Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.08.2014, 10:14   #1
PoWi
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Hallo zusammen,

beim Starten meines Anti-Vir Programmes öffnet sich die Fehlermeldung: "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert."
Außerdem öffnen sich automatisch mit einer gewissen Regelmäßigkeit Downloads von JScript-Dateien namens dpx.js von i.simpli.fi und bk-coretag.js von tags.bkrtx.com

Danke für jede Hilfe!


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by shehzad (administrator) on SHEHZAD-PC on 19-08-2014 10:57:18
Running from C:\Users\shehzad\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\LPT\srpts.exe
( ) C:\Windows\System32\lxeecoms.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Users\shehzad\AppData\Local\fst_de_1\upfst_de_1.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\LPT\srptm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\ScanTack\updateScanTack.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Java\jre8\bin\javaws.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
() C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [lxeemon.exe] => C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe [772712 2013-01-30] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe [150264 2013-01-30] ()
HKLM\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe [368640 2014-01-05] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [fst_de_1] => "C:\Program Files (x86)\fst_de_1\fst_de_1.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe [368640 2014-01-05] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [upfst_de_1.exe] => C:\Users\shehzad\AppData\Local\fst_de_1\upfst_de_1.exe [3267536 2014-04-08] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [GoogleChromeAutoLaunch_64528655D5F25C403B8633DE809A3F8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [PriceMeterW] => "C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [UhpeRfefh] => regsvr32.exe "C:\ProgramData\UhpeRfefh\UhpeRfefh.dat"
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe [368640 2014-01-05] ()
HKU\S-1-5-21-2564675894-2720206820-1579627790-1008\...\Run: [playnowradio] => C:\Users\alisha\AppData\Local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe [420352 2014-03-06] (Pay By Ads LTD)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-HA,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.findwide.com/?guid={FABB9A3B-020B-4955-9542-90B196036D71}&action=homepage_search
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-HA,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = 
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-HA,,&q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: ScanTack -> {d332cff8-358e-4c9e-8af3-a08872ef22c1} -> C:\Program Files (x86)\ScanTack\ScanTackbho.dll (ScanTack)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {CD0342DD-7582-4507-B58A-4C9EA18B13AA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default
FF DefaultSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_114.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_114.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: MediaPlayerplus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-05-20]
FF Extension: Quick Start - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\quick_start@gmail.com [2014-05-21]
FF Extension: Shopping Helper Smartbar - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{14895be1-6013-6314-fc5c-52690c3f821a} [2014-04-27]
FF Extension: Boost - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\boost@boost.net.xpi [2014-05-16]
FF Extension: Adblock Plus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-27]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome: 
=======
CHR Extension: (BonanzaDeals) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2014-08-19]
CHR Extension: (Skype Click to Call) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [dljhohhmfjfhgfhpgkfefjoojfobodhn] - C:\Program Files (x86)\Whilokii\dljhohhmfjfhgfhpgkfefjoojfobodhn.crx [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-23] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-23] (BonanzaDeals)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-09] ()
S2 lxeeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\Windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
R2 lxee_device; C:\Windows\SysWOW64\lxeecoms.exe [598696 2010-04-14] ( )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SecurityCenterServer1376075522; C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe [368640 2014-01-05] () [File not signed]
R2 Update ScanTack; C:\Program Files (x86)\ScanTack\updateScanTack.exe [317728 2014-05-30] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 {fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64; C:\Windows\System32\drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64.sys [61112 2014-05-22] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 10:57 - 2014-08-19 10:57 - 00023114 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 10:56 - 2014-08-19 10:57 - 00000000 ____D () C:\FRST
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 10:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 09:22 - 2014-08-19 09:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:36 - 2014-08-18 20:37 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:29 - 2014-08-18 20:30 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:25 - 2014-08-18 20:27 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:19 - 2014-08-18 20:20 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:19 - 2014-08-18 20:20 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:16 - 2014-08-18 19:17 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 17:30 - 2014-08-19 10:00 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-18 17:30 - 2014-08-18 17:30 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1376075522
2014-08-18 17:30 - 2014-08-18 17:30 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Vodeka
2014-08-18 17:30 - 2014-01-05 16:34 - 00368640 _____ () C:\Windows\SysWOW64\haiwuruc.exe
2014-08-18 17:29 - 2014-08-18 17:29 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-13 09:32 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 09:32 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 09:32 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 09:32 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 09:32 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 08:19 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 08:19 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 08:19 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 08:19 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 08:19 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 08:19 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 08:19 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 08:19 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 08:19 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 08:19 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 08:19 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 08:19 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 08:19 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 08:19 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 08:19 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 08:19 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 08:19 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 08:19 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 08:19 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 08:19 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 08:18 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 08:18 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 08:18 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 08:18 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 08:18 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 08:18 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 08:18 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 08:18 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 08:13 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 08:13 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 08:13 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 08:13 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:39 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-11 17:36 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 17:04 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Google
2014-08-11 17:04 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah.shehzad-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 17:04 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-11 17:04 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-11 17:04 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Macromedia
2014-08-11 17:04 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-11 17:04 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-11 11:47 - 2014-08-11 11:48 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:45 - 2014-08-11 11:46 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-07 17:34 - 2014-08-07 17:35 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:43 - 2014-08-01 21:44 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:35 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 11:35 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google
2014-08-01 11:35 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-01 11:35 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-01 11:35 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-01 11:35 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Macromedia
2014-08-01 11:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-01 11:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}
2014-07-20 20:14 - 2014-07-20 20:14 - 00978687 _____ () C:\ProgramData\SPLDC0.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 10:57 - 2014-08-19 10:57 - 00023114 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 10:57 - 2014-08-19 10:56 - 00000000 ____D () C:\FRST
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:40 - 2013-10-09 12:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 10:31 - 2014-05-25 14:31 - 00000286 _____ () C:\Windows\Tasks\FF Watcher {1DB6657B-232F-495A-B46A-89F94D0B7CE5}.job
2014-08-19 10:27 - 2013-10-23 13:21 - 00000928 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:10 - 2014-03-19 09:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 10:04 - 2014-08-19 09:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 10:04 - 2014-04-14 22:03 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-08-19 10:00 - 2014-08-18 17:30 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-19 09:24 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 09:24 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:23 - 2014-08-19 09:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-19 09:20 - 2013-10-09 21:52 - 01583736 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 09:19 - 2014-04-17 08:40 - 00000000 ____D () C:\Users\shehzad\AppData\Local\fst_de_1
2014-08-19 09:16 - 2014-04-10 23:21 - 00003126 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job
2014-08-19 09:16 - 2014-04-10 23:21 - 00002198 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job
2014-08-19 09:16 - 2014-04-10 23:21 - 00001508 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job
2014-08-19 09:16 - 2014-04-10 23:21 - 00001430 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job
2014-08-19 09:16 - 2014-04-10 23:21 - 00001418 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job
2014-08-19 09:16 - 2013-10-23 13:21 - 00000924 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2014-08-19 09:16 - 2013-10-09 21:17 - 00170065 _____ () C:\ProgramData\lxeescan.log
2014-08-19 09:16 - 2013-10-09 12:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 09:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 09:15 - 2009-07-14 06:51 - 00007294 _____ () C:\Windows\setupact.log
2014-08-19 09:01 - 2009-07-14 06:45 - 00378432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-18 23:37 - 2011-02-10 21:25 - 00699634 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 23:37 - 2011-02-10 21:25 - 00149516 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 23:37 - 2009-07-14 07:13 - 01621276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:37 - 2014-08-18 20:36 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:36 - 2014-04-15 18:11 - 617677318 _____ () C:\Windows\MEMORY.DMP
2014-08-18 20:36 - 2014-04-15 18:11 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 20:30 - 2014-08-18 20:29 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:27 - 2014-08-18 20:25 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:20 - 2014-08-18 20:19 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:20 - 2014-08-18 20:19 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:19 - 2009-07-14 06:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-18 20:07 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:17 - 2014-08-18 19:16 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 18:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-18 17:30 - 2014-08-18 17:30 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1376075522
2014-08-18 17:30 - 2014-08-18 17:30 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Vodeka
2014-08-18 17:29 - 2014-08-18 17:29 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-18 12:40 - 2014-06-25 16:07 - 00001471 _____ () C:\Users\alisha\Desktop\Play Now Radio.lnk
2014-08-18 09:41 - 2013-10-10 21:13 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Skype
2014-08-17 23:22 - 2013-10-09 13:04 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\SoftGrid Client
2014-08-17 19:24 - 2013-10-09 21:28 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-08-17 19:01 - 2014-02-18 22:33 - 00000492 _____ () C:\ProgramData\lxeeDiagnostics.log
2014-08-17 14:34 - 2014-08-11 17:39 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-17 14:34 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-16 08:44 - 2013-10-09 12:57 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-14 19:10 - 2014-03-19 09:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 19:10 - 2014-03-19 09:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-14 19:10 - 2011-06-28 01:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 09:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 09:44 - 2013-10-17 16:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 09:37 - 2011-02-10 22:56 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 09:32 - 2014-05-06 18:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 11:48 - 2014-08-11 11:47 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:46 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-08 20:26 - 2014-04-27 14:48 - 00654336 ___SH () C:\Users\shehzad\Downloads\Thumbs.db
2014-08-07 17:35 - 2014-08-07 17:34 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-07 14:20 - 2013-10-10 21:12 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 04:06 - 2014-08-13 08:13 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 08:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:44 - 2014-08-01 21:43 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:36 - 2014-08-01 11:35 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 01:41 - 2014-08-13 08:19 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 08:19 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 22:06 - 2014-05-30 20:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-27 10:02 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 16:52 - 2014-08-13 08:19 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 08:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 08:19 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 08:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 08:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 08:19 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 08:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 08:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 08:19 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 08:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 08:19 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 08:19 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 08:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 08:19 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 08:19 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 08:19 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}
2014-07-25 13:52 - 2014-08-13 08:19 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 08:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 08:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 08:19 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 08:19 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 08:19 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 08:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 08:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 08:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 08:19 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 08:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 08:19 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 08:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 08:19 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 08:19 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 08:19 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 08:19 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 08:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 08:19 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 08:19 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 20:14 - 2014-07-20 20:14 - 00978687 _____ () C:\ProgramData\SPLDC0.tmp

Some content of TEMP:
====================
C:\Users\alisha\AppData\Local\Temp\avgnt.exe
C:\Users\alisha\AppData\Local\Temp\drm_dialogs.dll
C:\Users\alisha\AppData\Local\Temp\drm_dyndata_7320010.dll
C:\Users\Sarah\AppData\Local\Temp\avgnt.exe
C:\Users\Sarah.shehzad-PC\AppData\Local\Temp\avgnt.exe
C:\Users\shehzad\AppData\Local\Temp\avgnt.exe
C:\Users\shehzad\AppData\Local\Temp\VP6Install.exe
C:\Users\shehzad\AppData\Local\Temp\VP6VFW.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 00:46

==================== End Of Log ============================
         
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by shehzad at 2014-08-19 10:58:17
Running from C:\Users\shehzad\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.684.213 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2011.0707.2346.40825 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60707.2331 - ATI Technologies Inc.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
ccc-utility64 (Version: 2011.0707.2346.40825 - ATI) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Lexmark Pro700 Series (HKLM\...\Lexmark Pro700 Series) (Version:  - Lexmark International, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
ScanTack (HKLM\...\ScanTack) (Version: 2014.05.30.150643 - ScanTack) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Total Uninstall 6.4.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.4.1 - Gavrila Martau)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-08-2014 07:45:12 Geplanter Prüfpunkt
13-08-2014 06:11:53 Windows Update
13-08-2014 07:31:55 Windows Update
13-08-2014 22:58:41 Windows Update
19-08-2014 06:15:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {086B95EC-772B-46F8-9998-CA84BFB4E4E6} - System32\Tasks\{AB159400-B175-49A2-94DD-122F7F00803B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {09A46B40-F55B-449A-BBD6-2C29B7A02BF8} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-23] (BonanzaDeals) <==== ATTENTION
Task: {2391C03B-B2B2-433B-AE53-CAF315333589} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited)
Task: {245BD3E0-0A38-4C22-A067-00BEFBF3AF4D} - System32\Tasks\{7FAC5E21-9611-4111-9AD0-9D97CADFEF1A} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Burning Studio\burningstudio.exe [2010-03-19] ()
Task: {2AEF6088-AABA-49F3-8B53-6F6E08D932E5} - System32\Tasks\Price Meter Updater => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2F02C421-B7DE-423A-BF8C-9F80036F12B2} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: {304F45BD-2640-46D9-B248-7E91A6C1D676} - System32\Tasks\Play Now Radio => C:\Users\alisha\AppData\Local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe [2014-03-06] (Pay By Ads LTD)
Task: {31FB817F-2FC0-415B-B5CA-E0EE0CDDC864} - System32\Tasks\UpdaterEX => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3200EDFD-2EEA-4B46-B877-0ABE70B9FFC2} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-23] (BonanzaDeals) <==== ATTENTION
Task: {327513AD-B4F9-44A8-B435-0717FB6DB6BE} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {341323E9-DF92-4EEA-BE92-505AB3D9F4B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4D41B39E-F182-4EAE-BFDE-180313AC2DD7} - System32\Tasks\Security Center Update - 1376075522 => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe [2014-01-05] ()
Task: {4EA0FF40-41E3-4EFD-BA67-6D0AE8749039} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {5187A258-5AA6-4BF4-BA54-8A2A814D0600} - System32\Tasks\{52AFAD36-978D-4DB5-9133-31C5BBBB3A9E} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {532F9F3C-359F-46DC-B432-CCAE93BF3618} - System32\Tasks\{7DCD380B-BDDC-4D3C-BBB0-9E05D0B393DD} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {5D8E38BA-48DA-431A-AC31-2A100B09E11D} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: {6823D1BE-37A5-4453-81BB-5875424FFE58} - System32\Tasks\{6E6F044E-E1C1-48C5-8846-C98A6C6FF79F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {68C643DA-560C-4058-BF85-A21016BBCAF8} - System32\Tasks\{B311DB15-409C-4F5C-A2CA-3B96D0E9B8B3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7CD7EA51-3752-413A-8777-F226BD217065} - System32\Tasks\{F9FF6C01-0F77-4892-90C1-AB11BA9A8473} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7FB3FC1A-9834-4E66-B6D0-AD2F6F35F92C} - System32\Tasks\{C3BFF0CF-95D8-4225-8394-302BDEAC466F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Snap\ashsnap.exe [2010-03-20] (ashampoo GmbH & Co. KG)
Task: {972D1880-A511-4429-B032-2831AA653B9F} - System32\Tasks\{351A3EDF-51A8-4161-B94C-89F4378A7A26} => C:\Program Files (x86)\Flash Player Pro\Flash Player Pro.exe
Task: {A180C3BE-BEA5-4087-B299-0AD0742565A2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {AB067E2C-2D59-4792-AEA7-93A327E00451} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated)
Task: {AC92E9BF-6D2B-4A32-886C-355E339224BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {BC4C52EA-90B6-4908-A357-2E7C4015E94A} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: {C4EFD966-1A90-4852-ADEF-90CD7494C73C} - System32\Tasks\{7F6C8D6A-E32F-45D7-B3BC-249B17FAB4C4} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {C8A99DFA-96D1-400C-8C1A-D8A12CCB5AB1} - System32\Tasks\{25253F42-D79C-4472-AF27-D41A3824C54D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {CB91BCB8-2627-4EB3-9EDC-E6D3EABD0DAA} - System32\Tasks\{C6C20EFD-3F5D-4974-A65A-EF9F37C21E87} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.60.106/de/eula
Task: {D5654A96-C6E5-4193-BEEC-CD6C1E229855} - System32\Tasks\FF Watcher {1DB6657B-232F-495A-B46A-89F94D0B7CE5} => C:\Program Files\V-bates\PrefHelper.exe
Task: {DABEEC72-2BD2-4E20-BE0B-3219A53931DE} - System32\Tasks\{F9DF7985-8072-4D9B-8A2D-6F3FC176F73B} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2010-09-29] (ATI Technologies Inc.)
Task: {DBAB8BC7-8391-4A21-9603-35F84C745E33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DC45EE92-694F-499D-9936-4E79967B4AC3} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: {E813E246-C5F7-43B4-AB05-4D5C3BE79134} - System32\Tasks\{DD6357C3-9F85-4003-83FE-5EA5E4094F54} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {ECFED13C-77B7-4525-BE1B-2D476C34AB5B} - System32\Tasks\{D7523B32-B93F-4528-9BF6-EFA32E0EF58D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {F290E9C5-55DB-40AA-9AD4-79E5EB43B5FB} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {F294E5FA-4CE9-454F-B3DA-2B420CEAB505} - System32\Tasks\pricemeterdownloader => C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterd.exe
Task: {FB2F5B85-9BE2-4898-8F8D-A64DC93D0A26} - System32\Tasks\{DC04D699-98E2-4552-9CA2-E168BBA0723B} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {FF008A85-FAAB-42B3-9C6E-6E0A28109C87} - System32\Tasks\{60C667F5-2886-4333-863B-AC1AE3BECC4F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {1DB6657B-232F-495A-B46A-89F94D0B7CE5}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Price Meter Updater.job => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1376075522.job => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-10-09 21:28 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
2011-07-08 08:36 - 2011-07-08 08:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00032288 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-04-17 08:40 - 2014-04-08 11:08 - 03267536 _____ () C:\Users\shehzad\AppData\Local\fst_de_1\upfst_de_1.exe
2014-02-08 23:02 - 2013-01-30 16:25 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
2014-02-08 23:02 - 2013-01-30 16:25 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
2014-01-05 16:34 - 2014-01-05 16:34 - 00368640 _____ () C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
2014-02-09 12:41 - 2014-04-29 11:17 - 00023072 _____ () C:\Program Files (x86)\LPT\srptm.exe
2011-07-08 08:36 - 2011-07-08 08:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-08 08:44 - 2011-07-08 08:44 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-16 11:42 - 2009-12-16 11:42 - 00205824 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeemicro.dll
2010-04-01 17:30 - 2010-04-01 17:30 - 01558528 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeedrs64.dll
2009-03-10 05:44 - 2009-03-10 05:44 - 00015360 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeecaps64.dll
2014-05-30 17:06 - 2014-05-30 17:06 - 00317728 _____ () C:\Program Files (x86)\ScanTack\updateScanTack.exe
2014-02-09 12:41 - 2014-02-09 12:41 - 00070176 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00022048 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-02-08 23:02 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
2014-02-08 23:02 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
2014-02-08 23:02 - 2009-05-27 08:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecats.dll
2014-02-08 23:02 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeDRS.dll
2014-02-08 23:02 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
2009-02-20 08:48 - 2009-02-20 08:48 - 00381440 _____ () C:\Windows\system32\lxeesm.dll
2009-04-28 07:56 - 2009-04-28 07:56 - 00024064 _____ () C:\Windows\system32\lxeesmr.dll
2014-02-08 23:02 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epwizard.DLL
2014-02-08 23:02 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
2014-02-08 23:02 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Eputil.DLL
2014-02-08 23:02 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Imagutil.DLL
2014-02-08 23:02 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epfunct.DLL
2014-02-08 23:02 - 2009-06-23 07:09 - 02203648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPWizRes.dll
2014-02-08 23:02 - 2009-06-23 07:10 - 00045056 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
2014-02-08 23:02 - 2009-06-23 07:11 - 00102400 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPOEMDll.dll
2014-02-08 23:02 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
2014-02-08 23:02 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-02-09 12:41 - 2014-04-29 11:18 - 00057888 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00066080 _____ () C:\Program Files (x86)\LPT\sppsm.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00155680 _____ () C:\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00027168 _____ () C:\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00165920 _____ () C:\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00044064 _____ () C:\Program Files (x86)\LPT\srbu.dll
2014-04-14 22:03 - 2014-04-14 22:03 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00021880 _____ () C:\Program Files (x86)\LPT\srpdm.dll
2014-02-09 12:41 - 2014-04-29 11:17 - 00039456 _____ () C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyService.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 08:43 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-19 09:22 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-19 09:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-19 09:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2014 10:09:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDScan.exe, Version 2.4.40.181 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b38

Startzeit: 01cfbb7ea92337a6

Endzeit: 79

Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Berichts-ID: 0d980617-2778-11e4-b808-8c89a557884c

Error: (08/19/2014 09:21:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e54909
ID des fehlerhaften Prozesses: 0x34c
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (08/19/2014 09:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: piarudx.exe, Version: 0.0.0.0, Zeitstempel: 0x53f2109a
Name des fehlerhaften Moduls: piarudx.exe, Version: 0.0.0.0, Zeitstempel: 0x53f2109a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000042b5
ID des fehlerhaften Prozesses: 0xb2c
Startzeit der fehlerhaften Anwendung: 0xpiarudx.exe0
Pfad der fehlerhaften Anwendung: piarudx.exe1
Pfad des fehlerhaften Moduls: piarudx.exe2
Berichtskennung: piarudx.exe3

Error: (08/19/2014 08:16:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: piarudx.exe, Version: 0.0.0.0, Zeitstempel: 0x53d75949
Name des fehlerhaften Moduls: mshtml.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d26078
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00136cef
ID des fehlerhaften Prozesses: 0x850
Startzeit der fehlerhaften Anwendung: 0xpiarudx.exe0
Pfad der fehlerhaften Anwendung: piarudx.exe1
Pfad des fehlerhaften Moduls: piarudx.exe2
Berichtskennung: piarudx.exe3

Error: (08/19/2014 08:13:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00624909
ID des fehlerhaften Prozesses: 0x1b70
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (08/18/2014 11:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01eb4909
ID des fehlerhaften Prozesses: 0xad0
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (08/18/2014 09:26:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00314909
ID des fehlerhaften Prozesses: 0x16fc
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (08/18/2014 09:21:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: piarudx.exe, Version: 0.0.0.0, Zeitstempel: 0x53f2109a
Name des fehlerhaften Moduls: piarudx.exe, Version: 0.0.0.0, Zeitstempel: 0x53f2109a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000042b5
ID des fehlerhaften Prozesses: 0xb28
Startzeit der fehlerhaften Anwendung: 0xpiarudx.exe0
Pfad der fehlerhaften Anwendung: piarudx.exe1
Pfad des fehlerhaften Moduls: piarudx.exe2
Berichtskennung: piarudx.exe3

Error: (08/18/2014 08:19:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00524909
ID des fehlerhaften Prozesses: 0x1714
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (08/18/2014 07:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e24909
ID des fehlerhaften Prozesses: 0x1674
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3


System errors:
=============
Error: (08/19/2014 10:14:17 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/19/2014 10:14:17 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/19/2014 10:13:04 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/19/2014 10:04:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wpm Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/19/2014 09:47:46 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/19/2014 09:47:46 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/19/2014 09:47:46 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/19/2014 09:47:46 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/19/2014 09:47:45 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/19/2014 09:47:45 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (08/19/2014 10:09:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDScan.exe2.4.40.1811b3801cfbb7ea92337a679C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe0d980617-2778-11e4-b808-8c89a557884c

Error: (08/19/2014 09:21:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e5490934c01cfbb7e2ab0b594C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown69b9d7f8-2771-11e4-b808-8c89a557884c

Error: (08/19/2014 09:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: piarudx.exe0.0.0.053f2109apiarudx.exe0.0.0.053f2109ac0000005000042b5b2c01cfbb7d76fd9845C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exeC:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exed21fab15-2770-11e4-b808-8c89a557884c

Error: (08/19/2014 08:16:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: piarudx.exe0.0.0.053d75949mshtml.dll11.0.9600.1723953d26078c000000500136cef85001cfbb74adad2826C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exeC:\Windows\SysWOW64\mshtml.dll633d97ba-2768-11e4-9915-8c89a557884c

Error: (08/19/2014 08:13:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c0000005006249091b7001cfbb74a6186edcC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknownea7d1b14-2767-11e4-9915-8c89a557884c

Error: (08/18/2014 11:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501eb4909ad001cfbb2b4d89856cC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown8cff1881-271e-11e4-aa6c-742f6817a37b

Error: (08/18/2014 09:26:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c00000050031490916fc01cfbb1a4509760fC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown838ec084-270d-11e4-8f58-8c89a557884c

Error: (08/18/2014 09:21:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: piarudx.exe0.0.0.053f2109apiarudx.exe0.0.0.053f2109ac0000005000042b5b2801cfbb1990a6e510C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exeC:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exee6d85b11-270c-11e4-8f58-8c89a557884c

Error: (08/18/2014 08:19:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000500524909171401cfbb10de70168dC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown21a0316f-2704-11e4-bca3-742f6817a37b

Error: (08/18/2014 07:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e24909167401cfbb0d72342cdeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknownb1a03a72-2700-11e4-815f-742f6817a37b


CodeIntegrity Errors:
===================================
  Date: 2014-02-07 09:39:07.504
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.502
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.500
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.476
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.474
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-05 16:30:47.329
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-05 16:30:47.329
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-05 16:30:47.329
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-05 16:30:47.313
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD A8-3800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 52%
Total physical RAM: 3576.13 MB
Available physical RAM: 1705.91 MB
Total Pagefile: 7150.45 MB
Available Pagefile: 4015.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:829.74 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:19.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5183A2EF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         

Alt 19.08.2014, 10:16   #2
M-K-D-B
/// TB-Ausbilder
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!





Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.








Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 19.08.2014, 10:52   #3
PoWi
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Während Combofix noch läuft sind folgende Fehler aufgetreten (tippe vom Laptop)
handle viewer funktioniert nicht mehr
Windows Befehlsprozess funktioniert nicht mehr
imp gui wird ebenfalls blockiert (nach Neustart)


Combofix zeigt nun an: Fast fertig...
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
__________________

Alt 19.08.2014, 10:55   #4
M-K-D-B
/// TB-Ausbilder
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Servus,


Starte deinen Rechner nach dieser Anleitung und führe ComboFix im abgesicherten Modus aus.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 19.08.2014, 11:17   #5
PoWi
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Ich hab Combofix im abgesicherten Modus durchgeführt, dann lief alles. Nach dem Neustart ging Combofix weiter.. nun wieder: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Hätte ich nach dem obligatorischen Neustart durch Combofix wieder in den abgesicherten Modus wechseln sollen?

Der Fixlog aus Schritt 1
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by shehzad at 2014-08-19 11:22:35 Run:1
Running from C:\Users\shehzad\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
end
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
         


Alt 19.08.2014, 11:26   #6
M-K-D-B
/// TB-Ausbilder
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Servus,



nein, passt schon, du hast alles richtig gemacht.




Führe mal bitte nochmal FRST aus, damit ich einen aktuellen Überblick bekomme:
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.
__________________
--> AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet

Alt 19.08.2014, 11:31   #7
PoWi
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



In Ordnung.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by shehzad (administrator) on SHEHZAD-PC on 19-08-2014 12:29:11
Running from C:\Users\shehzad\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\LPT\srpts.exe
( ) C:\Windows\System32\lxeecoms.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(BonanzaDeals) C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\ScanTack\updateScanTack.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre8\bin\javaws.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [lxeemon.exe] => C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe [772712 2013-01-30] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe [150264 2013-01-30] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [fst_de_1] => "C:\Program Files (x86)\fst_de_1\fst_de_1.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [GoogleChromeAutoLaunch_64528655D5F25C403B8633DE809A3F8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [PriceMeterW] => "C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [UhpeRfefh] => regsvr32.exe "C:\ProgramData\UhpeRfefh\UhpeRfefh.dat"
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = 
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-HA,,&q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: ScanTack -> {d332cff8-358e-4c9e-8af3-a08872ef22c1} -> C:\Program Files (x86)\ScanTack\ScanTackbho.dll (ScanTack)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {CD0342DD-7582-4507-B58A-4C9EA18B13AA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default
FF DefaultSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_114.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_114.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: MediaPlayerplus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-05-20]
FF Extension: Quick Start - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\quick_start@gmail.com [2014-05-21]
FF Extension: Shopping Helper Smartbar - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{14895be1-6013-6314-fc5c-52690c3f821a} [2014-04-27]
FF Extension: Boost - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\boost@boost.net.xpi [2014-05-16]
FF Extension: Adblock Plus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-27]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome: 
=======
CHR Extension: (BonanzaDeals) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2014-08-19]
CHR Extension: (Skype Click to Call) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [dljhohhmfjfhgfhpgkfefjoojfobodhn] - C:\Program Files (x86)\Whilokii\dljhohhmfjfhgfhpgkfefjoojfobodhn.crx [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-23] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-23] (BonanzaDeals)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-09] ()
S2 lxeeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\Windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
R2 lxee_device; C:\Windows\SysWOW64\lxeecoms.exe [598696 2010-04-14] ( )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Update ScanTack; C:\Program Files (x86)\ScanTack\updateScanTack.exe [317728 2014-05-30] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 {fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64; C:\Windows\System32\drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64.sys [61112 2014-05-22] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 12:00 - 2014-08-19 12:13 - 00000000 ____D () C:\ComboFix
2014-08-19 11:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-19 11:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-19 11:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-19 11:26 - 2014-08-19 11:50 - 00000000 ____D () C:\Qoobox
2014-08-19 11:25 - 2014-08-19 12:07 - 00000000 ____D () C:\Windows\erdnt
2014-08-19 11:23 - 2014-08-19 11:24 - 05572251 ____R (Swearware) C:\Users\shehzad\Desktop\ComboFix.exe
2014-08-19 10:58 - 2014-08-19 10:59 - 00037519 _____ () C:\Users\shehzad\Desktop\Addition.txt
2014-08-19 10:57 - 2014-08-19 12:29 - 00020253 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 10:56 - 2014-08-19 12:29 - 00000000 ____D () C:\FRST
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 10:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 09:22 - 2014-08-19 09:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:36 - 2014-08-18 20:37 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:29 - 2014-08-18 20:30 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:25 - 2014-08-18 20:27 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:19 - 2014-08-18 20:20 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:19 - 2014-08-18 20:20 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:16 - 2014-08-18 19:17 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 17:30 - 2014-08-19 11:45 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Vodeka
2014-08-18 17:30 - 2014-08-19 11:00 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-18 17:30 - 2014-08-18 17:30 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1376075522
2014-08-18 17:30 - 2014-01-05 16:34 - 00368640 _____ () C:\Windows\SysWOW64\haiwuruc.exe
2014-08-18 17:29 - 2014-08-18 17:29 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-13 09:32 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 09:32 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 09:32 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 09:32 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 09:32 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 08:19 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 08:19 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 08:19 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 08:19 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 08:19 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 08:19 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 08:19 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 08:19 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 08:19 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 08:19 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 08:19 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 08:19 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 08:19 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 08:19 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 08:19 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 08:19 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 08:19 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 08:19 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 08:19 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 08:19 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 08:18 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 08:18 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 08:18 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 08:18 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 08:18 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 08:18 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 08:18 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 08:18 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 08:13 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 08:13 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 08:13 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 08:13 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:39 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-11 17:36 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 17:04 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Google
2014-08-11 17:04 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah.shehzad-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 17:04 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-11 17:04 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-11 17:04 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Macromedia
2014-08-11 17:04 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-11 17:04 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-11 11:47 - 2014-08-11 11:48 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:45 - 2014-08-11 11:46 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-07 17:34 - 2014-08-07 17:35 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:43 - 2014-08-01 21:44 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:35 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 11:35 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google
2014-08-01 11:35 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-01 11:35 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-01 11:35 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-01 11:35 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Macromedia
2014-08-01 11:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-01 11:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 12:29 - 2014-08-19 10:57 - 00020253 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 12:29 - 2014-08-19 10:56 - 00000000 ____D () C:\FRST
2014-08-19 12:26 - 2013-10-23 13:21 - 00000928 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2014-08-19 12:18 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 12:18 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 12:14 - 2013-10-09 21:52 - 01596072 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 12:13 - 2014-08-19 12:00 - 00000000 ____D () C:\ComboFix
2014-08-19 12:11 - 2014-03-19 09:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 12:09 - 2014-04-10 23:21 - 00003126 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job
2014-08-19 12:09 - 2014-04-10 23:21 - 00002198 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job
2014-08-19 12:09 - 2014-04-10 23:21 - 00001508 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job
2014-08-19 12:09 - 2014-04-10 23:21 - 00001430 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job
2014-08-19 12:09 - 2014-04-10 23:21 - 00001418 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job
2014-08-19 12:09 - 2013-10-23 13:21 - 00000924 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2014-08-19 12:09 - 2013-10-09 21:17 - 00170505 _____ () C:\ProgramData\lxeescan.log
2014-08-19 12:09 - 2013-10-09 12:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 12:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 12:09 - 2009-07-14 06:45 - 00378432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 12:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-19 12:08 - 2010-11-21 05:47 - 00251224 _____ () C:\Windows\PFRO.log
2014-08-19 12:08 - 2009-07-14 06:51 - 00007406 _____ () C:\Windows\setupact.log
2014-08-19 12:08 - 2009-07-14 04:34 - 83623936 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 28835840 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 01572864 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-19 12:07 - 2014-08-19 11:25 - 00000000 ____D () C:\Windows\erdnt
2014-08-19 11:50 - 2014-08-19 11:26 - 00000000 ____D () C:\Qoobox
2014-08-19 11:45 - 2014-08-18 17:30 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Vodeka
2014-08-19 11:41 - 2014-04-14 22:03 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-08-19 11:40 - 2013-10-09 12:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 11:24 - 2014-08-19 11:23 - 05572251 ____R (Swearware) C:\Users\shehzad\Desktop\ComboFix.exe
2014-08-19 11:04 - 2014-04-14 22:03 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-08-19 11:00 - 2014-08-18 17:30 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-19 10:59 - 2014-08-19 10:58 - 00037519 _____ () C:\Users\shehzad\Desktop\Addition.txt
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 10:04 - 2014-08-19 09:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:23 - 2014-08-19 09:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-19 09:19 - 2014-04-17 08:40 - 00000000 ____D () C:\Users\shehzad\AppData\Local\fst_de_1
2014-08-18 23:37 - 2011-02-10 21:25 - 00699634 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 23:37 - 2011-02-10 21:25 - 00149516 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 23:37 - 2009-07-14 07:13 - 01621276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:37 - 2014-08-18 20:36 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:36 - 2014-04-15 18:11 - 617677318 _____ () C:\Windows\MEMORY.DMP
2014-08-18 20:36 - 2014-04-15 18:11 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 20:30 - 2014-08-18 20:29 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:27 - 2014-08-18 20:25 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:20 - 2014-08-18 20:19 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:20 - 2014-08-18 20:19 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:19 - 2009-07-14 06:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-18 20:07 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:17 - 2014-08-18 19:16 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 18:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-18 17:30 - 2014-08-18 17:30 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1376075522
2014-08-18 17:29 - 2014-08-18 17:29 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-18 12:40 - 2014-06-25 16:07 - 00001471 _____ () C:\Users\alisha\Desktop\Play Now Radio.lnk
2014-08-18 09:41 - 2013-10-10 21:13 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Skype
2014-08-17 23:22 - 2013-10-09 13:04 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\SoftGrid Client
2014-08-17 19:24 - 2013-10-09 21:28 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-08-17 19:01 - 2014-02-18 22:33 - 00000492 _____ () C:\ProgramData\lxeeDiagnostics.log
2014-08-17 14:34 - 2014-08-11 17:39 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-17 14:34 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-16 08:44 - 2013-10-09 12:57 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-14 19:10 - 2014-03-19 09:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 19:10 - 2014-03-19 09:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-14 19:10 - 2011-06-28 01:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 09:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 09:44 - 2013-10-17 16:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 09:37 - 2011-02-10 22:56 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 09:32 - 2014-05-06 18:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 11:48 - 2014-08-11 11:47 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:46 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-08 20:26 - 2014-04-27 14:48 - 00654336 ___SH () C:\Users\shehzad\Downloads\Thumbs.db
2014-08-07 17:35 - 2014-08-07 17:34 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-07 14:20 - 2013-10-10 21:12 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 04:06 - 2014-08-13 08:13 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 08:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:44 - 2014-08-01 21:43 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:36 - 2014-08-01 11:35 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 01:41 - 2014-08-13 08:19 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 08:19 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 22:06 - 2014-05-30 20:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-27 10:02 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 16:52 - 2014-08-13 08:19 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 08:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 08:19 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 08:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 08:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 08:19 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 08:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 08:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 08:19 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 08:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 08:19 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 08:19 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 08:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 08:19 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 08:19 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 08:19 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}
2014-07-25 13:52 - 2014-08-13 08:19 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 08:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 08:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 08:19 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 08:19 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 08:19 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 08:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 08:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 08:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 08:19 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 08:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 08:19 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 08:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 08:19 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 08:19 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 08:19 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 08:19 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 08:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 08:19 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 08:19 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 00:46

==================== End Of Log ============================
         
--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by shehzad at 2014-08-19 12:30:15
Running from C:\Users\shehzad\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.684.213 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2011.0707.2346.40825 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60707.2331 - ATI Technologies Inc.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
ccc-utility64 (Version: 2011.0707.2346.40825 - ATI) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Lexmark Pro700 Series (HKLM\...\Lexmark Pro700 Series) (Version:  - Lexmark International, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
ScanTack (HKLM\...\ScanTack) (Version: 2014.05.30.150643 - ScanTack) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Total Uninstall 6.4.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.4.1 - Gavrila Martau)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-08-2014 07:31:55 Windows Update
13-08-2014 22:58:41 Windows Update
19-08-2014 06:15:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-19 12:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {086B95EC-772B-46F8-9998-CA84BFB4E4E6} - System32\Tasks\{AB159400-B175-49A2-94DD-122F7F00803B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {09A46B40-F55B-449A-BBD6-2C29B7A02BF8} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-23] (BonanzaDeals) <==== ATTENTION
Task: {2391C03B-B2B2-433B-AE53-CAF315333589} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {245BD3E0-0A38-4C22-A067-00BEFBF3AF4D} - System32\Tasks\{7FAC5E21-9611-4111-9AD0-9D97CADFEF1A} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Burning Studio\burningstudio.exe [2010-03-19] ()
Task: {2AEF6088-AABA-49F3-8B53-6F6E08D932E5} - System32\Tasks\Price Meter Updater => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2F02C421-B7DE-423A-BF8C-9F80036F12B2} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: {304F45BD-2640-46D9-B248-7E91A6C1D676} - System32\Tasks\Play Now Radio => C:\Users\alisha\AppData\Local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe
Task: {31FB817F-2FC0-415B-B5CA-E0EE0CDDC864} - System32\Tasks\UpdaterEX => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3200EDFD-2EEA-4B46-B877-0ABE70B9FFC2} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-23] (BonanzaDeals) <==== ATTENTION
Task: {327513AD-B4F9-44A8-B435-0717FB6DB6BE} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {341323E9-DF92-4EEA-BE92-505AB3D9F4B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4D41B39E-F182-4EAE-BFDE-180313AC2DD7} - System32\Tasks\Security Center Update - 1376075522 => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
Task: {4EA0FF40-41E3-4EFD-BA67-6D0AE8749039} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {5187A258-5AA6-4BF4-BA54-8A2A814D0600} - System32\Tasks\{52AFAD36-978D-4DB5-9133-31C5BBBB3A9E} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {532F9F3C-359F-46DC-B432-CCAE93BF3618} - System32\Tasks\{7DCD380B-BDDC-4D3C-BBB0-9E05D0B393DD} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {5D8E38BA-48DA-431A-AC31-2A100B09E11D} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: {6823D1BE-37A5-4453-81BB-5875424FFE58} - System32\Tasks\{6E6F044E-E1C1-48C5-8846-C98A6C6FF79F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {68C643DA-560C-4058-BF85-A21016BBCAF8} - System32\Tasks\{B311DB15-409C-4F5C-A2CA-3B96D0E9B8B3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7CD7EA51-3752-413A-8777-F226BD217065} - System32\Tasks\{F9FF6C01-0F77-4892-90C1-AB11BA9A8473} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7FB3FC1A-9834-4E66-B6D0-AD2F6F35F92C} - System32\Tasks\{C3BFF0CF-95D8-4225-8394-302BDEAC466F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Snap\ashsnap.exe [2010-03-20] (ashampoo GmbH & Co. KG)
Task: {972D1880-A511-4429-B032-2831AA653B9F} - System32\Tasks\{351A3EDF-51A8-4161-B94C-89F4378A7A26} => C:\Program Files (x86)\Flash Player Pro\Flash Player Pro.exe
Task: {A180C3BE-BEA5-4087-B299-0AD0742565A2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {AB067E2C-2D59-4792-AEA7-93A327E00451} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated)
Task: {AC92E9BF-6D2B-4A32-886C-355E339224BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {BC4C52EA-90B6-4908-A357-2E7C4015E94A} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: {C4EFD966-1A90-4852-ADEF-90CD7494C73C} - System32\Tasks\{7F6C8D6A-E32F-45D7-B3BC-249B17FAB4C4} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {C8A99DFA-96D1-400C-8C1A-D8A12CCB5AB1} - System32\Tasks\{25253F42-D79C-4472-AF27-D41A3824C54D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {CB91BCB8-2627-4EB3-9EDC-E6D3EABD0DAA} - System32\Tasks\{C6C20EFD-3F5D-4974-A65A-EF9F37C21E87} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.60.106/de/eula
Task: {D5654A96-C6E5-4193-BEEC-CD6C1E229855} - System32\Tasks\FF Watcher {1DB6657B-232F-495A-B46A-89F94D0B7CE5} => C:\Program Files\V-bates\PrefHelper.exe
Task: {DABEEC72-2BD2-4E20-BE0B-3219A53931DE} - System32\Tasks\{F9DF7985-8072-4D9B-8A2D-6F3FC176F73B} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2010-09-29] (ATI Technologies Inc.)
Task: {DBAB8BC7-8391-4A21-9603-35F84C745E33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DC45EE92-694F-499D-9936-4E79967B4AC3} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: {E813E246-C5F7-43B4-AB05-4D5C3BE79134} - System32\Tasks\{DD6357C3-9F85-4003-83FE-5EA5E4094F54} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {ECFED13C-77B7-4525-BE1B-2D476C34AB5B} - System32\Tasks\{D7523B32-B93F-4528-9BF6-EFA32E0EF58D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {F290E9C5-55DB-40AA-9AD4-79E5EB43B5FB} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {F294E5FA-4CE9-454F-B3DA-2B420CEAB505} - System32\Tasks\pricemeterdownloader => C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterd.exe
Task: {FB2F5B85-9BE2-4898-8F8D-A64DC93D0A26} - System32\Tasks\{DC04D699-98E2-4552-9CA2-E168BBA0723B} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {FF008A85-FAAB-42B3-9C6E-6E0A28109C87} - System32\Tasks\{60C667F5-2886-4333-863B-AC1AE3BECC4F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Price Meter Updater.job => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1376075522.job => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-10-09 21:28 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
2011-07-08 08:36 - 2011-07-08 08:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00032288 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-02-08 23:02 - 2013-01-30 16:25 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
2009-12-16 11:42 - 2009-12-16 11:42 - 00205824 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeemicro.dll
2010-04-01 17:30 - 2010-04-01 17:30 - 01558528 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeedrs64.dll
2009-03-10 05:44 - 2009-03-10 05:44 - 00015360 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeecaps64.dll
2014-05-30 17:06 - 2014-05-30 17:06 - 00317728 _____ () C:\Program Files (x86)\ScanTack\updateScanTack.exe
2014-02-09 12:41 - 2014-02-09 12:41 - 00070176 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00022048 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-02-08 23:02 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
2014-02-08 23:02 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
2014-02-08 23:02 - 2009-05-27 08:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecats.dll
2014-02-08 23:02 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeDRS.dll
2014-02-08 23:02 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
2009-02-20 08:48 - 2009-02-20 08:48 - 00381440 _____ () C:\Windows\system32\lxeesm.dll
2009-04-28 07:56 - 2009-04-28 07:56 - 00024064 _____ () C:\Windows\system32\lxeesmr.dll
2014-08-19 09:22 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-08-19 09:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-19 09:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 08:43 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2014 00:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e24909
ID des fehlerhaften Prozesses: 0x165c
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (08/19/2014 00:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78e2b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01f64909
ID des fehlerhaften Prozesses: 0x17a8
Startzeit der fehlerhaften Anwendung: 0xcmd.exe0
Pfad der fehlerhaften Anwendung: cmd.exe1
Pfad des fehlerhaften Moduls: cmd.exe2
Berichtskennung: cmd.exe3

Error: (08/19/2014 00:10:04 PM) (Source: Application Virtualization Client) (EventID: 2005) (User: )
Description: Der Application Virtualization-Kerndienst konnte keinen Kontakt mit dem Dienststeuerungsverteiler aufnehmen.

Error: (08/19/2014 00:09:42 PM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: Die Datei AvShadow konnte nicht geladen werden. 
Fehlercode: 0x3fa

Error: (08/19/2014 00:00:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x8007043c).

Error: (08/19/2014 00:00:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (08/19/2014 00:00:30 PM) (Source: VSS) (EventID: 18) (User: )
Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.
Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (08/19/2014 11:50:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e64909
ID des fehlerhaften Prozesses: 0x1338
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (08/19/2014 11:49:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78e2b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00574909
ID des fehlerhaften Prozesses: 0xeec
Startzeit der fehlerhaften Anwendung: 0xcmd.exe0
Pfad der fehlerhaften Anwendung: cmd.exe1
Pfad des fehlerhaften Moduls: cmd.exe2
Berichtskennung: cmd.exe3

Error: (08/19/2014 11:45:59 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: Die Datei AvShadow konnte nicht geladen werden. 
Fehlercode: 0x3fa


System errors:
=============
Error: (08/19/2014 00:11:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Client Virtualization Handler" wurde nicht richtig gestartet.

Error: (08/19/2014 00:09:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/19/2014 00:09:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/19/2014 00:09:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/19/2014 00:09:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeeCATSCustConnectService erreicht.

Error: (08/19/2014 00:07:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/19/2014 00:07:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/19/2014 00:05:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/19/2014 00:00:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/19/2014 00:00:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}


Microsoft Office Sessions:
=========================
Error: (08/19/2014 00:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e24909165c01cfbb96663355cdC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknowna41901b4-2789-11e4-8129-8c89a557884c

Error: (08/19/2014 00:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmd.exe6.1.7601.175144ce78e2bunknown0.0.0.000000000c000000501f6490917a801cfbb961ef4e669C:\Windows\SysWow64\cmd.exeunknown5ee6410c-2789-11e4-8129-8c89a557884c

Error: (08/19/2014 00:10:04 PM) (Source: Application Virtualization Client) (EventID: 2005) (User: )
Description: 

Error: (08/19/2014 00:09:42 PM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AvShadow0x3fa

Error: (08/19/2014 00:00:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (08/19/2014 00:00:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.


Vorgang:
   VSS-Server wird instanziiert

Error: (08/19/2014 00:00:30 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.


Vorgang:
   VSS-Server wird instanziiert

Error: (08/19/2014 11:50:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e64909133801cfbb930ff8e621C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown4df8c12b-2786-11e4-b8bd-8c89a557884c

Error: (08/19/2014 11:49:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmd.exe6.1.7601.175144ce78e2bunknown0.0.0.000000000c000000500574909eec01cfbb92d5cd457cC:\Windows\SysWow64\cmd.exeunknown15c1017e-2786-11e4-b8bd-8c89a557884c

Error: (08/19/2014 11:45:59 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AvShadow0x3fa


CodeIntegrity Errors:
===================================
  Date: 2014-08-19 11:40:11.861
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-19 11:40:11.781
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-07 09:39:07.504
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.502
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.500
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.476
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.474
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-05 16:30:47.329
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-05 16:30:47.329
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD A8-3800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 46%
Total physical RAM: 3576.13 MB
Available physical RAM: 1920.26 MB
Total Pagefile: 7150.45 MB
Available Pagefile: 5128.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:829.47 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:19.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5183A2EF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         

Alt 19.08.2014, 11:44   #8
M-K-D-B
/// TB-Ausbilder
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
HKLM-x32\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
C:\Users\shehzad\AppData\Roaming\Vodeka
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [UhpeRfefh] => regsvr32.exe "C:\ProgramData\UhpeRfefh\UhpeRfefh.dat"
C:\ProgramData\UhpeRfefh
Task: {4D41B39E-F182-4EAE-BFDE-180313AC2DD7} - System32\Tasks\Security Center Update - 1376075522 => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 4

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 19.08.2014, 12:23   #9
PoWi
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Sowohl der AdwCleaner als auch der Malwarebytes sind bei der letzten Aktion nach dem Suchlauf abgestützt. Die führen die Aktion im Hintergrund, glaube ich, noch aus, aber trotzdem wird der Vorgang gestört.
... funktioniert nicht mehr.

Fixlog
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by shehzad at 2014-08-19 12:47:30 Run:2
Running from C:\Users\shehzad\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [Okoheba] => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
C:\Users\shehzad\AppData\Roaming\Vodeka
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [UhpeRfefh] => regsvr32.exe "C:\ProgramData\UhpeRfefh\UhpeRfefh.dat"
C:\ProgramData\UhpeRfefh
Task: {4D41B39E-F182-4EAE-BFDE-180313AC2DD7} - System32\Tasks\Security Center Update - 1376075522 => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
EmptyTemp:
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Okoheba => value deleted successfully.
C:\Users\shehzad\AppData\Roaming\Vodeka => Moved successfully.
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\Software\Microsoft\Windows\CurrentVersion\Run\\UhpeRfefh => value deleted successfully.
C:\ProgramData\UhpeRfefh => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D41B39E-F182-4EAE-BFDE-180313AC2DD7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D41B39E-F182-4EAE-BFDE-180313AC2DD7}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1376075522 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1376075522" => Key deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
EmptyTemp: => Removed 821.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         
AdwCleaner
Code:
ATTFilter
# AdwCleaner v3.307 - Bericht erstellt am 19/08/2014 um 12:55:26
# Aktualisiert 17/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : shehzad - SHEHZAD-PC
# Gestartet von : C:\Users\shehzad\Desktop\adwcleaner_3.307.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : bonanzadealslive
[#] Dienst Gelöscht : bonanzadealslivem
[#] Dienst Gelöscht : IePluginService
[#] Dienst Gelöscht : LPTSystemUpdater
[#] Dienst Gelöscht : Update ScanTack
Dienst Gelöscht : {fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\PriceMeterLiveUpdate
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_today
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Elite Max
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\LPT
Ordner Gelöscht : C:\Program Files (x86)\MediaPlayerplus
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Elite Max
Ordner Gelöscht : C:\Program Files (x86)\PriceMeterLiveUpdate
Ordner Gelöscht : C:\Program Files (x86)\Re-markit Corp
Ordner Gelöscht : C:\Program Files (x86)\Re-markit
Ordner Gelöscht : C:\Program Files (x86)\ScanTack
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\fst_de_1
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Program Files\V-bates
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\cool_mirage
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\PriceMeter
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\PriceMeterLiveUpdate
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\fst_de_1
Ordner Gelöscht : C:\Users\shehzad\AppData\LocalLow\1ClickMovie-Download V9.0
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\Activeris
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\Optimizer Elite Max
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\PriceMeterUpdater
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\quick_start@gmail.com
Ordner Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Ordner Gelöscht : C:\Users\Sarah.shehzad-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Ordner Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Datei Gelöscht : C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\boost@boost.net.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.dll
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\SecureAssist64.dll
Datei Gelöscht : C:\Windows\System32\drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64.sys
Datei Gelöscht : C:\Users\shehzad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\alisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineCore
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineUA
         

Der JRT ist mittendrin auch abgestützt. Fehlermeldung: Der Windows Befehlsprozessor funktioniert nicht mehr.

Geändert von PoWi (19.08.2014 um 12:36 Uhr)

Alt 19.08.2014, 12:48   #10
M-K-D-B
/// TB-Ausbilder
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Servus,


poste mir bitte die komplette Logatei von AdwCleaner.... da fehlt noch Einiges... oder ist das wirklich alles?


ok, das ist ja echt haarig bei dir auf dem PC...


Dann aber bitte FRST nochmal zur Kontrolle, damit ich sehen kann, was bereits gelöscht wurde:

  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 19.08.2014, 12:53   #11
PoWi
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Die Adw-Logdatei geht tatsächlich nur bis dorthin. Es fand auch kein automatischer Neustart statt, wie es eigentlich sollte.

Danke für deine Zeit!


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by shehzad (administrator) on SHEHZAD-PC on 19-08-2014 13:49:52
Running from C:\Users\shehzad\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
( ) C:\Windows\System32\lxeecoms.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [lxeemon.exe] => C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe [772712 2013-01-30] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe [150264 2013-01-30] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [fst_de_1] => "C:\Program Files (x86)\fst_de_1\fst_de_1.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [GoogleChromeAutoLaunch_64528655D5F25C403B8633DE809A3F8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [PriceMeterW] => "C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2564675894-2720206820-1579627790-1002\...\Run: [UhpeRfefh] => regsvr32.exe "C:\ProgramData\UhpeRfefh\UhpeRfefh.dat"
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397164831&from=tugs&uid=ST1000DM003-1CH162_Z1D40V45XXXXZ1D40V45&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-GA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = 
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06INJivsh2G3E3cxNldDxOYhfaTm0VoTfR1Fyh880rq5_QtbBE0LLMoKm__qdALwoUNoIRzGnAFCaA_9i-BWo_TRRd1rxU6O36efXrgoSzX-6DBKmeJ_BZeaoINuz-HA,,&q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: ScanTack -> {d332cff8-358e-4c9e-8af3-a08872ef22c1} -> C:\Program Files (x86)\ScanTack\ScanTackbho.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {CD0342DD-7582-4507-B58A-4C9EA18B13AA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default
FF DefaultSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_114.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_114.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: MediaPlayerplus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-05-20]
FF Extension: Shopping Helper Smartbar - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{14895be1-6013-6314-fc5c-52690c3f821a} [2014-04-27]
FF Extension: Adblock Plus - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-27]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\shehzad\AppData\Roaming\Mozilla\Firefox\Profiles\8kejme6e.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome: 
=======
CHR Extension: (Skype Click to Call) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\shehzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [dljhohhmfjfhgfhpgkfefjoojfobodhn] - C:\Program Files (x86)\Whilokii\dljhohhmfjfhgfhpgkfefjoojfobodhn.crx [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 lxeeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\Windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
R2 lxee_device; C:\Windows\SysWOW64\lxeecoms.exe [598696 2010-04-14] ( )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 13:30 - 2014-08-19 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-08-19 13:29 - 2014-08-19 13:29 - 01016261 _____ (Thisisu) C:\Users\shehzad\Desktop\JRT.exe
2014-08-19 13:03 - 2014-08-19 13:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 13:03 - 2014-08-19 13:03 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-19 13:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-19 13:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-19 13:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-19 13:02 - 2014-08-19 13:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\shehzad\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-19 12:58 - 2014-08-19 12:55 - 00006898 _____ () C:\Users\shehzad\Desktop\AdwCleaner[S0].txt
2014-08-19 12:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-19 12:54 - 2014-08-19 12:57 - 00000000 ____D () C:\AdwCleaner
2014-08-19 12:53 - 2014-08-19 12:53 - 01361671 _____ () C:\Users\shehzad\Desktop\adwcleaner_3.307.exe
2014-08-19 12:47 - 2014-08-19 12:47 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-19 12:00 - 2014-08-19 12:13 - 00000000 ____D () C:\ComboFix
2014-08-19 11:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-19 11:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-19 11:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-19 11:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-19 11:26 - 2014-08-19 11:50 - 00000000 ____D () C:\Qoobox
2014-08-19 11:25 - 2014-08-19 12:07 - 00000000 ____D () C:\Windows\erdnt
2014-08-19 11:23 - 2014-08-19 11:24 - 05572251 ____R (Swearware) C:\Users\shehzad\Desktop\ComboFix.exe
2014-08-19 10:58 - 2014-08-19 12:30 - 00032989 _____ () C:\Users\shehzad\Desktop\Addition.txt
2014-08-19 10:57 - 2014-08-19 13:50 - 00018552 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 10:56 - 2014-08-19 13:49 - 00000000 ____D () C:\FRST
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 10:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 09:22 - 2014-08-19 09:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:21 - 2014-08-19 09:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:36 - 2014-08-18 20:37 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:29 - 2014-08-18 20:30 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:25 - 2014-08-18 20:27 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:19 - 2014-08-18 20:20 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:19 - 2014-08-18 20:20 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:16 - 2014-08-18 19:17 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 17:30 - 2014-08-19 11:00 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-18 17:30 - 2014-01-05 16:34 - 00368640 _____ () C:\Windows\SysWOW64\haiwuruc.exe
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-13 09:32 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 09:32 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 09:32 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 09:32 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 09:32 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 09:32 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 08:19 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 08:19 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 08:19 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 08:19 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 08:19 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 08:19 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 08:19 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 08:19 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 08:19 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 08:19 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 08:19 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 08:19 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 08:19 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 08:19 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 08:19 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 08:19 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 08:19 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 08:19 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 08:19 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 08:19 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 08:19 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 08:19 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 08:19 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 08:19 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 08:19 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 08:19 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 08:19 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 08:19 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 08:19 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 08:19 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 08:19 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 08:19 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 08:19 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 08:19 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 08:19 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 08:19 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 08:19 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 08:18 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 08:18 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 08:18 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 08:18 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 08:18 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 08:18 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 08:18 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 08:18 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 08:18 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 08:18 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 08:18 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 08:18 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 08:18 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 08:18 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 08:13 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 08:13 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 08:13 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 08:13 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:39 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-11 17:36 - 2014-08-17 14:34 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 17:04 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Google
2014-08-11 17:04 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah.shehzad-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 17:04 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-11 17:04 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-11 17:04 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Macromedia
2014-08-11 17:04 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-11 17:04 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-11 11:47 - 2014-08-11 11:48 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:45 - 2014-08-11 11:46 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-07 17:34 - 2014-08-07 17:35 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:43 - 2014-08-01 21:44 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:35 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 11:35 - 2014-03-30 12:10 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google
2014-08-01 11:35 - 2014-03-12 15:28 - 00090936 _____ () C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-01 11:35 - 2011-06-28 01:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
2014-08-01 11:35 - 2011-06-28 01:38 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
2014-08-01 11:35 - 2011-02-10 22:48 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Macromedia
2014-08-01 11:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-01 11:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 13:50 - 2014-08-19 10:57 - 00018552 _____ () C:\Users\shehzad\Desktop\FRST.txt
2014-08-19 13:49 - 2014-08-19 10:56 - 00000000 ____D () C:\FRST
2014-08-19 13:49 - 2013-10-09 21:52 - 01615635 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 13:45 - 2014-04-10 23:21 - 00003126 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job
2014-08-19 13:45 - 2014-04-10 23:21 - 00002198 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job
2014-08-19 13:45 - 2014-04-10 23:21 - 00001508 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job
2014-08-19 13:45 - 2014-04-10 23:21 - 00001430 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job
2014-08-19 13:45 - 2014-04-10 23:21 - 00001418 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job
2014-08-19 13:45 - 2013-10-09 21:17 - 00171385 _____ () C:\ProgramData\lxeescan.log
2014-08-19 13:45 - 2013-10-09 12:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 13:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 13:45 - 2009-07-14 06:51 - 00007630 _____ () C:\Windows\setupact.log
2014-08-19 13:38 - 2009-07-14 06:45 - 00378432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 13:33 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 13:33 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 13:30 - 2014-08-19 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-08-19 13:29 - 2014-08-19 13:29 - 01016261 _____ (Thisisu) C:\Users\shehzad\Desktop\JRT.exe
2014-08-19 13:27 - 2014-08-19 13:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 13:10 - 2014-03-19 09:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 13:03 - 2014-08-19 13:03 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 13:03 - 2014-08-19 13:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-19 13:03 - 2014-08-19 13:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\shehzad\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-19 13:03 - 2014-04-14 22:03 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-08-19 12:57 - 2014-08-19 12:54 - 00000000 ____D () C:\AdwCleaner
2014-08-19 12:55 - 2014-08-19 12:58 - 00006898 _____ () C:\Users\shehzad\Desktop\AdwCleaner[S0].txt
2014-08-19 12:53 - 2014-08-19 12:53 - 01361671 _____ () C:\Users\shehzad\Desktop\adwcleaner_3.307.exe
2014-08-19 12:51 - 2014-04-10 23:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-19 12:47 - 2014-08-19 12:47 - 00000000 ____D () C:\ProgramData\UhpeRfefh
2014-08-19 12:47 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-19 12:40 - 2013-10-09 12:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 12:30 - 2014-08-19 10:58 - 00032989 _____ () C:\Users\shehzad\Desktop\Addition.txt
2014-08-19 12:13 - 2014-08-19 12:00 - 00000000 ____D () C:\ComboFix
2014-08-19 12:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-19 12:08 - 2010-11-21 05:47 - 00251224 _____ () C:\Windows\PFRO.log
2014-08-19 12:08 - 2009-07-14 04:34 - 83623936 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 28835840 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 01572864 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-19 12:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-19 12:07 - 2014-08-19 11:25 - 00000000 ____D () C:\Windows\erdnt
2014-08-19 11:50 - 2014-08-19 11:26 - 00000000 ____D () C:\Qoobox
2014-08-19 11:24 - 2014-08-19 11:23 - 05572251 ____R (Swearware) C:\Users\shehzad\Desktop\ComboFix.exe
2014-08-19 11:00 - 2014-08-18 17:30 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1376075522.job
2014-08-19 10:56 - 2014-08-19 10:56 - 02101760 _____ (Farbar) C:\Users\shehzad\Desktop\FRST64.exe
2014-08-19 10:10 - 2014-08-19 10:10 - 00003136 _____ () C:\Windows\System32\Tasks\{BF7A24A6-12B9-4E7A-9B74-D68A66471EF5}
2014-08-19 10:04 - 2014-08-19 10:04 - 00000384 _____ () C:\Windows\wininit.ini
2014-08-19 10:04 - 2014-08-19 09:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 09:23 - 2014-08-19 09:23 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 09:23 - 2014-08-19 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 09:23 - 2014-08-19 09:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4.exe
2014-08-19 09:22 - 2014-08-19 09:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\shehzad\Downloads\spybot-2.4 (1).exe
2014-08-18 23:37 - 2011-02-10 21:25 - 00699634 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 23:37 - 2011-02-10 21:25 - 00149516 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 23:37 - 2009-07-14 07:13 - 01621276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-18 20:52 - 2014-08-18 20:52 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\shehzad\Downloads\avira_de_av___ws.exe
2014-08-18 20:37 - 2014-08-18 20:36 - 00373256 _____ () C:\Windows\Minidump\081814-37237-01.dmp
2014-08-18 20:36 - 2014-04-15 18:11 - 617677318 _____ () C:\Windows\MEMORY.DMP
2014-08-18 20:36 - 2014-04-15 18:11 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 20:30 - 2014-08-18 20:29 - 01700736 _____ () C:\Windows\Minidump\081814-39577-01.dmp
2014-08-18 20:27 - 2014-08-18 20:25 - 194045080 _____ (Kaspersky Lab) C:\Users\shehzad\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-08-18 20:20 - 2014-08-18 20:19 - 00013680 _____ () C:\Windows\diagwrn.xml
2014-08-18 20:20 - 2014-08-18 20:19 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-18 20:19 - 2009-07-14 06:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-18 20:10 - 2014-08-18 20:10 - 00373528 _____ () C:\Windows\Minidump\081814-38547-01.dmp
2014-08-18 20:08 - 2014-08-18 20:08 - 00001080 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 20:08 - 2014-02-08 23:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-18 20:07 - 2014-02-08 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 19:25 - 2014-08-18 19:25 - 00640616 _____ () C:\Windows\Minidump\081814-23088-01.dmp
2014-08-18 19:17 - 2014-08-18 19:16 - 01700736 _____ () C:\Windows\Minidump\081814-27799-01.dmp
2014-08-18 19:06 - 2014-08-18 19:06 - 00373528 _____ () C:\Windows\Minidump\081814-28875-01.dmp
2014-08-18 18:07 - 2014-08-18 18:07 - 01044672 _____ () C:\Windows\Minidump\081814-36207-01.dmp
2014-08-18 18:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-18 12:40 - 2014-06-25 16:07 - 00001471 _____ () C:\Users\alisha\Desktop\Play Now Radio.lnk
2014-08-18 09:41 - 2013-10-10 21:13 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\Skype
2014-08-17 23:22 - 2013-10-09 13:04 - 00000000 ____D () C:\Users\shehzad\AppData\Roaming\SoftGrid Client
2014-08-17 19:24 - 2013-10-09 21:28 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-08-17 19:01 - 2014-02-18 22:33 - 00000492 _____ () C:\ProgramData\lxeeDiagnostics.log
2014-08-17 14:34 - 2014-08-11 17:39 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\Desktop\Geschichten
2014-08-17 14:34 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\SoftGrid Client
2014-08-16 08:44 - 2013-10-09 12:57 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 18:43 - 2014-08-15 18:43 - 00113815 _____ () C:\Users\shehzad\Downloads\Familienfuersorge Lebensversicherung Mail-Info 965294842-T-71.zip
2014-08-14 19:10 - 2014-03-19 09:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 19:10 - 2014-03-19 09:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-14 19:10 - 2011-06-28 01:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 09:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 09:44 - 2013-10-17 16:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 09:37 - 2011-02-10 22:56 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 09:32 - 2014-05-06 18:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 12:15 - 2014-08-12 12:15 - 00000601 _____ () C:\Users\shehzad\Downloads\umsatz-5232________6593-20140812.csv
2014-08-11 17:36 - 2014-08-11 17:36 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\SoftGrid Client
2014-08-11 17:30 - 2014-08-11 17:30 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\{F8077320-0BB0-414E-B46A-9C1AABE7B94C}
2014-08-11 17:22 - 2014-08-11 17:22 - 23647099 _____ () C:\Users\Sarah.shehzad-PC\Downloads\WestCoastNZIanRushton.themepack
2014-08-11 17:21 - 2014-08-11 17:21 - 05000883 _____ () C:\Users\Sarah.shehzad-PC\Downloads\BeautyHongKongWilsonAu.themepack
2014-08-11 17:18 - 2014-08-11 17:18 - 15412792 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Hawaii.themepack
2014-08-11 17:17 - 2014-08-11 17:17 - 10212996 _____ () C:\Users\Sarah.shehzad-PC\Downloads\PanoramicWaves.deskthemepack
2014-08-11 17:17 - 2014-08-11 17:17 - 03391991 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Brazil.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 17781878 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Rainbows.themepack
2014-08-11 17:16 - 2014-08-11 17:16 - 14012484 _____ () C:\Users\Sarah.shehzad-PC\Downloads\SaltLakesDeadSea.themepack
2014-08-11 17:14 - 2014-08-11 17:14 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah.shehzad-PC\Downloads\DefaultPack.EXE
2014-08-11 17:13 - 2014-08-11 17:13 - 02877643 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Lovebirds.themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy (1).themepack
2014-08-11 17:12 - 2014-08-11 17:12 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (2).themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers.themepack
2014-08-11 17:11 - 2014-08-11 17:11 - 04396799 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Tigers (1).themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 12632044 _____ () C:\Users\Sarah.shehzad-PC\Downloads\Calligraphy.themepack
2014-08-11 17:10 - 2014-08-11 17:10 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast (1).themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 07122824 _____ () C:\Users\Sarah.shehzad-PC\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 17:09 - 2014-08-11 17:09 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Avira
2014-08-11 17:04 - 2014-08-11 17:04 - 00001429 _____ () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 17:04 - 2014-08-11 17:04 - 00000020 ___SH () C:\Users\Sarah.shehzad-PC\ntuser.ini
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Vorlagen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Startmenü
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Netzwerkumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Lokale Einstellungen
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Eigene Dateien
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Druckumgebung
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Musik
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Documents\Eigene Bilder
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Verlauf
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\AppData\Local\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 _SHDL () C:\Users\Sarah.shehzad-PC\Anwendungsdaten
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Roaming\Adobe
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\Power2Go
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\ATI
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC\AppData\Local\AMD
2014-08-11 17:04 - 2014-08-11 17:04 - 00000000 ____D () C:\Users\Sarah.shehzad-PC
2014-08-11 11:48 - 2014-08-11 11:47 - 12632044 _____ () C:\Users\Sarah\Downloads\Calligraphy.themepack
2014-08-11 11:47 - 2014-08-11 11:47 - 16501035 _____ () C:\Users\Sarah\Downloads\NYCityscapesJohnnyWLam.themepack
2014-08-11 11:46 - 2014-08-11 11:46 - 07122824 _____ () C:\Users\Sarah\Downloads\LightPaintingLayonerBeast.themepack
2014-08-11 11:46 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack (1).EXE
2014-08-11 11:45 - 2014-08-11 11:45 - 09607304 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\DefaultPack.EXE
2014-08-08 20:26 - 2014-04-27 14:48 - 00654336 ___SH () C:\Users\shehzad\Downloads\Thumbs.db
2014-08-07 17:35 - 2014-08-07 17:34 - 01101648 _____ () C:\Users\shehzad\Downloads\CHIP MP3 Converter for YouTube - CHIP-Installer.exe
2014-08-07 14:20 - 2013-10-10 21:12 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 04:06 - 2014-08-13 08:13 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 08:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\InstallShield
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 14:02 - 2014-08-04 14:02 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{AB42A2CD-DFB9-462B-9843-26E87BDEC644}
2014-08-01 21:44 - 2014-08-01 21:43 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{900D8FF8-BE35-42B7-98D0-7F902D36CB94}
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-08-01 18:13 - 2014-08-01 18:13 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-08-01 11:41 - 2014-08-01 11:41 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Avira
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\AMD
2014-08-01 11:36 - 2014-08-01 11:36 - 00001429 _____ () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ATI
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Power2Go
2014-08-01 11:36 - 2014-08-01 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ATI
2014-08-01 11:36 - 2014-08-01 11:35 - 00000000 ____D () C:\Users\Sarah
2014-08-01 11:35 - 2014-08-01 11:35 - 00000020 ___SH () C:\Users\Sarah\ntuser.ini
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Vorlagen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Startmenü
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Netzwerkumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Lokale Einstellungen
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Eigene Dateien
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Druckumgebung
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Musik
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Documents\Eigene Bilder
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Verlauf
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\AppData\Local\Anwendungsdaten
2014-08-01 11:35 - 2014-08-01 11:35 - 00000000 _SHDL () C:\Users\Sarah\Anwendungsdaten
2014-08-01 01:41 - 2014-08-13 08:19 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 08:19 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 22:06 - 2014-05-30 20:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-29 13:19 - 2014-07-29 13:19 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{96EF72E1-2343-4D24-8250-7066177309E4}
2014-07-27 16:54 - 2014-07-27 16:54 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{20796B98-8A1E-417C-B3CC-CABBED48B3D2}
2014-07-27 10:02 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 16:52 - 2014-08-13 08:19 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 08:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 08:19 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 08:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 08:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 08:19 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 08:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 08:19 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 08:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 08:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 08:19 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 08:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 08:19 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 08:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 08:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 08:19 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 08:19 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 08:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 08:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 08:19 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 08:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 08:19 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 08:19 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 14:00 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\shehzad\AppData\Local\{C5C32DFF-B1EA-46A4-A865-E74AF662A63E}
2014-07-25 13:52 - 2014-08-13 08:19 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 08:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 08:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 08:19 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 08:19 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 08:19 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 08:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 08:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 08:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 08:19 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 08:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 08:19 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 08:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 08:19 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 08:19 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 08:19 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 08:19 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 08:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 08:19 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 08:19 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

Some content of TEMP:
====================
C:\Users\shehzad\AppData\Local\temp\avgnt.exe
C:\Users\shehzad\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 00:46

==================== End Of Log ============================
         
--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by shehzad at 2014-08-19 13:51:04
Running from C:\Users\shehzad\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.114 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.684.213 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2011.0707.2346.40825 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60707.2331 - ATI Technologies Inc.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
ccc-utility64 (Version: 2011.0707.2346.40825 - ATI) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Lexmark Pro700 Series (HKLM\...\Lexmark Pro700 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
ScanTack (HKLM\...\ScanTack) (Version: 2014.05.30.150643 - ScanTack) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Total Uninstall 6.4.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.4.1 - Gavrila Martau)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-08-2014 07:31:55 Windows Update
13-08-2014 22:58:41 Windows Update
19-08-2014 06:15:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-19 12:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {086B95EC-772B-46F8-9998-CA84BFB4E4E6} - System32\Tasks\{AB159400-B175-49A2-94DD-122F7F00803B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {2391C03B-B2B2-433B-AE53-CAF315333589} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {245BD3E0-0A38-4C22-A067-00BEFBF3AF4D} - System32\Tasks\{7FAC5E21-9611-4111-9AD0-9D97CADFEF1A} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Burning Studio\burningstudio.exe [2010-03-19] ()
Task: {2AEF6088-AABA-49F3-8B53-6F6E08D932E5} - System32\Tasks\Price Meter Updater => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2F02C421-B7DE-423A-BF8C-9F80036F12B2} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: {304F45BD-2640-46D9-B248-7E91A6C1D676} - System32\Tasks\Play Now Radio => C:\Users\alisha\AppData\Local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe
Task: {31FB817F-2FC0-415B-B5CA-E0EE0CDDC864} - System32\Tasks\UpdaterEX => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {327513AD-B4F9-44A8-B435-0717FB6DB6BE} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {341323E9-DF92-4EEA-BE92-505AB3D9F4B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4EA0FF40-41E3-4EFD-BA67-6D0AE8749039} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {5187A258-5AA6-4BF4-BA54-8A2A814D0600} - System32\Tasks\{52AFAD36-978D-4DB5-9133-31C5BBBB3A9E} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {532F9F3C-359F-46DC-B432-CCAE93BF3618} - System32\Tasks\{7DCD380B-BDDC-4D3C-BBB0-9E05D0B393DD} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {5D8E38BA-48DA-431A-AC31-2A100B09E11D} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: {6823D1BE-37A5-4453-81BB-5875424FFE58} - System32\Tasks\{6E6F044E-E1C1-48C5-8846-C98A6C6FF79F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {68C643DA-560C-4058-BF85-A21016BBCAF8} - System32\Tasks\{B311DB15-409C-4F5C-A2CA-3B96D0E9B8B3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7CD7EA51-3752-413A-8777-F226BD217065} - System32\Tasks\{F9FF6C01-0F77-4892-90C1-AB11BA9A8473} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7FB3FC1A-9834-4E66-B6D0-AD2F6F35F92C} - System32\Tasks\{C3BFF0CF-95D8-4225-8394-302BDEAC466F} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Snap\ashsnap.exe [2010-03-20] (ashampoo GmbH & Co. KG)
Task: {972D1880-A511-4429-B032-2831AA653B9F} - System32\Tasks\{351A3EDF-51A8-4161-B94C-89F4378A7A26} => C:\Program Files (x86)\Flash Player Pro\Flash Player Pro.exe
Task: {A180C3BE-BEA5-4087-B299-0AD0742565A2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {AB067E2C-2D59-4792-AEA7-93A327E00451} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated)
Task: {AC92E9BF-6D2B-4A32-886C-355E339224BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {BC4C52EA-90B6-4908-A357-2E7C4015E94A} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: {C4EFD966-1A90-4852-ADEF-90CD7494C73C} - System32\Tasks\{7F6C8D6A-E32F-45D7-B3BC-249B17FAB4C4} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {C8A99DFA-96D1-400C-8C1A-D8A12CCB5AB1} - System32\Tasks\{25253F42-D79C-4472-AF27-D41A3824C54D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Commander\apc.exe [2010-03-16] (ashampoo GmbH & Co. KG)
Task: {CB91BCB8-2627-4EB3-9EDC-E6D3EABD0DAA} - System32\Tasks\{C6C20EFD-3F5D-4974-A65A-EF9F37C21E87} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.60.106/de/eula
Task: {D5654A96-C6E5-4193-BEEC-CD6C1E229855} - System32\Tasks\FF Watcher {1DB6657B-232F-495A-B46A-89F94D0B7CE5} => C:\Program Files\V-bates\PrefHelper.exe
Task: {DABEEC72-2BD2-4E20-BE0B-3219A53931DE} - System32\Tasks\{F9DF7985-8072-4D9B-8A2D-6F3FC176F73B} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2010-09-29] (ATI Technologies Inc.)
Task: {DBAB8BC7-8391-4A21-9603-35F84C745E33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DC45EE92-694F-499D-9936-4E79967B4AC3} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4 => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: {E813E246-C5F7-43B4-AB05-4D5C3BE79134} - System32\Tasks\{DD6357C3-9F85-4003-83FE-5EA5E4094F54} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {ECFED13C-77B7-4525-BE1B-2D476C34AB5B} - System32\Tasks\{D7523B32-B93F-4528-9BF6-EFA32E0EF58D} => C:\Program Files (x86)\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe [2010-08-27] ()
Task: {F290E9C5-55DB-40AA-9AD4-79E5EB43B5FB} - System32\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {F294E5FA-4CE9-454F-B3DA-2B420CEAB505} - System32\Tasks\pricemeterdownloader => C:\Users\shehzad\AppData\Local\PriceMeter\pricemeterd.exe
Task: {FB2F5B85-9BE2-4898-8F8D-A64DC93D0A26} - System32\Tasks\{DC04D699-98E2-4552-9CA2-E168BBA0723B} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {FF008A85-FAAB-42B3-9C6E-6E0A28109C87} - System32\Tasks\{60C667F5-2886-4333-863B-AC1AE3BECC4F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job => C:\Program Files (x86)\MediaPlayerplus\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Price Meter Updater.job => C:\Users\shehzad\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1376075522.job => C:\Users\shehzad\AppData\Roaming\Vodeka\piarudx.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\shehzad\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-10-09 21:28 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
2011-07-08 08:36 - 2011-07-08 08:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-02-08 23:02 - 2013-01-30 16:25 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
2014-02-08 23:02 - 2013-01-30 16:25 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
2011-07-08 08:36 - 2011-07-08 08:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-08 08:44 - 2011-07-08 08:44 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-16 11:42 - 2009-12-16 11:42 - 00205824 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeemicro.dll
2010-04-01 17:30 - 2010-04-01 17:30 - 01558528 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeedrs64.dll
2009-03-10 05:44 - 2009-03-10 05:44 - 00015360 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeecaps64.dll
2014-02-08 23:02 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
2014-02-08 23:02 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
2014-02-08 23:02 - 2009-05-27 08:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecats.dll
2014-02-08 23:02 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeDRS.dll
2014-02-08 23:02 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
2009-02-20 08:48 - 2009-02-20 08:48 - 00381440 _____ () C:\Windows\system32\lxeesm.dll
2009-04-28 07:56 - 2009-04-28 07:56 - 00024064 _____ () C:\Windows\system32\lxeesmr.dll
2014-02-08 23:02 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epwizard.DLL
2014-02-08 23:02 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
2014-02-08 23:02 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Eputil.DLL
2014-02-08 23:02 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Imagutil.DLL
2014-02-08 23:02 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epfunct.DLL
2014-02-08 23:02 - 2009-06-23 07:09 - 02203648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPWizRes.dll
2014-02-08 23:02 - 2009-06-23 07:10 - 00045056 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
2014-02-08 23:02 - 2009-06-23 07:11 - 00102400 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPOEMDll.dll
2014-02-08 23:02 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
2014-02-08 23:02 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-08-19 09:22 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-19 09:22 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-19 09:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-19 09:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 08:44 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 08:43 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2014 01:50:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00724909
ID des fehlerhaften Prozesses: 0x11e4
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (08/19/2014 01:33:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78e2b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00394909
ID des fehlerhaften Prozesses: 0x11b8
Startzeit der fehlerhaften Anwendung: 0xcmd.exe0
Pfad der fehlerhaften Anwendung: cmd.exe1
Pfad des fehlerhaften Moduls: cmd.exe2
Berichtskennung: cmd.exe3

Error: (08/19/2014 01:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca28
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02084909
ID des fehlerhaften Prozesses: 0x724
Startzeit der fehlerhaften Anwendung: 0xregsvr32.exe0
Pfad der fehlerhaften Anwendung: regsvr32.exe1
Pfad des fehlerhaften Moduls: regsvr32.exe2
Berichtskennung: regsvr32.exe3

Error: (08/19/2014 01:20:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x034b4909
ID des fehlerhaften Prozesses: 0xf20
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (08/19/2014 01:04:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e64909
ID des fehlerhaften Prozesses: 0x175c
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (08/19/2014 00:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.307.exe, Version: 3.3.0.6, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x022d4909
ID des fehlerhaften Prozesses: 0x7f0
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.307.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.307.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.307.exe2
Berichtskennung: adwcleaner_3.307.exe3

Error: (08/19/2014 00:55:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.307.exe, Version: 3.3.0.6, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00284909
ID des fehlerhaften Prozesses: 0x1134
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.307.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.307.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.307.exe2
Berichtskennung: adwcleaner_3.307.exe3

Error: (08/19/2014 00:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.5.13, Zeitstempel: 0x532807b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01e24909
ID des fehlerhaften Prozesses: 0x165c
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (08/19/2014 00:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78e2b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01f64909
ID des fehlerhaften Prozesses: 0x17a8
Startzeit der fehlerhaften Anwendung: 0xcmd.exe0
Pfad der fehlerhaften Anwendung: cmd.exe1
Pfad des fehlerhaften Moduls: cmd.exe2
Berichtskennung: cmd.exe3

Error: (08/19/2014 00:10:04 PM) (Source: Application Virtualization Client) (EventID: 2005) (User: )
Description: Der Application Virtualization-Kerndienst konnte keinen Kontakt mit dem Dienststeuerungsverteiler aufnehmen.


System errors:
=============
Error: (08/19/2014 01:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/19/2014 01:45:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/19/2014 01:45:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/19/2014 01:45:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeeCATSCustConnectService erreicht.

Error: (08/19/2014 01:39:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/19/2014 01:39:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/19/2014 01:39:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/19/2014 01:39:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/19/2014 01:39:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/19/2014 01:39:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (08/19/2014 01:50:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c00000050072490911e401cfbba3c55aad12C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknown044af317-2797-11e4-b1f4-8c89a557884c

Error: (08/19/2014 01:33:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmd.exe6.1.7601.175144ce78e2bunknown0.0.0.000000000c00000050039490911b801cfbba0f69d804cC:\Windows\SysWOW64\cmd.exeunknowna4ecf834-2794-11e4-ab8d-8c89a557884c

Error: (08/19/2014 01:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.1.7600.163854a5bca28unknown0.0.0.000000000c00000050208490972401cfbba095a10b82C:\Windows\SysWOW64\regsvr32.exeunknownd57112e1-2793-11e4-ab8d-8c89a557884c

Error: (08/19/2014 01:20:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c0000005034b4909f2001cfbb9d3b1ee5f5C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeunknownc98ae6c7-2792-11e4-b397-8c89a557884c

Error: (08/19/2014 01:04:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e64909175c01cfbb9d67dd53a3C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknowna674c6cc-2790-11e4-b397-8c89a557884c

Error: (08/19/2014 00:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.307.exe3.3.0.64f25baecunknown0.0.0.000000000c0000005022d49097f001cfbb9c25ae259eC:\Users\shehzad\Desktop\adwcleaner_3.307.exeunknownad89625f-278f-11e4-9b7a-8c89a557884c

Error: (08/19/2014 00:55:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.307.exe3.3.0.64f25baecunknown0.0.0.000000000c000000500284909113401cfbb9be6616960C:\Users\shehzad\Desktop\adwcleaner_3.307.exeunknown5e0b7ec3-278f-11e4-9b7a-8c89a557884c

Error: (08/19/2014 00:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.5.13532807b9unknown0.0.0.000000000c000000501e24909165c01cfbb96663355cdC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeunknowna41901b4-2789-11e4-8129-8c89a557884c

Error: (08/19/2014 00:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmd.exe6.1.7601.175144ce78e2bunknown0.0.0.000000000c000000501f6490917a801cfbb961ef4e669C:\Windows\SysWow64\cmd.exeunknown5ee6410c-2789-11e4-8129-8c89a557884c

Error: (08/19/2014 00:10:04 PM) (Source: Application Virtualization Client) (EventID: 2005) (User: )
Description: 


CodeIntegrity Errors:
===================================
  Date: 2014-08-19 11:40:11.861
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-19 11:40:11.781
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-07 09:39:07.504
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.502
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.500
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.476
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-07 09:39:07.474
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-05 16:30:47.329
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-05 16:30:47.329
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD A8-3800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 47%
Total physical RAM: 3576.13 MB
Available physical RAM: 1861.71 MB
Total Pagefile: 7150.45 MB
Available Pagefile: 4840.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:830 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:19.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5183A2EF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         

Alt 19.08.2014, 13:02   #12
M-K-D-B
/// TB-Ausbilder
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Servus,



ok, dann nehmen wir mal ein anderes Tool her... solange der Trojaner noch aktiv ist, wird er wohl die anderen Programme blockieren.
Anschließend kontrollieren wir wieder mit FRST.





Schritt 1
Lade dir bitte BlitzBlank (von Emsisoft) herunter und speichere es auf den Desktop.
  • Starte die BlitzBlank.exe und bestätige die Warnung mit OK.
  • Wechsle in den Reiter Script.
  • Kopiere nun folgenden Inhalt aus der Codebox und füge ihn ins Textfeld von BlitzBlank ein:
    Code:
    ATTFilter
    DeleteFile:
    C:\ProgramData\UhpeRfefh\UhpeRfefh.dat
    "C:\Windows\Tasks\Security Center Update - 1376075522.job"
    
    DeleteFolder:
    C:\ProgramData\UhpeRfefh
    C:\Users\shehzad\AppData\Roaming\Vodeka
    
    DeleteRegValue:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\UhpeRfefh
             
  • Schließe jetzt alle anderen laufenden Programme und Anwendungen.
  • Drücke dann auf Jetzt ausführen.
  • Bestätige die Warnung und den Neustart jeweils mit OK. Der Rechner wird neu gestartet.
  • Nach dem Neustart findest du ein Logfile unter C:\blitzblank.log.
    Poste dessen Inhalt bitte hier in deinen Thread.





Schritt 2
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von BlitzBlank
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 19.08.2014, 13:13   #13
PoWi
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



BlitzBlank meldet einen Fehler wenn ich auf ausführen klicke:
Syntax Fehler in Zeile 7, Ungültiger Ordnerpfad

Alt 19.08.2014, 13:15   #14
M-K-D-B
/// TB-Ausbilder
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Zitat:
Zitat von PoWi Beitrag anzeigen
BlitzBlank meldet einen Fehler wenn ich auf ausführen klicke:
Syntax Fehler in Zeile 7, Ungültiger Ordnerpfad
Ok, dann versuchs mal bitte mit dieser Code-Box:

Code:
ATTFilter
DeleteFile:
C:\ProgramData\UhpeRfefh\UhpeRfefh.dat
"C:\Windows\Tasks\Security Center Update - 1376075522.job"

DeleteFolder:
C:\ProgramData\UhpeRfefh

DeleteRegValue:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\UhpeRfefh
         
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 19.08.2014, 13:18   #15
PoWi
 
AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Standard

AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet



Syntax Fehler in Zeile 9, ungültiger Registry Wert

das ist doch gut, dass die Dinge nicht mehr vorhanden sind, oder? :P

Antwort

Themen zu AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet
4d36e972-e325-11ce-bfc1-08002be10318, blockiert, converter, durch gruppenrichtlinie blockiert, gruppenrichtlinie blockiert, js/toolbar.crossrider.b, msil/toolbar.linkury.f, msil/toolbar.linkury.g, newtab, quick_start, refresh, safer networking, shopping helper smartbar, sich automatisch, win32/adware.eorezo.aj, win32/adware.eorezo.aw, win32/anyprotect.d, win32/browsefox.c, win32/browsefox.f, win32/browsefox.h, win32/dealply.g, win32/dealply.l, win32/dealply.n, win32/domaiq.bb, win32/elex.av, win32/optimizerelitemax.b, win32/packed.vmdetector.e, win32/psw.papras.dj, win32/spy.zbot.aba, win32/systweak.g, win32/thinknice.a, win32/thinknice.b, win32/toolbar.montiera.k



Ähnliche Themen: AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet


  1. AntiVir kann nicht geöffnet werden. (Dieses Programm wurde durch eine Gruppenrichtlinie blockiert..
    Plagegeister aller Art und deren Bekämpfung - 14.06.2015 (22)
  2. Avg durch Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (18)
  3. Avira Antivir wird durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 05.01.2015 (11)
  4. AntiVir und Malwarebytes werden durch eine Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 19.11.2014 (11)
  5. Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir
    Log-Analyse und Auswertung - 18.11.2014 (7)
  6. Win 7: Avast Antivir Fehler "dieses Programm wurde durch eine Gruppenrichtlinie blockiert [...]"
    Log-Analyse und Auswertung - 08.10.2014 (8)
  7. Avira Antivir dieses programm wurde durch eine gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.09.2014 (1)
  8. AntiVir: Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 26.08.2014 (11)
  9. Antivir wird durch eine Gruppenrichtlinie blockiert.
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (13)
  10. AntiVir durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 27.06.2014 (10)
  11. Dieses Programm wurde durch eine Gruppenrichtlinie blockiert... Avast und Antivir lassen sich nicht mehr starten!
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (17)
  12. Antivir durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 21.06.2014 (25)
  13. Fehlermeldung AntiVir: Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 04.06.2014 (10)
  14. Avira Antivir und MBAM werden durch Gruppenrichtlinien blockiert und lassen sich dadurch nicht starten
    Log-Analyse und Auswertung - 04.06.2014 (10)
  15. Antivir wird durch eine Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 01.06.2014 (9)
  16. win 7 32bit, erst wurde antivir durch Gruppenrichtlinie blockiert, nun kein internetexplorer mehr, u.a.
    Log-Analyse und Auswertung - 29.05.2014 (15)
  17. Antivir durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 13.05.2014 (15)

Zum Thema AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet - Hallo zusammen, beim Starten meines Anti-Vir Programmes öffnet sich die Fehlermeldung: "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert." Außerdem öffnen sich automatisch mit einer gewissen Regelmäßigkeit Downloads von JScript-Dateien namens - AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet...
Archiv
Du betrachtest: AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.