 13:21 - 00000924 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2014-08-19 09:16 - 2013-10-09 21:17 - 00170065 _____ () C:\ProgramData\lxeescan.log
2014-08-19 09:16 - 2013-10-09 12:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 09:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 09:15 - 2009-07-14 06:51 - 00007294 _____ () C:\Windows\setupact.log
2014-08-19 09:01 - 2009-07-14 06:45 - 00378432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-18 23:37 - 2011-02-10 21:25 - 00699634 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 23:37 - 2011-02-10 21:25 - 00149516 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 23:37 - 2009-07-14 07:13 - 01621276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:37 - 2014-08-18 20:36 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:36 - 2014-04-15 18:11 - 617677318 _____ () C:\Windows\MEMORY.DMP
2014-08-18 20:36 - 2014-04-15 18:11 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 20:30 - 2014-08-18 20:29 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:27 - 2014-08-18 20:25 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:20 - 2014-08-18 20:19 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:20 - 2014-08-18 20:19 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:19 - 2009-07-14 06:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-18 20:07 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:17 - 2014-08-18 19:16 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 18:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-18 17:30 - 2014-08-18 17:30 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1376075522
2014-08-18 17:30 - 2014-08-18 17:30 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Vodeka
2014-08-18 17:29 - 2014-08-18 17:29 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-18 12:40 - 2014-06-25 16:07 - 00001471 _____ () C:\Users\alisha\Desktop\Play Now Radio.lnk
2014-08-18 09:41 - 2013-10-10 21:13 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Skype
2014-08-17 23:22 - 2013-10-09 13:04 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\SoftGrid Client
2014-08-17 19:24 - 2013-10-09 21:28 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-08-17 19:01 - 2014-02-18 22:33 - 00000492 _____ () C:\ProgramData\lxeeDiagnostics.log
2014-08-17 14:34 - 2014-08-11 17:39 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-17 14:34 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-16 08:44 - 2013-10-09 12:57 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-14 19:10 - 2014-03-19 09:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 19:10 - 2014-03-19 09:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-14 19:10 - 2011-06-28 01:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 09:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 09:44 - 2013-10-17 16:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 09:37 - 2011-02-10 22:56 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 09:32 - 2014-05-06 18:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 11:48 - 2014-08-11 11:47 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:46 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-08 20:26 - 2014-04-27 14:48 - 00654336 ___SH () C:\Users\shehzad\Downloads\Thumbs.db
2014-08-07 17:35 - 2014-08-07 17:34 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-07 14:20 - 2013-10-10 21:12 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 04:06 - 2014-08-13 08:13 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 08:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:44 - 2014-08-01 21:43 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:36 - 2014-08-01 11:35 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 01:41 - 2014-08-13 08:19 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 08:19 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 22:06 - 2014-05-30 20:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-27 10:02 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 16:52 - 2014-08-13 08:19 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 08:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 08:19 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 08:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 08:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 08:19 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 08:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 08:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 08:19 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 08:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 08:19 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 08:19 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 08:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 08:19 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 08:19 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 08:19 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}
2014-07-25 13:52 - 2014-08-13 08:19 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 08:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 08:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 08:19 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 08:19 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 08:19 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 08:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 08:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 08:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 08:19 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 08:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 08:19 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 08:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 08:19 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 08:19 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 08:19 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 08:19 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 08:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 08:19 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 08:19 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 20:14 - 2014-07-20 20:14 - 00978687 _____ () C:\ProgramData\SPLDC0.tmp
Some content of TEMP:
====================
C:\Users\alisha\AppData\Local\Temp\avgnt.exe
C:\Users\alisha\AppData\Local\Temp\drm_dialogs.dll
C:\Users\alisha\AppData\Local\Temp\drm_dyndata_7320010.dll
C:\Users\Sarah\AppData\Local\Temp\avgnt.exe
C:\Users\Sarah.shehzad-PC\AppData\Local\Temp\avgnt.exe
C:\Users\shehzad\AppData\Local\Temp\avgnt.exe
C:\Users\shehzad\AppData\Local\Temp\VP6Install.exe
C:\Users\shehzad\AppData\Local\Temp\VP6VFW.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 00:46
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by shehzad at 2014-08-19 10:58:17
Running from C:\Users\shehzad\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.684.213 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2011.0707.2346.40825 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60707.2331 - ATI Technologies Inc.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
ccc-utility64 (Version: 2011.0707.2346.40825 - ATI) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Lexmark Pro700 Series (HKLM\...\Lexmark Pro700 Series) (Version: - Lexmark International, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
ScanTack (HKLM\...\ScanTack) (Version: 2014.05.30.150643 - ScanTack) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Total Uninstall 6.4.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.4.1 - Gavrila Martau)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-08-2014 07:45:12 Geplanter Prüfpunkt
13-08-2014 06:11:53 Windows Update
13-08-2014 07:31:55 Windows Update
13-08-2014 22:58:41 Windows Update
19-08-2014 06:15:23 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {086B95EC-772B-46F8-9998-CA84BFB4E4E6} - System32\Tasks\{AB159400-B175-49A2-94DD-122F7F00803B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {09A46B40-F55B-449A-BBD6-2C29B7A02BF8} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-23] (BonanzaDeals) <==== ATTENTION
Task: {2391C03B-B2B2-433B-AE53-CAF315333589} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited)
Task: {245BD3E0-0A38-4C22-A067-00BEFBF3AF4D} - System32\Tasks\{7FAC5E21-9611-4111-9AD0-9D97CADFEF1A} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Burning Studio\burningstudio.exe [2010-03-19] ()
Task: {2AEF6088-AABA-49F3-8B53-6F6E08D932E5} - System32\Tasks\Price Meter Updater => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2F02C421-B7DE-423A-BF8C-9F80036F12B2} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: {304F45BD-2640-46D9-B248-7E91A6C1D676} - System32\Tasks\Play Now Radio => C:\Users\alisha\AppData\Local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe [2014-03-06] (Pay By Ads LTD)
Task: {31FB817F-2FC0-415B-B5CA-E0EE0CDDC864} - System32\Tasks\UpdaterEX => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3200EDFD-2EEA-4B46-B877-0ABE70B9FFC2} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-23] (BonanzaDeals) <==== ATTENTION
Task: {327513AD-B4F9-44A8-B435-0717FB6DB6BE} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {341323E9-DF92-4EEA-BE92-505AB3D9F4B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {4D41B39E-F182-4EAE-BFDE-180313AC2DD7} - System32\Tasks\Security Center Update - 1376075522 => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe [2014-01-05] ()
Task: {4EA0FF40-41E3-4EFD-BA67-6D0AE8749039} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {5187A258-5AA6-4BF4-BA54-8A2A814D0600} - System32\Tasks\{52AFAD36-978D-4DB5-9133-31C5BBBB3A9E} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {532F9F3C-359F-46DC-B432-CCAE93BF3618} - System32\Tasks\{7DCD380B-BDDC-4D3C-BBB0-9E05D0B393DD} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {5D8E38BA-48DA-431A-AC31-2A100B09E11D} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: {6823D1BE-37A5-4453-81BB-5875424FFE58} - System32\Tasks\{6E6F044E-E1C1-48C5-8846-C98A6C6FF79F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {68C643DA-560C-4058-BF85-A21016BBCAF8} - System32\Tasks\{B311DB15-409C-4F5C-A2CA-3B96D0E9B8B3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7CD7EA51-3752-413A-8777-F226BD217065} - System32\Tasks\{F9FF6C01-0F77-4892-90C1-AB11BA9A8473} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7FB3FC1A-9834-4E66-B6D0-AD2F6F35F92C} - System32\Tasks\{C3BFF0CF-95D8-4225-8394-302BDEAC466F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Snap\ashsnap.exe [2010-03-20] (ashampoo GmbH & Co. KG)
Task: {972D1880-A511-4429-B032-2831AA653B9F} - System32\Tasks\{351A3EDF-51A8-4161-B94C-89F4378A7A26} => C:\Program Files (x86)\Flash Player Pro\Flash Player Pro.exe
Task: {A180C3BE-BEA5-4087-B299-0AD0742565A2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AB067E2C-2D59-4792-AEA7-93A327E00451} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated)
Task: {AC92E9BF-6D2B-4A32-886C-355E339224BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {BC4C52EA-90B6-4908-A357-2E7C4015E94A} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: {C4EFD966-1A90-4852-ADEF-90CD7494C73C} - System32\Tasks\{7F6C8D6A-E32F-45D7-B3BC-249B17FAB4C4} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {C8A99DFA-96D1-400C-8C1A-D8A12CCB5AB1} - System32\Tasks\{25253F42-D79C-4472-AF27-D41A3824C54D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {CB91BCB8-2627-4EB3-9EDC-E6D3EABD0DAA} - System32\Tasks\{C6C20EFD-3F5D-4974-A65A-EF9F37C21E87} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.60.106/de/eula
Task: {D5654A96-C6E5-4193-BEEC-CD6C1E229855} - System32\Tasks\FF Watcher {1DB6657B-232F-495A-B46A-89F94D0B7CE5} => C:\Program Files\V-bates\PrefHelper.exe
Task: {DABEEC72-2BD2-4E20-BE0B-3219A53931DE} - System32\Tasks\{F9DF7985-8072-4D9B-8A2D-6F3FC176F73B} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2010-09-29] (ATI Technologies Inc.)
Task: {DBAB8BC7-8391-4A21-9603-35F84C745E33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {DC45EE92-694F-499D-9936-4E79967B4AC3} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: {E813E246-C5F7-43B4-AB05-4D5C3BE79134} - System32\Tasks\{DD6357C3-9F85-4003-83FE-5EA5E4094F54} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {ECFED13C-77B7-4525-BE1B-2D476C34AB5B} - System32\Tasks\{D7523B32-B93F-4528-9BF6-EFA32E0EF58D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {F290E9C5-55DB-40AA-9AD4-79E5EB43B5FB} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {F294E5FA-4CE9-454F-B3DA-2B420CEAB505} - System32\Tasks\pricemeterdownloader => C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterd.exe
Task: {FB2F5B85-9BE2-4898-8F8D-A64DC93D0A26} - System32\Tasks\{DC04D699-98E2-4552-9CA2-E168BBA0723B} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {FF008A85-FAAB-42B3-9C6E-6E0A28109C87} - System32\Tasks\{60C667F5-2886-4333-863B-AC1AE3BECC4F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {1DB6657B-232F-495A-B46A-89F94D0B7CE5}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Price Meter Updater.job => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1376075522.job => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-10-09 21:28 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
2011-07-08 08:36 - 2011-07-08 08:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00032288 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-04-17 08:40 - 2014-04-08 11:08 - 03267536 _____ () C:\Users\shehzad\AppData\Local\fst_de_1\upfst_de_1.exe
2014-02-08 23:02 - 2013-01-30 16:25 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
2014-02-08 23:02 - 2013-01-30 16:25 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
2014-01-05 16:34 - 2014-01-05 16:34 - 00368640 _____ () C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
2014-02-09 12:41 - 2014-04-29 11:17 - 00023072 _____ () C:\Program Files (x86)\LPT\srptm.exe
2011-07-08 08:36 - 2011-07-08 08:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-08 08:44 - 2011-07-08 08:44 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-16 11:42 - 2009-12-16 11:42 - 00205824 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeemicro.dll
2010-04-01 17:30 - 2010-04-01 17:30 - 01558528 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeedrs64.dll
2009-03-10 05:44 - 2009-03-10 05:44 - 00015360 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeecaps64.dll
2014-05-30 17:06 - 2014-05-30 17:06 - 00317728 _____ () C:\Program Files (x86)\ScanTack\updateScanTack.exe
2014-02-09 12:41 - 2014-02-09 12:41 - 00070176 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00022048 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-02-08 23:02 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
2014-02-08 23:02 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
2014-02-08 23:02 - 2009-05-27 08:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecats.dll
2014-02-08 23:02 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeDRS.dll
2014-02-08 23:02 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
2009-02-20 08:48 - 2009-02-20 08:48 - 00381440 _____ () C:\Windows\system32\lxeesm.dll
2009-04-28 07:56 - 2009-04-28 07:56 - 00024064 _____ () C:\Windows\system32\lxeesmr.dll
2014-02-08 23:02 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epwizard.DLL
2014-02-08 23:02 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
2014-02-08 23:02 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Eputil.DLL
2014-02-08 23:02 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Imagutil.DLL
2014-02-08 23:02 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epfunct.DLL
2014-02-08 23:02 - 2009-06-23 07:09 - 02203648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPWizRes.dll
2014-02-08 23:02 - 2009-06-23 07:10 - 00045056 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
2014-02-08 23:02 - 2009-06-23 07:11 - 00102400 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPOEMDll.dll
2014-02-08 23:02 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
2014-02-08 23:02 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-02-09 12:41 - 2014-04-29 11:18 - 00057888 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00066080 _____ () C:\Program Files (x86)\LPT\sppsm.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00155680 _____ () C:\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00027168 _____ () C:\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00165920 _____ () C:\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00044064 _____ () C:\Program Files (x86)\LPT\srbu.dll
2014-04-14 22:03 - 2014-04-14 22:03 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00021880 _____ () C:\Program Files (x86)\LPT\srpdm.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00039456 _____ () C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyService.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 08:43 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-19 09:22 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-19 09:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-19 09:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/19/2014 10:09:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDScan.exe, Version 2.4.40.181 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b38
Startzeit: 01cfbb7ea92337a6
Endzeit: 79
Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Berichts-ID: 0d980617-2778-11e4-b808-8c89a557884c
Error: (08/19/2014 09:21:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e54909
ID des fehlerhaften Prozesses: 0x34c
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Error: (08/19/2014 09:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: piarudx.exe, Version: 0.0.0.0, Zeitstempel: 0x53f2109a
Name des fehlerhaften Moduls: piarudx.exe, Version: 0.0.0.0, Zeitstempel: 0x53f2109a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000042b5
ID des fehlerhaften Prozesses: 0xb2c
Startzeit der fehlerhaften Anwendung: 0xpiarudx.exe0
Pfad der fehlerhaften Anwendung: piarudx.exe1
Pfad des fehlerhaften Moduls: piarudx.exe2
Berichtskennung: piarudx.exe3
Error: (08/19/2014 08:16:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: piarudx.exe, Version: 0.0.0.0, Zeitstempel: 0x53d75949
Name des fehlerhaften Moduls: mshtml.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d26078
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00136cef
ID des fehlerhaften Prozesses: 0x850
Startzeit der fehlerhaften Anwendung: 0xpiarudx.exe0
Pfad der fehlerhaften Anwendung: piarudx.exe1
Pfad des fehlerhaften Moduls: piarudx.exe2
Berichtskennung: piarudx.exe3
Error: (08/19/2014 08:13:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00624909
ID des fehlerhaften Prozesses: 0x1b70
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Error: (08/18/2014 11:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01eb4909
ID des fehlerhaften Prozesses: 0xad0
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Error: (08/18/2014 09:26:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00314909
ID des fehlerhaften Prozesses: 0x16fc
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Error: (08/18/2014 09:21:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: piarudx.exe, Version: 0.0.0.0, Zeitstempel: 0x53f2109a
Name des fehlerhaften Moduls: piarudx.exe, Version: 0.0.0.0, Zeitstempel: 0x53f2109a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000042b5
ID des fehlerhaften Prozesses: 0xb28
Startzeit der fehlerhaften Anwendung: 0xpiarudx.exe0
Pfad der fehlerhaften Anwendung: piarudx.exe1
Pfad des fehlerhaften Moduls: piarudx.exe2
Berichtskennung: piarudx.exe3
Error: (08/18/2014 08:19:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00524909
ID des fehlerhaften Prozesses: 0x1714
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Error: (08/18/2014 07:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e24909
ID des fehlerhaften Prozesses: 0x1674
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
System errors:
=============
Error: (08/19/2014 10:14:17 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/19/2014 10:14:17 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/19/2014 10:13:04 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/19/2014 10:04:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wpm Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/19/2014 09:47:46 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/19/2014 09:47:46 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/19/2014 09:47:46 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/19/2014 09:47:46 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/19/2014 09:47:45 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/19/2014 09:47:45 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Microsoft Office Sessions:
=========================
Error: (08/19/2014 10:09:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDScan.exe2.4.40.1811b3801cfbb7ea92337a679C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe0d980617-2778-11e4-b808-8c89a557884c
Error: (08/19/2014 09:21:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e5490934c01cfbb7e2ab0b594C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown69b9d7f8-2771-11e4-b808-8c89a557884c
Error: (08/19/2014 09:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: piarudx.exe0.0.0.053f2109apiarudx.exe0.0.0.053f2109ac0000005000042b5b2c01cfbb7d76fd9845C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exeC:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exed21fab15-2770-11e4-b808-8c89a557884c
Error: (08/19/2014 08:16:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: piarudx.exe0.0.0.053d75949mshtml.dll11.0.9600.1723953d26078c000000500136cef85001cfbb74adad2826C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exeC:\Windows\SysWOW64\mshtml.dll633d97ba-2768-11e4-9915-8c89a557884c
Error: (08/19/2014 08:13:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c0000005006249091b7001cfbb74a6186edcC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknownea7d1b14-2767-11e4-9915-8c89a557884c
Error: (08/18/2014 11:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501eb4909ad001cfbb2b4d89856cC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown8cff1881-271e-11e4-aa6c-742f6817a37b
Error: (08/18/2014 09:26:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c00000050031490916fc01cfbb1a4509760fC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown838ec084-270d-11e4-8f58-8c89a557884c
Error: (08/18/2014 09:21:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: piarudx.exe0.0.0.053f2109apiarudx.exe0.0.0.053f2109ac0000005000042b5b2801cfbb1990a6e510C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exeC:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exee6d85b11-270c-11e4-8f58-8c89a557884c
Error: (08/18/2014 08:19:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000500524909171401cfbb10de70168dC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown21a0316f-2704-11e4-bca3-742f6817a37b
Error: (08/18/2014 07:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e24909167401cfbb0d72342cdeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknownb1a03a72-2700-11e4-815f-742f6817a37b
CodeIntegrity Errors:
===================================
Date: 2014-02-07 09:39:07.504
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.502
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.500
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.478
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.476
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.474
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-05 16:30:47.329
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-05 16:30:47.329
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-05 16:30:47.329
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-05 16:30:47.313
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD A8-3800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 52%
Total physical RAM: 3576.13 MB
Available physical RAM: 1705.91 MB
Total Pagefile: 7150.45 MB
Available Pagefile: 4015.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:829.74 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:19.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5183A2EF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
19.08.2014, 10:16
| #2 |
| /// TB-Ausbilder   | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Scan mit Combofix
|
|
19.08.2014, 10:52
| #3 |
| | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet Während Combofix noch läuft sind folgende Fehler aufgetreten (tippe vom Laptop)
__________________handle viewer funktioniert nicht mehr Windows Befehlsprozess funktioniert nicht mehr imp gui wird ebenfalls blockiert (nach Neustart) Combofix zeigt nun an: Fast fertig... Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. |
|
19.08.2014, 10:55
| #4 |
| /// TB-Ausbilder | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet |
|
19.08.2014, 11:17
| #5 |
| | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet Ich hab Combofix im abgesicherten Modus durchgeführt, dann lief alles. Nach dem Neustart ging Combofix weiter.. nun wieder: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Hätte ich nach dem obligatorischen Neustart durch Combofix wieder in den abgesicherten Modus wechseln sollen? Der Fixlog aus Schritt 1 Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by shehzad at 2014-08-19 11:22:35 Run:1
Running from C:\Users\shehzad\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
end
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ====
|
|
19.08.2014, 11:26
| #6 |
| /// TB-Ausbilder | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet Servus, nein, passt schon, du hast alles richtig gemacht. Führe mal bitte nochmal FRST aus, damit ich einen aktuellen Überblick bekomme:
|
|
19.08.2014, 11:31
| #7 |
| | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet In Ordnung. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by shehzad (administrator) on SHEHZAD-PC on 19-08-2014 12:29:11
Running from C:\Users\shehzad\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\LPT\srpts.exe
( ) C:\Windows\System32\lxeecoms.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(BonanzaDeals) C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\ScanTack\updateScanTack.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre8\bin\javaws.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [lxeemon.exe] => C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe [772712 2013-01-30] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe [150264 2013-01-30] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [fst_de_1] => "C:\Program Files (x86)\fst_de_1\fst_de_1.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [GoogleChromeAutoLaunch_64528655D5F25C403B8633DE809A3F8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [PriceMeterW] => "C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [UhpeRfefh] => regsvr32.exe "C:\ProgramData\UhpeRfefh\UhpeRfefh.dat"
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL =
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-HA,,&q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: ScanTack -> {d332cff8-358e-4c9e-8af3-a08872ef22c1} -> C:\Program Files (x86)\ScanTack\ScanTackbho.dll (ScanTack)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {CD0342DD-7582-4507-B58A-4C9EA18B13AA} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default
FF DefaultSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_114.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_114.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: MediaPlayerplus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-05-20]
FF Extension: Quick Start - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\quick_start@gmail.com [2014-05-21]
FF Extension: Shopping Helper Smartbar - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{14895be1-6013-6314-fc5c-52690c3f821a} [2014-04-27]
FF Extension: Boost - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\boost@boost.net.xpi [2014-05-16]
FF Extension: Adblock Plus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-27]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
Chrome:
=======
CHR Extension: (BonanzaDeals) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2014-08-19]
CHR Extension: (Skype Click to Call) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [dljhohhmfjfhgfhpgkfefjoojfobodhn] - C:\Program Files (x86)\Whilokii\dljhohhmfjfhgfhpgkfefjoojfobodhn.crx [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-23] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-23] (BonanzaDeals)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-09] ()
S2 lxeeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\Windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
R2 lxee_device; C:\Windows\SysWOW64\lxeecoms.exe [598696 2010-04-14] ( )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Update ScanTack; C:\Program Files (x86)\ScanTack\updateScanTack.exe [317728 2014-05-30] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 {fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64; C:\Windows\System32\drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64.sys [61112 2014-05-22] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 12:00 - 2014-08-19 12:13 - 00000000 ____D () C:\ComboFix
2014-08-19 11:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-19 11:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-19 11:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-19 11:26 - 2014-08-19 11:50 - 00000000 ____D () C:\Qoobox
2014-08-19 11:25 - 2014-08-19 12:07 - 00000000 ____D () C:\Windows\erdnt
2014-08-19 11:23 - 2014-08-19 11:24 - 05572251 ____R (Swearware) C:\Users\shehzad\Desktop\ComboFix.exe
2014-08-19 10:58 - 2014-08-19 10:59 - 00037519 _____ () C:\Users\shehzad\Desktop\Addition.txt
2014-08-19 10:57 - 2014-08-19 12:29 - 00020253 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 10:56 - 2014-08-19 12:29 - 00000000 ____D () C:\FRST
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 10:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 09:22 - 2014-08-19 09:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:36 - 2014-08-18 20:37 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:29 - 2014-08-18 20:30 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:25 - 2014-08-18 20:27 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:19 - 2014-08-18 20:20 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:19 - 2014-08-18 20:20 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:16 - 2014-08-18 19:17 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 17:30 - 2014-08-19 11:45 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Vodeka
2014-08-18 17:30 - 2014-08-19 11:00 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-18 17:30 - 2014-08-18 17:30 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1376075522
2014-08-18 17:30 - 2014-01-05 16:34 - 00368640 _____ () C:\Windows\SysWOW64\haiwuruc.exe
2014-08-18 17:29 - 2014-08-18 17:29 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-13 09:32 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 09:32 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 09:32 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 09:32 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 09:32 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 08:19 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 08:19 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 08:19 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 08:19 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 08:19 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 08:19 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 08:19 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 08:19 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 08:19 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 08:19 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 08:19 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 08:19 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 08:19 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 08:19 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 08:19 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 08:19 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 08:19 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 08:19 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 08:19 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 08:19 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 08:18 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 08:18 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 08:18 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 08:18 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 08:18 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 08:18 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 08:18 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 08:18 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 08:13 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 08:13 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 08:13 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 08:13 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:39 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-11 17:36 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 17:04 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Google
2014-08-11 17:04 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah.shehzad-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 17:04 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-11 17:04 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-11 17:04 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Macromedia
2014-08-11 17:04 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-11 17:04 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-11 11:47 - 2014-08-11 11:48 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:45 - 2014-08-11 11:46 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-07 17:34 - 2014-08-07 17:35 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:43 - 2014-08-01 21:44 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:35 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 11:35 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google
2014-08-01 11:35 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-01 11:35 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-01 11:35 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-01 11:35 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Macromedia
2014-08-01 11:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-01 11:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 12:29 - 2014-08-19 10:57 - 00020253 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 12:29 - 2014-08-19 10:56 - 00000000 ____D () C:\FRST
2014-08-19 12:26 - 2013-10-23 13:21 - 00000928 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2014-08-19 12:18 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 12:18 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 12:14 - 2013-10-09 21:52 - 01596072 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 12:13 - 2014-08-19 12:00 - 00000000 ____D () C:\ComboFix
2014-08-19 12:11 - 2014-03-19 09:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 12:09 - 2014-04-10 23:21 - 00003126 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job
2014-08-19 12:09 - 2014-04-10 23:21 - 00002198 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job
2014-08-19 12:09 - 2014-04-10 23:21 - 00001508 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job
2014-08-19 12:09 - 2014-04-10 23:21 - 00001430 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job
2014-08-19 12:09 - 2014-04-10 23:21 - 00001418 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job
2014-08-19 12:09 - 2013-10-23 13:21 - 00000924 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2014-08-19 12:09 - 2013-10-09 21:17 - 00170505 _____ () C:\ProgramData\lxeescan.log
2014-08-19 12:09 - 2013-10-09 12:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 12:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 12:09 - 2009-07-14 06:45 - 00378432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 12:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-19 12:08 - 2010-11-21 05:47 - 00251224 _____ () C:\Windows\PFRO.log
2014-08-19 12:08 - 2009-07-14 06:51 - 00007406 _____ () C:\Windows\setupact.log
2014-08-19 12:08 - 2009-07-14 04:34 - 83623936 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 28835840 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 01572864 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-19 12:07 - 2014-08-19 11:25 - 00000000 ____D () C:\Windows\erdnt
2014-08-19 11:50 - 2014-08-19 11:26 - 00000000 ____D () C:\Qoobox
2014-08-19 11:45 - 2014-08-18 17:30 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Vodeka
2014-08-19 11:41 - 2014-04-14 22:03 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-08-19 11:40 - 2013-10-09 12:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 11:24 - 2014-08-19 11:23 - 05572251 ____R (Swearware) C:\Users\shehzad\Desktop\ComboFix.exe
2014-08-19 11:04 - 2014-04-14 22:03 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-08-19 11:00 - 2014-08-18 17:30 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-19 10:59 - 2014-08-19 10:58 - 00037519 _____ () C:\Users\shehzad\Desktop\Addition.txt
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 10:04 - 2014-08-19 09:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:23 - 2014-08-19 09:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-19 09:19 - 2014-04-17 08:40 - 00000000 ____D () C:\Users\shehzad\AppData\Local\fst_de_1
2014-08-18 23:37 - 2011-02-10 21:25 - 00699634 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 23:37 - 2011-02-10 21:25 - 00149516 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 23:37 - 2009-07-14 07:13 - 01621276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:37 - 2014-08-18 20:36 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:36 - 2014-04-15 18:11 - 617677318 _____ () C:\Windows\MEMORY.DMP
2014-08-18 20:36 - 2014-04-15 18:11 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 20:30 - 2014-08-18 20:29 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:27 - 2014-08-18 20:25 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:20 - 2014-08-18 20:19 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:20 - 2014-08-18 20:19 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:19 - 2009-07-14 06:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-18 20:07 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:17 - 2014-08-18 19:16 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 18:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-18 17:30 - 2014-08-18 17:30 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1376075522
2014-08-18 17:29 - 2014-08-18 17:29 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-18 12:40 - 2014-06-25 16:07 - 00001471 _____ () C:\Users\alisha\Desktop\Play Now Radio.lnk
2014-08-18 09:41 - 2013-10-10 21:13 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Skype
2014-08-17 23:22 - 2013-10-09 13:04 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\SoftGrid Client
2014-08-17 19:24 - 2013-10-09 21:28 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-08-17 19:01 - 2014-02-18 22:33 - 00000492 _____ () C:\ProgramData\lxeeDiagnostics.log
2014-08-17 14:34 - 2014-08-11 17:39 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-17 14:34 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-16 08:44 - 2013-10-09 12:57 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-14 19:10 - 2014-03-19 09:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 19:10 - 2014-03-19 09:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-14 19:10 - 2011-06-28 01:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 09:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 09:44 - 2013-10-17 16:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 09:37 - 2011-02-10 22:56 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 09:32 - 2014-05-06 18:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 11:48 - 2014-08-11 11:47 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:46 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-08 20:26 - 2014-04-27 14:48 - 00654336 ___SH () C:\Users\shehzad\Downloads\Thumbs.db
2014-08-07 17:35 - 2014-08-07 17:34 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-07 14:20 - 2013-10-10 21:12 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 04:06 - 2014-08-13 08:13 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 08:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:44 - 2014-08-01 21:43 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:36 - 2014-08-01 11:35 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 01:41 - 2014-08-13 08:19 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 08:19 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 22:06 - 2014-05-30 20:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-27 10:02 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 16:52 - 2014-08-13 08:19 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 08:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 08:19 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 08:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 08:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 08:19 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 08:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 08:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 08:19 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 08:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 08:19 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 08:19 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 08:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 08:19 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 08:19 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 08:19 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}
2014-07-25 13:52 - 2014-08-13 08:19 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 08:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 08:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 08:19 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 08:19 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 08:19 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 08:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 08:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 08:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 08:19 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 08:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 08:19 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 08:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 08:19 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 08:19 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 08:19 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 08:19 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 08:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 08:19 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 08:19 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 00:46
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by shehzad at 2014-08-19 12:30:15
Running from C:\Users\shehzad\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.684.213 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2011.0707.2346.40825 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60707.2331 - ATI Technologies Inc.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
ccc-utility64 (Version: 2011.0707.2346.40825 - ATI) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Lexmark Pro700 Series (HKLM\...\Lexmark Pro700 Series) (Version: - Lexmark International, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
ScanTack (HKLM\...\ScanTack) (Version: 2014.05.30.150643 - ScanTack) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Total Uninstall 6.4.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.4.1 - Gavrila Martau)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
13-08-2014 07:31:55 Windows Update
13-08-2014 22:58:41 Windows Update
19-08-2014 06:15:23 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-08-19 12:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {086B95EC-772B-46F8-9998-CA84BFB4E4E6} - System32\Tasks\{AB159400-B175-49A2-94DD-122F7F00803B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {09A46B40-F55B-449A-BBD6-2C29B7A02BF8} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-23] (BonanzaDeals) <==== ATTENTION
Task: {2391C03B-B2B2-433B-AE53-CAF315333589} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {245BD3E0-0A38-4C22-A067-00BEFBF3AF4D} - System32\Tasks\{7FAC5E21-9611-4111-9AD0-9D97CADFEF1A} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Burning Studio\burningstudio.exe [2010-03-19] ()
Task: {2AEF6088-AABA-49F3-8B53-6F6E08D932E5} - System32\Tasks\Price Meter Updater => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2F02C421-B7DE-423A-BF8C-9F80036F12B2} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: {304F45BD-2640-46D9-B248-7E91A6C1D676} - System32\Tasks\Play Now Radio => C:\Users\alisha\AppData\Local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe
Task: {31FB817F-2FC0-415B-B5CA-E0EE0CDDC864} - System32\Tasks\UpdaterEX => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3200EDFD-2EEA-4B46-B877-0ABE70B9FFC2} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-23] (BonanzaDeals) <==== ATTENTION
Task: {327513AD-B4F9-44A8-B435-0717FB6DB6BE} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {341323E9-DF92-4EEA-BE92-505AB3D9F4B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {4D41B39E-F182-4EAE-BFDE-180313AC2DD7} - System32\Tasks\Security Center Update - 1376075522 => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
Task: {4EA0FF40-41E3-4EFD-BA67-6D0AE8749039} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {5187A258-5AA6-4BF4-BA54-8A2A814D0600} - System32\Tasks\{52AFAD36-978D-4DB5-9133-31C5BBBB3A9E} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {532F9F3C-359F-46DC-B432-CCAE93BF3618} - System32\Tasks\{7DCD380B-BDDC-4D3C-BBB0-9E05D0B393DD} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {5D8E38BA-48DA-431A-AC31-2A100B09E11D} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: {6823D1BE-37A5-4453-81BB-5875424FFE58} - System32\Tasks\{6E6F044E-E1C1-48C5-8846-C98A6C6FF79F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {68C643DA-560C-4058-BF85-A21016BBCAF8} - System32\Tasks\{B311DB15-409C-4F5C-A2CA-3B96D0E9B8B3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7CD7EA51-3752-413A-8777-F226BD217065} - System32\Tasks\{F9FF6C01-0F77-4892-90C1-AB11BA9A8473} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7FB3FC1A-9834-4E66-B6D0-AD2F6F35F92C} - System32\Tasks\{C3BFF0CF-95D8-4225-8394-302BDEAC466F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Snap\ashsnap.exe [2010-03-20] (ashampoo GmbH & Co. KG)
Task: {972D1880-A511-4429-B032-2831AA653B9F} - System32\Tasks\{351A3EDF-51A8-4161-B94C-89F4378A7A26} => C:\Program Files (x86)\Flash Player Pro\Flash Player Pro.exe
Task: {A180C3BE-BEA5-4087-B299-0AD0742565A2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AB067E2C-2D59-4792-AEA7-93A327E00451} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated)
Task: {AC92E9BF-6D2B-4A32-886C-355E339224BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {BC4C52EA-90B6-4908-A357-2E7C4015E94A} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: {C4EFD966-1A90-4852-ADEF-90CD7494C73C} - System32\Tasks\{7F6C8D6A-E32F-45D7-B3BC-249B17FAB4C4} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {C8A99DFA-96D1-400C-8C1A-D8A12CCB5AB1} - System32\Tasks\{25253F42-D79C-4472-AF27-D41A3824C54D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {CB91BCB8-2627-4EB3-9EDC-E6D3EABD0DAA} - System32\Tasks\{C6C20EFD-3F5D-4974-A65A-EF9F37C21E87} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.60.106/de/eula
Task: {D5654A96-C6E5-4193-BEEC-CD6C1E229855} - System32\Tasks\FF Watcher {1DB6657B-232F-495A-B46A-89F94D0B7CE5} => C:\Program Files\V-bates\PrefHelper.exe
Task: {DABEEC72-2BD2-4E20-BE0B-3219A53931DE} - System32\Tasks\{F9DF7985-8072-4D9B-8A2D-6F3FC176F73B} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2010-09-29] (ATI Technologies Inc.)
Task: {DBAB8BC7-8391-4A21-9603-35F84C745E33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {DC45EE92-694F-499D-9936-4E79967B4AC3} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: {E813E246-C5F7-43B4-AB05-4D5C3BE79134} - System32\Tasks\{DD6357C3-9F85-4003-83FE-5EA5E4094F54} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {ECFED13C-77B7-4525-BE1B-2D476C34AB5B} - System32\Tasks\{D7523B32-B93F-4528-9BF6-EFA32E0EF58D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {F290E9C5-55DB-40AA-9AD4-79E5EB43B5FB} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {F294E5FA-4CE9-454F-B3DA-2B420CEAB505} - System32\Tasks\pricemeterdownloader => C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterd.exe
Task: {FB2F5B85-9BE2-4898-8F8D-A64DC93D0A26} - System32\Tasks\{DC04D699-98E2-4552-9CA2-E168BBA0723B} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {FF008A85-FAAB-42B3-9C6E-6E0A28109C87} - System32\Tasks\{60C667F5-2886-4333-863B-AC1AE3BECC4F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Price Meter Updater.job => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1376075522.job => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-10-09 21:28 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
2011-07-08 08:36 - 2011-07-08 08:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00032288 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-02-08 23:02 - 2013-01-30 16:25 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
2009-12-16 11:42 - 2009-12-16 11:42 - 00205824 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeemicro.dll
2010-04-01 17:30 - 2010-04-01 17:30 - 01558528 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeedrs64.dll
2009-03-10 05:44 - 2009-03-10 05:44 - 00015360 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeecaps64.dll
2014-05-30 17:06 - 2014-05-30 17:06 - 00317728 _____ () C:\Program Files (x86)\ScanTack\updateScanTack.exe
2014-02-09 12:41 - 2014-02-09 12:41 - 00070176 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00022048 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-02-08 23:02 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
2014-02-08 23:02 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
2014-02-08 23:02 - 2009-05-27 08:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecats.dll
2014-02-08 23:02 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeDRS.dll
2014-02-08 23:02 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
2009-02-20 08:48 - 2009-02-20 08:48 - 00381440 _____ () C:\Windows\system32\lxeesm.dll
2009-04-28 07:56 - 2009-04-28 07:56 - 00024064 _____ () C:\Windows\system32\lxeesmr.dll
2014-08-19 09:22 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-08-19 09:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-19 09:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 08:43 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/19/2014 00:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e24909
ID des fehlerhaften Prozesses: 0x165c
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Error: (08/19/2014 00:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78e2b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01f64909
ID des fehlerhaften Prozesses: 0x17a8
Startzeit der fehlerhaften Anwendung: 0xcmd.exe0
Pfad der fehlerhaften Anwendung: cmd.exe1
Pfad des fehlerhaften Moduls: cmd.exe2
Berichtskennung: cmd.exe3
Error: (08/19/2014 00:10:04 PM) (Source: Application Virtualization Client) (EventID: 2005) (User: )
Description: Der Application Virtualization-Kerndienst konnte keinen Kontakt mit dem Dienststeuerungsverteiler aufnehmen.
Error: (08/19/2014 00:09:42 PM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: Die Datei AvShadow konnte nicht geladen werden.
Fehlercode: 0x3fa
Error: (08/19/2014 00:00:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x8007043c).
Error: (08/19/2014 00:00:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (08/19/2014 00:00:30 PM) (Source: VSS) (EventID: 18) (User: )
Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.
Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (08/19/2014 11:50:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e64909
ID des fehlerhaften Prozesses: 0x1338
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Error: (08/19/2014 11:49:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78e2b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00574909
ID des fehlerhaften Prozesses: 0xeec
Startzeit der fehlerhaften Anwendung: 0xcmd.exe0
Pfad der fehlerhaften Anwendung: cmd.exe1
Pfad des fehlerhaften Moduls: cmd.exe2
Berichtskennung: cmd.exe3
Error: (08/19/2014 11:45:59 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: Die Datei AvShadow konnte nicht geladen werden.
Fehlercode: 0x3fa
System errors:
=============
Error: (08/19/2014 00:11:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Client Virtualization Handler" wurde nicht richtig gestartet.
Error: (08/19/2014 00:09:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/19/2014 00:09:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (08/19/2014 00:09:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/19/2014 00:09:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeeCATSCustConnectService erreicht.
Error: (08/19/2014 00:07:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/19/2014 00:07:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/19/2014 00:05:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/19/2014 00:00:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/19/2014 00:00:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Microsoft Office Sessions:
=========================
Error: (08/19/2014 00:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e24909165c01cfbb96663355cdC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknowna41901b4-2789-11e4-8129-8c89a557884c
Error: (08/19/2014 00:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmd.exe6.1.7601.175144ce78e2bunknown0.0.0.000000000c000000501f6490917a801cfbb961ef4e669C:\Windows\SysWow64\cmd.exeunknown5ee6410c-2789-11e4-8129-8c89a557884c
Error: (08/19/2014 00:10:04 PM) (Source: Application Virtualization Client) (EventID: 2005) (User: )
Description:
Error: (08/19/2014 00:09:42 PM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AvShadow0x3fa
Error: (08/19/2014 00:00:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
Error: (08/19/2014 00:00:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Vorgang:
VSS-Server wird instanziiert
Error: (08/19/2014 00:00:30 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Vorgang:
VSS-Server wird instanziiert
Error: (08/19/2014 11:50:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e64909133801cfbb930ff8e621C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown4df8c12b-2786-11e4-b8bd-8c89a557884c
Error: (08/19/2014 11:49:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmd.exe6.1.7601.175144ce78e2bunknown0.0.0.000000000c000000500574909eec01cfbb92d5cd457cC:\Windows\SysWow64\cmd.exeunknown15c1017e-2786-11e4-b8bd-8c89a557884c
Error: (08/19/2014 11:45:59 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AvShadow0x3fa
CodeIntegrity Errors:
===================================
Date: 2014-08-19 11:40:11.861
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-19 11:40:11.781
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-07 09:39:07.504
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.502
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.500
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.478
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.476
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.474
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-05 16:30:47.329
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-05 16:30:47.329
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD A8-3800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 46%
Total physical RAM: 3576.13 MB
Available physical RAM: 1920.26 MB
Total Pagefile: 7150.45 MB
Available Pagefile: 5128.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:829.47 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:19.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5183A2EF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
19.08.2014, 11:44
| #8 |
| /// TB-Ausbilder | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
HKLM-x32\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
C:\Users\shehzad\AppData\Roaming\Vodeka
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [UhpeRfefh] => regsvr32.exe "C:\ProgramData\UhpeRfefh\UhpeRfefh.dat"
C:\ProgramData\UhpeRfefh
Task: {4D41B39E-F182-4EAE-BFDE-180313AC2DD7} - System32\Tasks\Security Center Update - 1376075522 => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 5
Bitte poste mit deiner nächsten Antwort
|
|
19.08.2014, 12:23
| #9 |
| | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet Sowohl der AdwCleaner als auch der Malwarebytes sind bei der letzten Aktion nach dem Suchlauf abgestützt. Die führen die Aktion im Hintergrund, glaube ich, noch aus, aber trotzdem wird der Vorgang gestört. ... funktioniert nicht mehr. Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by shehzad at 2014-08-19 12:47:30 Run:2
Running from C:\Users\shehzad\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
C:\Users\shehzad\AppData\Roaming\Vodeka
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [UhpeRfefh] => regsvr32.exe "C:\ProgramData\UhpeRfefh\UhpeRfefh.dat"
C:\ProgramData\UhpeRfefh
Task: {4D41B39E-F182-4EAE-BFDE-180313AC2DD7} - System32\Tasks\Security Center Update - 1376075522 => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
EmptyTemp:
end
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Okoheba => value deleted successfully.
C:\Users\shehzad\AppData\Roaming\Vodeka => Moved successfully.
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\Software\Microsoft\Windows\CurrentVersion\Run\\UhpeRfefh => value deleted successfully.
C:\ProgramData\UhpeRfefh => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D41B39E-F182-4EAE-BFDE-180313AC2DD7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D41B39E-F182-4EAE-BFDE-180313AC2DD7}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1376075522 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1376075522" => Key deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
EmptyTemp: => Removed 821.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter # AdwCleaner v3.307 - Bericht erstellt am 19/08/2014 um 12:55:26
# Aktualisiert 17/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : shehzad - SHEHZAD-PC
# Gestartet von : C:\Users\shehzad\Desktop\adwcleaner_3.307.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : bonanzadealslive
[#] Dienst Gelöscht : bonanzadealslivem
[#] Dienst Gelöscht : IePluginService
[#] Dienst Gelöscht : LPTSystemUpdater
[#] Dienst Gelöscht : Update ScanTack
Dienst Gelöscht : {fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\PriceMeterLiveUpdate
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_today
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Elite Max
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\LPT
Ordner Gelöscht : C:\Program Files (x86)\MediaPlayerplus
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Elite Max
Ordner Gelöscht : C:\Program Files (x86)\PriceMeterLiveUpdate
Ordner Gelöscht : C:\Program Files (x86)\Re-markit Corp
Ordner Gelöscht : C:\Program Files (x86)\Re-markit
Ordner Gelöscht : C:\Program Files (x86)\ScanTack
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\fst_de_1
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Program Files\V-bates
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\cool_mirage
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\PriceMeter
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\PriceMeterLiveUpdate
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\fst_de_1
Ordner Gelöscht : C:\Users\shehzad\AppData\LocalLow\1ClickMovie-Download V9.0
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\Activeris
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\Optimizer Elite Max
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\PriceMeterUpdater
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\quick_start@gmail.com
Ordner Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Ordner Gelöscht : C:\Users\Sarah.shehzad-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Datei Gelöscht : C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\boost@boost.net.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.dll
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\SecureAssist64.dll
Datei Gelöscht : C:\Windows\System32\drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64.sys
Datei Gelöscht : C:\Users\shehzad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineCore
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineUA
Der JRT ist mittendrin auch abgestützt. Fehlermeldung: Der Windows Befehlsprozessor funktioniert nicht mehr. Geändert von PoWi (19.08.2014 um 12:36 Uhr) |
|
19.08.2014, 12:48
| #10 |
| /// TB-Ausbilder | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet Servus, poste mir bitte die komplette Logatei von AdwCleaner.... da fehlt noch Einiges... oder ist das wirklich alles? ok, das ist ja echt haarig bei dir auf dem PC...  Dann aber bitte FRST nochmal zur Kontrolle, damit ich sehen kann, was bereits gelöscht wurde:
|
|
19.08.2014, 12:53
| #11 |
| | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet Die Adw-Logdatei geht tatsächlich nur bis dorthin. Es fand auch kein automatischer Neustart statt, wie es eigentlich sollte. Danke für deine Zeit! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by shehzad (administrator) on SHEHZAD-PC on 19-08-2014 13:49:52
Running from C:\Users\shehzad\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
( ) C:\Windows\System32\lxeecoms.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [lxeemon.exe] => C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe [772712 2013-01-30] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe [150264 2013-01-30] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [fst_de_1] => "C:\Program Files (x86)\fst_de_1\fst_de_1.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [GoogleChromeAutoLaunch_64528655D5F25C403B8633DE809A3F8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [PriceMeterW] => "C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [UhpeRfefh] => regsvr32.exe "C:\ProgramData\UhpeRfefh\UhpeRfefh.dat"
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL =
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-HA,,&q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: ScanTack -> {d332cff8-358e-4c9e-8af3-a08872ef22c1} -> C:\Program Files (x86)\ScanTack\ScanTackbho.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {CD0342DD-7582-4507-B58A-4C9EA18B13AA} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default
FF DefaultSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_114.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_114.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: MediaPlayerplus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-05-20]
FF Extension: Shopping Helper Smartbar - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{14895be1-6013-6314-fc5c-52690c3f821a} [2014-04-27]
FF Extension: Adblock Plus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-27]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [dljhohhmfjfhgfhpgkfefjoojfobodhn] - C:\Program Files (x86)\Whilokii\dljhohhmfjfhgfhpgkfefjoojfobodhn.crx [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 lxeeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\Windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
R2 lxee_device; C:\Windows\SysWOW64\lxeecoms.exe [598696 2010-04-14] ( )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 13:30 - 2014-08-19 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-08-19 13:29 - 2014-08-19 13:29 - 01016261 _____ (Thisisu) C:\Users\shehzad\Desktop\JRT.exe
2014-08-19 13:03 - 2014-08-19 13:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 13:03 - 2014-08-19 13:03 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-19 13:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-19 13:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-19 13:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-19 13:02 - 2014-08-19 13:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\shehzad\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-19 12:58 - 2014-08-19 12:55 - 00006898 _____ () C:\Users\shehzad\Desktop\AdwCleaner[S0].txt
2014-08-19 12:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-19 12:54 - 2014-08-19 12:57 - 00000000 ____D () C:\AdwCleaner
2014-08-19 12:53 - 2014-08-19 12:53 - 01361671 _____ () C:\Users\shehzad\Desktop\adwcleaner_3.307.exe
2014-08-19 12:47 - 2014-08-19 12:47 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-19 12:00 - 2014-08-19 12:13 - 00000000 ____D () C:\ComboFix
2014-08-19 11:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-19 11:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-19 11:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-19 11:26 - 2014-08-19 11:50 - 00000000 ____D () C:\Qoobox
2014-08-19 11:25 - 2014-08-19 12:07 - 00000000 ____D () C:\Windows\erdnt
2014-08-19 11:23 - 2014-08-19 11:24 - 05572251 ____R (Swearware) C:\Users\shehzad\Desktop\ComboFix.exe
2014-08-19 10:58 - 2014-08-19 12:30 - 00032989 _____ () C:\Users\shehzad\Desktop\Addition.txt
2014-08-19 10:57 - 2014-08-19 13:50 - 00018552 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 10:56 - 2014-08-19 13:49 - 00000000 ____D () C:\FRST
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 10:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 09:22 - 2014-08-19 09:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:36 - 2014-08-18 20:37 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:29 - 2014-08-18 20:30 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:25 - 2014-08-18 20:27 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:19 - 2014-08-18 20:20 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:19 - 2014-08-18 20:20 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:16 - 2014-08-18 19:17 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 17:30 - 2014-08-19 11:00 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-18 17:30 - 2014-01-05 16:34 - 00368640 _____ () C:\Windows\SysWOW64\haiwuruc.exe
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-13 09:32 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 09:32 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 09:32 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 09:32 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 09:32 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 08:19 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 08:19 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 08:19 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 08:19 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 08:19 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 08:19 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 08:19 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 08:19 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 08:19 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 08:19 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 08:19 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 08:19 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 08:19 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 08:19 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 08:19 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 08:19 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 08:19 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 08:19 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 08:19 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 08:19 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 08:18 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 08:18 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 08:18 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 08:18 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 08:18 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 08:18 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 08:18 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 08:18 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 08:13 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 08:13 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 08:13 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 08:13 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:39 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-11 17:36 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 17:04 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Google
2014-08-11 17:04 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah.shehzad-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 17:04 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-11 17:04 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-11 17:04 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Macromedia
2014-08-11 17:04 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-11 17:04 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-11 11:47 - 2014-08-11 11:48 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:45 - 2014-08-11 11:46 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-07 17:34 - 2014-08-07 17:35 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:43 - 2014-08-01 21:44 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:35 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 11:35 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google
2014-08-01 11:35 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-01 11:35 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-01 11:35 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-01 11:35 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Macromedia
2014-08-01 11:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-01 11:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 13:50 - 2014-08-19 10:57 - 00018552 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 13:49 - 2014-08-19 10:56 - 00000000 ____D () C:\FRST
2014-08-19 13:49 - 2013-10-09 21:52 - 01615635 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 13:45 - 2014-04-10 23:21 - 00003126 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job
2014-08-19 13:45 - 2014-04-10 23:21 - 00002198 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job
2014-08-19 13:45 - 2014-04-10 23:21 - 00001508 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job
2014-08-19 13:45 - 2014-04-10 23:21 - 00001430 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job
2014-08-19 13:45 - 2014-04-10 23:21 - 00001418 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job
2014-08-19 13:45 - 2013-10-09 21:17 - 00171385 _____ () C:\ProgramData\lxeescan.log
2014-08-19 13:45 - 2013-10-09 12:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 13:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 13:45 - 2009-07-14 06:51 - 00007630 _____ () C:\Windows\setupact.log
2014-08-19 13:38 - 2009-07-14 06:45 - 00378432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 13:33 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 13:33 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 13:30 - 2014-08-19 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-08-19 13:29 - 2014-08-19 13:29 - 01016261 _____ (Thisisu) C:\Users\shehzad\Desktop\JRT.exe
2014-08-19 13:27 - 2014-08-19 13:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 13:10 - 2014-03-19 09:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 13:03 - 2014-08-19 13:03 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-19 13:03 - 2014-08-19 13:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\shehzad\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-19 13:03 - 2014-04-14 22:03 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-08-19 12:57 - 2014-08-19 12:54 - 00000000 ____D () C:\AdwCleaner
2014-08-19 12:55 - 2014-08-19 12:58 - 00006898 _____ () C:\Users\shehzad\Desktop\AdwCleaner[S0].txt
2014-08-19 12:53 - 2014-08-19 12:53 - 01361671 _____ () C:\Users\shehzad\Desktop\adwcleaner_3.307.exe
2014-08-19 12:51 - 2014-04-10 23:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-19 12:47 - 2014-08-19 12:47 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-19 12:47 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-19 12:40 - 2013-10-09 12:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 12:30 - 2014-08-19 10:58 - 00032989 _____ () C:\Users\shehzad\Desktop\Addition.txt
2014-08-19 12:13 - 2014-08-19 12:00 - 00000000 ____D () C:\ComboFix
2014-08-19 12:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-19 12:08 - 2010-11-21 05:47 - 00251224 _____ () C:\Windows\PFRO.log
2014-08-19 12:08 - 2009-07-14 04:34 - 83623936 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 28835840 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 01572864 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-19 12:07 - 2014-08-19 11:25 - 00000000 ____D () C:\Windows\erdnt
2014-08-19 11:50 - 2014-08-19 11:26 - 00000000 ____D () C:\Qoobox
2014-08-19 11:24 - 2014-08-19 11:23 - 05572251 ____R (Swearware) C:\Users\shehzad\Desktop\ComboFix.exe
2014-08-19 11:00 - 2014-08-18 17:30 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 10:04 - 2014-08-19 09:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:23 - 2014-08-19 09:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-18 23:37 - 2011-02-10 21:25 - 00699634 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 23:37 - 2011-02-10 21:25 - 00149516 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 23:37 - 2009-07-14 07:13 - 01621276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:37 - 2014-08-18 20:36 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:36 - 2014-04-15 18:11 - 617677318 _____ () C:\Windows\MEMORY.DMP
2014-08-18 20:36 - 2014-04-15 18:11 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 20:30 - 2014-08-18 20:29 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:27 - 2014-08-18 20:25 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:20 - 2014-08-18 20:19 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:20 - 2014-08-18 20:19 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:19 - 2009-07-14 06:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-18 20:07 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:17 - 2014-08-18 19:16 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 18:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-18 12:40 - 2014-06-25 16:07 - 00001471 _____ () C:\Users\alisha\Desktop\Play Now Radio.lnk
2014-08-18 09:41 - 2013-10-10 21:13 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Skype
2014-08-17 23:22 - 2013-10-09 13:04 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\SoftGrid Client
2014-08-17 19:24 - 2013-10-09 21:28 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-08-17 19:01 - 2014-02-18 22:33 - 00000492 _____ () C:\ProgramData\lxeeDiagnostics.log
2014-08-17 14:34 - 2014-08-11 17:39 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-17 14:34 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-16 08:44 - 2013-10-09 12:57 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-14 19:10 - 2014-03-19 09:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 19:10 - 2014-03-19 09:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-14 19:10 - 2011-06-28 01:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 09:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 09:44 - 2013-10-17 16:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 09:37 - 2011-02-10 22:56 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 09:32 - 2014-05-06 18:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 11:48 - 2014-08-11 11:47 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:46 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-08 20:26 - 2014-04-27 14:48 - 00654336 ___SH () C:\Users\shehzad\Downloads\Thumbs.db
2014-08-07 17:35 - 2014-08-07 17:34 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-07 14:20 - 2013-10-10 21:12 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 04:06 - 2014-08-13 08:13 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 08:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:44 - 2014-08-01 21:43 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:36 - 2014-08-01 11:35 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 01:41 - 2014-08-13 08:19 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 08:19 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 22:06 - 2014-05-30 20:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-27 10:02 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 16:52 - 2014-08-13 08:19 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 08:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 08:19 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 08:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 08:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 08:19 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 08:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 08:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 08:19 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 08:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 08:19 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 08:19 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 08:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 08:19 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 08:19 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 08:19 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}
2014-07-25 13:52 - 2014-08-13 08:19 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 08:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 08:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 08:19 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 08:19 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 08:19 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 08:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 08:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 08:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 08:19 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 08:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 08:19 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 08:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 08:19 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 08:19 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 08:19 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 08:19 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 08:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 08:19 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 08:19 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
Some content of TEMP:
====================
C:\Users\shehzad\AppData\Local\temp\avgnt.exe
C:\Users\shehzad\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 00:46
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by shehzad at 2014-08-19 13:51:04
Running from C:\Users\shehzad\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.684.213 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2011.0707.2346.40825 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60707.2331 - ATI Technologies Inc.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
ccc-utility64 (Version: 2011.0707.2346.40825 - ATI) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Lexmark Pro700 Series (HKLM\...\Lexmark Pro700 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
ScanTack (HKLM\...\ScanTack) (Version: 2014.05.30.150643 - ScanTack) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Total Uninstall 6.4.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.4.1 - Gavrila Martau)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
13-08-2014 07:31:55 Windows Update
13-08-2014 22:58:41 Windows Update
19-08-2014 06:15:23 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-08-19 12:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {086B95EC-772B-46F8-9998-CA84BFB4E4E6} - System32\Tasks\{AB159400-B175-49A2-94DD-122F7F00803B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {2391C03B-B2B2-433B-AE53-CAF315333589} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {245BD3E0-0A38-4C22-A067-00BEFBF3AF4D} - System32\Tasks\{7FAC5E21-9611-4111-9AD0-9D97CADFEF1A} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Burning Studio\burningstudio.exe [2010-03-19] ()
Task: {2AEF6088-AABA-49F3-8B53-6F6E08D932E5} - System32\Tasks\Price Meter Updater => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2F02C421-B7DE-423A-BF8C-9F80036F12B2} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: {304F45BD-2640-46D9-B248-7E91A6C1D676} - System32\Tasks\Play Now Radio => C:\Users\alisha\AppData\Local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe
Task: {31FB817F-2FC0-415B-B5CA-E0EE0CDDC864} - System32\Tasks\UpdaterEX => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {327513AD-B4F9-44A8-B435-0717FB6DB6BE} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {341323E9-DF92-4EEA-BE92-505AB3D9F4B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {4EA0FF40-41E3-4EFD-BA67-6D0AE8749039} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {5187A258-5AA6-4BF4-BA54-8A2A814D0600} - System32\Tasks\{52AFAD36-978D-4DB5-9133-31C5BBBB3A9E} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {532F9F3C-359F-46DC-B432-CCAE93BF3618} - System32\Tasks\{7DCD380B-BDDC-4D3C-BBB0-9E05D0B393DD} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {5D8E38BA-48DA-431A-AC31-2A100B09E11D} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: {6823D1BE-37A5-4453-81BB-5875424FFE58} - System32\Tasks\{6E6F044E-E1C1-48C5-8846-C98A6C6FF79F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {68C643DA-560C-4058-BF85-A21016BBCAF8} - System32\Tasks\{B311DB15-409C-4F5C-A2CA-3B96D0E9B8B3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7CD7EA51-3752-413A-8777-F226BD217065} - System32\Tasks\{F9FF6C01-0F77-4892-90C1-AB11BA9A8473} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7FB3FC1A-9834-4E66-B6D0-AD2F6F35F92C} - System32\Tasks\{C3BFF0CF-95D8-4225-8394-302BDEAC466F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Snap\ashsnap.exe [2010-03-20] (ashampoo GmbH & Co. KG)
Task: {972D1880-A511-4429-B032-2831AA653B9F} - System32\Tasks\{351A3EDF-51A8-4161-B94C-89F4378A7A26} => C:\Program Files (x86)\Flash Player Pro\Flash Player Pro.exe
Task: {A180C3BE-BEA5-4087-B299-0AD0742565A2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AB067E2C-2D59-4792-AEA7-93A327E00451} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated)
Task: {AC92E9BF-6D2B-4A32-886C-355E339224BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {BC4C52EA-90B6-4908-A357-2E7C4015E94A} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: {C4EFD966-1A90-4852-ADEF-90CD7494C73C} - System32\Tasks\{7F6C8D6A-E32F-45D7-B3BC-249B17FAB4C4} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {C8A99DFA-96D1-400C-8C1A-D8A12CCB5AB1} - System32\Tasks\{25253F42-D79C-4472-AF27-D41A3824C54D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {CB91BCB8-2627-4EB3-9EDC-E6D3EABD0DAA} - System32\Tasks\{C6C20EFD-3F5D-4974-A65A-EF9F37C21E87} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.60.106/de/eula
Task: {D5654A96-C6E5-4193-BEEC-CD6C1E229855} - System32\Tasks\FF Watcher {1DB6657B-232F-495A-B46A-89F94D0B7CE5} => C:\Program Files\V-bates\PrefHelper.exe
Task: {DABEEC72-2BD2-4E20-BE0B-3219A53931DE} - System32\Tasks\{F9DF7985-8072-4D9B-8A2D-6F3FC176F73B} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2010-09-29] (ATI Technologies Inc.)
Task: {DBAB8BC7-8391-4A21-9603-35F84C745E33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {DC45EE92-694F-499D-9936-4E79967B4AC3} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: {E813E246-C5F7-43B4-AB05-4D5C3BE79134} - System32\Tasks\{DD6357C3-9F85-4003-83FE-5EA5E4094F54} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {ECFED13C-77B7-4525-BE1B-2D476C34AB5B} - System32\Tasks\{D7523B32-B93F-4528-9BF6-EFA32E0EF58D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {F290E9C5-55DB-40AA-9AD4-79E5EB43B5FB} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {F294E5FA-4CE9-454F-B3DA-2B420CEAB505} - System32\Tasks\pricemeterdownloader => C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterd.exe
Task: {FB2F5B85-9BE2-4898-8F8D-A64DC93D0A26} - System32\Tasks\{DC04D699-98E2-4552-9CA2-E168BBA0723B} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {FF008A85-FAAB-42B3-9C6E-6E0A28109C87} - System32\Tasks\{60C667F5-2886-4333-863B-AC1AE3BECC4F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Price Meter Updater.job => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1376075522.job => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-10-09 21:28 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
2011-07-08 08:36 - 2011-07-08 08:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-02-08 23:02 - 2013-01-30 16:25 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
2014-02-08 23:02 - 2013-01-30 16:25 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
2011-07-08 08:36 - 2011-07-08 08:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-08 08:44 - 2011-07-08 08:44 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-16 11:42 - 2009-12-16 11:42 - 00205824 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeemicro.dll
2010-04-01 17:30 - 2010-04-01 17:30 - 01558528 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeedrs64.dll
2009-03-10 05:44 - 2009-03-10 05:44 - 00015360 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeecaps64.dll
2014-02-08 23:02 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
2014-02-08 23:02 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
2014-02-08 23:02 - 2009-05-27 08:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecats.dll
2014-02-08 23:02 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeDRS.dll
2014-02-08 23:02 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
2009-02-20 08:48 - 2009-02-20 08:48 - 00381440 _____ () C:\Windows\system32\lxeesm.dll
2009-04-28 07:56 - 2009-04-28 07:56 - 00024064 _____ () C:\Windows\system32\lxeesmr.dll
2014-02-08 23:02 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epwizard.DLL
2014-02-08 23:02 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
2014-02-08 23:02 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Eputil.DLL
2014-02-08 23:02 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Imagutil.DLL
2014-02-08 23:02 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epfunct.DLL
2014-02-08 23:02 - 2009-06-23 07:09 - 02203648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPWizRes.dll
2014-02-08 23:02 - 2009-06-23 07:10 - 00045056 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
2014-02-08 23:02 - 2009-06-23 07:11 - 00102400 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPOEMDll.dll
2014-02-08 23:02 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
2014-02-08 23:02 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-08-19 09:22 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-19 09:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-19 09:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 08:43 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/19/2014 01:50:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00724909
ID des fehlerhaften Prozesses: 0x11e4
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Error: (08/19/2014 01:33:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78e2b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00394909
ID des fehlerhaften Prozesses: 0x11b8
Startzeit der fehlerhaften Anwendung: 0xcmd.exe0
Pfad der fehlerhaften Anwendung: cmd.exe1
Pfad des fehlerhaften Moduls: cmd.exe2
Berichtskennung: cmd.exe3
Error: (08/19/2014 01:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca28
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02084909
ID des fehlerhaften Prozesses: 0x724
Startzeit der fehlerhaften Anwendung: 0xregsvr32.exe0
Pfad der fehlerhaften Anwendung: regsvr32.exe1
Pfad des fehlerhaften Moduls: regsvr32.exe2
Berichtskennung: regsvr32.exe3
Error: (08/19/2014 01:20:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x034b4909
ID des fehlerhaften Prozesses: 0xf20
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (08/19/2014 01:04:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e64909
ID des fehlerhaften Prozesses: 0x175c
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Error: (08/19/2014 00:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.307.exe, Version: 3.3.0.6, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x022d4909
ID des fehlerhaften Prozesses: 0x7f0
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.307.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.307.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.307.exe2
Berichtskennung: adwcleaner_3.307.exe3
Error: (08/19/2014 00:55:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.307.exe, Version: 3.3.0.6, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00284909
ID des fehlerhaften Prozesses: 0x1134
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.307.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.307.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.307.exe2
Berichtskennung: adwcleaner_3.307.exe3
Error: (08/19/2014 00:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e24909
ID des fehlerhaften Prozesses: 0x165c
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Error: (08/19/2014 00:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78e2b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01f64909
ID des fehlerhaften Prozesses: 0x17a8
Startzeit der fehlerhaften Anwendung: 0xcmd.exe0
Pfad der fehlerhaften Anwendung: cmd.exe1
Pfad des fehlerhaften Moduls: cmd.exe2
Berichtskennung: cmd.exe3
Error: (08/19/2014 00:10:04 PM) (Source: Application Virtualization Client) (EventID: 2005) (User: )
Description: Der Application Virtualization-Kerndienst konnte keinen Kontakt mit dem Dienststeuerungsverteiler aufnehmen.
System errors:
=============
Error: (08/19/2014 01:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/19/2014 01:45:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (08/19/2014 01:45:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/19/2014 01:45:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeeCATSCustConnectService erreicht.
Error: (08/19/2014 01:39:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/19/2014 01:39:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/19/2014 01:39:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (08/19/2014 01:39:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (08/19/2014 01:39:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (08/19/2014 01:39:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Microsoft Office Sessions:
=========================
Error: (08/19/2014 01:50:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c00000050072490911e401cfbba3c55aad12C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown044af317-2797-11e4-b1f4-8c89a557884c
Error: (08/19/2014 01:33:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmd.exe6.1.7601.175144ce78e2bunknown0.0.0.000000000c00000050039490911b801cfbba0f69d804cC:\Windows\SysWOW64\cmd.exeunknowna4ecf834-2794-11e4-ab8d-8c89a557884c
Error: (08/19/2014 01:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.1.7600.163854a5bca28unknown0.0.0.000000000c00000050208490972401cfbba095a10b82C:\Windows\SysWOW64\regsvr32.exeunknownd57112e1-2793-11e4-ab8d-8c89a557884c
Error: (08/19/2014 01:20:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c0000005034b4909f2001cfbb9d3b1ee5f5C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeunknownc98ae6c7-2792-11e4-b397-8c89a557884c
Error: (08/19/2014 01:04:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e64909175c01cfbb9d67dd53a3C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknowna674c6cc-2790-11e4-b397-8c89a557884c
Error: (08/19/2014 00:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.307.exe3.3.0.64f25baecunknown0.0.0.000000000c0000005022d49097f001cfbb9c25ae259eC:\Users\shehzad\Desktop\adwcleaner_3.307.exeunknownad89625f-278f-11e4-9b7a-8c89a557884c
Error: (08/19/2014 00:55:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.307.exe3.3.0.64f25baecunknown0.0.0.000000000c000000500284909113401cfbb9be6616960C:\Users\shehzad\Desktop\adwcleaner_3.307.exeunknown5e0b7ec3-278f-11e4-9b7a-8c89a557884c
Error: (08/19/2014 00:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e24909165c01cfbb96663355cdC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknowna41901b4-2789-11e4-8129-8c89a557884c
Error: (08/19/2014 00:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmd.exe6.1.7601.175144ce78e2bunknown0.0.0.000000000c000000501f6490917a801cfbb961ef4e669C:\Windows\SysWow64\cmd.exeunknown5ee6410c-2789-11e4-8129-8c89a557884c
Error: (08/19/2014 00:10:04 PM) (Source: Application Virtualization Client) (EventID: 2005) (User: )
Description:
CodeIntegrity Errors:
===================================
Date: 2014-08-19 11:40:11.861
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-19 11:40:11.781
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-07 09:39:07.504
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.502
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.500
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.478
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.476
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-07 09:39:07.474
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-05 16:30:47.329
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-05 16:30:47.329
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD A8-3800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 47%
Total physical RAM: 3576.13 MB
Available physical RAM: 1861.71 MB
Total Pagefile: 7150.45 MB
Available Pagefile: 4840.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:830 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:19.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5183A2EF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
19.08.2014, 13:02
| #12 |
| /// TB-Ausbilder | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet Servus, ok, dann nehmen wir mal ein anderes Tool her... solange der Trojaner noch aktiv ist, wird er wohl die anderen Programme blockieren. Anschließend kontrollieren wir wieder mit FRST.  Schritt 1 Lade dir bitte BlitzBlank (von Emsisoft) herunter und speichere es auf den Desktop.
Schritt 2
Bitte poste mit deiner nächsten Antwort
|
|
19.08.2014, 13:13
| #13 |
| | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet BlitzBlank meldet einen Fehler wenn ich auf ausführen klicke: Syntax Fehler in Zeile 7, Ungültiger Ordnerpfad |
|
19.08.2014, 13:15
| #14 | |
| /// TB-Ausbilder | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartetZitat:
Code:
ATTFilter DeleteFile:
C:\ProgramData\UhpeRfefh\UhpeRfefh.dat
"C:\Windows\Tasks\Security Center Update - 1376075522.job"
DeleteFolder:
C:\ProgramData\UhpeRfefh
DeleteRegValue:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\UhpeRfefh
|
|
19.08.2014, 13:18
| #15 |
| | AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet Syntax Fehler in Zeile 9, ungültiger Registry Wert das ist doch gut, dass die Dinge nicht mehr vorhanden sind, oder? :P |
|
Linear-Darstellung
