Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Goodgames Empire

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.02.2014, 12:34   #1
Ursel
 
Goodgames Empire - Standard

Goodgames Empire



Hallo ihr lieben, bin ein absoluter PC laie und habe heute auf meinem PC auf einmal Goodgames Empire gefunden. Da ich absolut nicht weiß, wie das Spiel auf meinem PC gelandet ist, hoffe ich, das mir hier einer helfen kann. Bitte für doofis erklärt. Habe weder vor das Spiel zu spielen, noch möchte ich es auf dem Laptpo haben. Habe schon in den Systemsteuerungen gesucht und nicht gefunden. CClener auch nicht.
Würde mich über jede Hilfe freuen.

Alt 24.02.2014, 14:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Goodgames Empire - Standard

Goodgames Empire



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 24.02.2014, 16:04   #3
Ursel
 
Goodgames Empire - Standard

Goodgames Empire



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 02
Ran by Ursel (administrator) on URSEL-PC on 24-02-2014 15:54:49
Running from C:\Users\Ursel\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(iMesh, Inc) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-29] (CyberLink)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Ursel\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [iMesh] - C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe [31010816 2013-11-20] (iMesh, Inc)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {70db10cf-b64c-11e1-a97a-485d60d37cf5} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {7a5a2cb6-4821-11e1-a75a-00262dc3bced} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {817083ba-2cdd-11e0-9b27-806e6f6e6963} - E:\AutoPlay.exe -auto
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {964b8874-2fc8-11e0-9df2-485d60d37cf5} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {c0d821c4-6484-11e1-b7b9-00262dc3bced} - F:\Setup.exe
Startup: C:\Users\Ursel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4812_6&babsrc=SP_ss&mntrId=ca8fa28900000000000000262dc3bced
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C6C7B56A-7496-4934-91A2-BCDE5DFA33E1}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default
FF user.js: detected! => C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&SSPV=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll (iMesh)
FF SearchPlugin: C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\Extensions\staged [2014-02-24]
FF Extension: WEB.DE MailCheck - C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\Extensions\toolbar@web.de.xpi [2012-02-06]

Chrome: 
=======
CHR HomePage: http:\/\/search.conduit.com\/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: http:\/\/search.conduit.com\/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: 
CHR Extension: (Google Wallet) - C:\Users\Ursel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH)
S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-24 15:54 - 2014-02-24 15:56 - 00019271 _____ () C:\Users\Ursel\Downloads\FRST.txt
2014-02-24 15:54 - 2014-02-24 15:54 - 00000000 ____D () C:\ProgramData\1E2C0
2014-02-24 15:53 - 2014-02-24 15:54 - 00000000 ___DC () C:\FRST
2014-02-24 15:51 - 2014-02-24 15:51 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64.exe
2014-02-24 15:48 - 2014-02-24 15:48 - 00001280 _____ () C:\Users\Public\Desktop\Free Games.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00001186 _____ () C:\Users\Ursel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00001156 _____ () C:\Users\Ursel\Desktop\iMesh.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\Documents\My Received Files
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\MusicNet
2014-02-24 15:47 - 2014-02-24 15:54 - 00000000 ____D () C:\Users\Ursel\AppData\Local\iMesh
2014-02-24 15:47 - 2014-02-24 15:47 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
2014-02-24 15:43 - 2014-02-24 15:43 - 01431792 _____ (iMesh Inc) C:\Users\Ursel\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-24 08:27 - 2014-02-24 08:27 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\AVG2014
2014-02-24 08:26 - 2014-02-24 08:26 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-24 08:25 - 2014-02-24 08:47 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-24 08:25 - 2014-02-24 08:25 - 00000000 __HDC () C:\$AVG
2014-02-24 08:24 - 2014-02-24 08:24 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-24 08:21 - 2014-02-24 15:13 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-24 08:21 - 2014-02-24 08:30 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Avg2014
2014-02-24 08:21 - 2014-02-24 08:21 - 04435768 _____ (AVG Technologies) C:\Users\Ursel\Downloads\avg_avct_stb_all_2014_4259_cm10.exe
2014-02-24 08:21 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\MFAData
2014-02-24 07:58 - 2014-02-24 08:04 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Lollipop
2014-02-24 07:57 - 2014-02-24 07:57 - 00118784 _____ () C:\Windows\system32\liokinfo.exe
2014-02-24 07:51 - 2014-02-24 07:51 - 00000000 ____C () C:\END
2014-02-24 07:50 - 2014-02-24 07:50 - 00000148 _____ () C:\Users\Ursel\Desktop\Goodgame Empire.url
2014-02-24 07:50 - 2014-02-24 07:50 - 00000000 ____D () C:\Users\Ursel\AppData\Local\DownloadGuide
2014-02-24 07:48 - 2014-02-24 07:48 - 00689352 _____ () C:\Users\Ursel\Downloads\AVG-Anti-Virus-Free_Setup_Download.exe
2014-02-22 20:28 - 2014-02-22 20:28 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Ursel-PC-Ursel
2014-02-22 20:28 - 2014-02-22 20:28 - 00000000 ____D () C:\Users\Ursel\Documents\NewBlueFX
2014-02-22 14:09 - 2014-02-23 17:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-21 19:18 - 2014-02-21 19:18 - 00016311 _____ () C:\Users\Ursel\Downloads\Bundesschau 2014.odt
2014-02-12 15:07 - 2014-02-12 15:07 - 00000000 ___DC () C:\Program Files\McAfee Security Scan
2014-02-12 06:19 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 06:19 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 06:18 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 06:18 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 06:18 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 06:18 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 06:18 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 06:18 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 06:18 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 06:18 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 06:18 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 06:18 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 06:18 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 06:18 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 06:18 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 06:18 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 06:18 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 06:18 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 06:18 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 06:18 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 06:18 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 06:18 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 06:18 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 06:18 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 06:18 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 06:18 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 06:18 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 06:18 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 06:18 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 06:18 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 06:18 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 06:18 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 06:18 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 06:18 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 06:18 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 06:18 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 06:18 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 06:18 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 06:18 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 06:18 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 06:18 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 05:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 05:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 05:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 05:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 05:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 05:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 05:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 05:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 05:53 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 05:53 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 05:53 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 05:53 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 05:53 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 05:53 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 05:53 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 05:53 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 05:53 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 05:53 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-06 15:32 - 2014-02-06 15:32 - 00283120 _____ (Mozilla) C:\Users\Ursel\Downloads\Firefox Setup Stub 27.0.exe
2014-01-31 06:22 - 2014-01-31 06:22 - 00957112 _____ (Microsoft Corporation) C:\Users\Ursel\Downloads\SaveAsPDFandXPS.exe

==================== One Month Modified Files and Folders =======

2014-02-24 15:56 - 2014-02-24 15:54 - 00019271 _____ () C:\Users\Ursel\Downloads\FRST.txt
2014-02-24 15:56 - 2012-08-20 05:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-24 15:54 - 2014-02-24 15:54 - 00000000 ____D () C:\ProgramData\1E2C0
2014-02-24 15:54 - 2014-02-24 15:53 - 00000000 ___DC () C:\FRST
2014-02-24 15:54 - 2014-02-24 15:47 - 00000000 ____D () C:\Users\Ursel\AppData\Local\iMesh
2014-02-24 15:51 - 2014-02-24 15:51 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64.exe
2014-02-24 15:48 - 2014-02-24 15:48 - 00001280 _____ () C:\Users\Public\Desktop\Free Games.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00001186 _____ () C:\Users\Ursel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00001156 _____ () C:\Users\Ursel\Desktop\iMesh.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\Documents\My Received Files
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\MusicNet
2014-02-24 15:47 - 2014-02-24 15:47 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
2014-02-24 15:43 - 2014-02-24 15:43 - 01431792 _____ (iMesh Inc) C:\Users\Ursel\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-24 15:30 - 2011-01-30 18:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 15:18 - 2011-01-30 18:02 - 01969110 _____ () C:\Windows\WindowsUpdate.log
2014-02-24 15:17 - 2014-01-21 06:23 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-24 15:16 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 15:16 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 15:13 - 2014-02-24 08:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-24 15:12 - 2014-01-21 06:25 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\newnext.me
2014-02-24 15:11 - 2011-01-30 18:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 15:09 - 2011-12-12 08:07 - 00074717 _____ () C:\Windows\setupact.log
2014-02-24 15:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-24 15:08 - 2012-07-31 04:45 - 00078770 _____ () C:\Windows\PFRO.log
2014-02-24 11:55 - 2011-10-03 16:05 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Skype
2014-02-24 09:19 - 2012-07-19 19:36 - 00000000 __SHD () C:\Users\Ursel\AppData\Roaming\.#
2014-02-24 09:19 - 2012-07-19 19:36 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\ALDI_SUED_Mah_Jong
2014-02-24 08:47 - 2014-02-24 08:25 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-24 08:42 - 2014-01-21 06:23 - 00000173 _____ () C:\Users\Ursel\AppData\Roaming\WB.CFG
2014-02-24 08:30 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Avg2014
2014-02-24 08:27 - 2014-02-24 08:27 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\AVG2014
2014-02-24 08:26 - 2014-02-24 08:26 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-24 08:26 - 2014-01-22 06:01 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\TuneUp Software
2014-02-24 08:25 - 2014-02-24 08:25 - 00000000 __HDC () C:\$AVG
2014-02-24 08:24 - 2014-02-24 08:24 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-24 08:21 - 2014-02-24 08:21 - 04435768 _____ (AVG Technologies) C:\Users\Ursel\Downloads\avg_avct_stb_all_2014_4259_cm10.exe
2014-02-24 08:21 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\MFAData
2014-02-24 08:04 - 2014-02-24 07:58 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Lollipop
2014-02-24 07:57 - 2014-02-24 07:57 - 00118784 _____ () C:\Windows\system32\liokinfo.exe
2014-02-24 07:51 - 2014-02-24 07:51 - 00000000 ____C () C:\END
2014-02-24 07:50 - 2014-02-24 07:50 - 00000148 _____ () C:\Users\Ursel\Desktop\Goodgame Empire.url
2014-02-24 07:50 - 2014-02-24 07:50 - 00000000 ____D () C:\Users\Ursel\AppData\Local\DownloadGuide
2014-02-24 07:48 - 2014-02-24 07:48 - 00689352 _____ () C:\Users\Ursel\Downloads\AVG-Anti-Virus-Free_Setup_Download.exe
2014-02-24 06:49 - 2011-03-14 12:42 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Adobe
2014-02-24 06:38 - 2009-07-14 05:45 - 03356880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-23 18:15 - 2011-01-30 18:13 - 00080808 _____ () C:\Users\Ursel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-23 17:47 - 2013-06-24 06:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-23 17:44 - 2014-02-22 14:09 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-23 06:10 - 2010-07-07 17:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-22 20:28 - 2014-02-22 20:28 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Ursel-PC-Ursel
2014-02-22 20:28 - 2014-02-22 20:28 - 00000000 ____D () C:\Users\Ursel\Documents\NewBlueFX
2014-02-22 20:28 - 2011-02-06 03:51 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Adobe
2014-02-22 17:34 - 2013-06-24 06:51 - 00000000 ____D () C:\Users\Ursel\Documents\Adobe
2014-02-22 14:07 - 2010-07-07 17:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-22 14:06 - 2013-06-24 06:47 - 00000000 ___DC () C:\Program Files\Adobe
2014-02-21 19:18 - 2014-02-21 19:18 - 00016311 _____ () C:\Users\Ursel\Downloads\Bundesschau 2014.odt
2014-02-21 15:33 - 2011-01-30 18:06 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 05:56 - 2012-08-20 05:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 05:56 - 2012-08-20 05:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 05:56 - 2011-09-02 13:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 18:01 - 2012-11-19 21:23 - 00000000 ____D () C:\Users\Ursel\Documents\IG sach
2014-02-17 19:25 - 2011-01-30 18:06 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 19:25 - 2011-01-30 18:06 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 08:38 - 2013-07-14 06:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 08:36 - 2010-07-07 16:49 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 17:26 - 2012-11-30 14:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 12:16 - 2013-12-21 07:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 08:17 - 2014-01-21 06:23 - 00003232 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-02-14 17:56 - 2010-05-12 09:18 - 00654852 _____ () C:\Windows\system32\perfh007.dat
2014-02-14 17:56 - 2010-05-12 09:18 - 00130434 _____ () C:\Windows\system32\perfc007.dat
2014-02-14 17:56 - 2009-07-14 06:13 - 01500358 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 18:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 15:08 - 2011-09-02 13:03 - 00001935 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-12 15:07 - 2014-02-12 15:07 - 00000000 ___DC () C:\Program Files\McAfee Security Scan
2014-02-11 05:41 - 2011-10-30 19:38 - 00000000 ____D () C:\Users\Ursel\Downloads\schoko-amarena-torte_105049-Dateien
2014-02-11 05:36 - 2012-11-29 19:20 - 00000000 ____D () C:\Users\Ursel\Documents\Hölderlin
2014-02-11 05:36 - 2012-07-13 07:09 - 00000000 ____D () C:\Users\Ursel\Documents\Forum
2014-02-10 12:50 - 2012-11-30 14:48 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-07 05:32 - 2014-01-22 06:13 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-02-06 15:37 - 2013-08-27 20:28 - 00003074 _____ () C:\Windows\System32\Tasks\{7DC17C54-3C81-438E-B75B-44610CC06F91}
2014-02-06 15:37 - 2011-10-03 16:02 - 00003146 _____ () C:\Windows\System32\Tasks\{1A5992A8-71B7-47D7-AB61-1376EF897169}
2014-02-06 15:32 - 2014-02-06 15:32 - 00283120 _____ (Mozilla) C:\Users\Ursel\Downloads\Firefox Setup Stub 27.0.exe
2014-02-06 13:16 - 2014-02-12 06:18 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 06:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 06:18 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 06:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 06:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 06:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 06:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 06:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 06:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 06:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 06:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 06:18 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 06:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 06:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 06:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 06:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 06:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 06:18 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 06:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 06:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 06:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 06:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 06:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 06:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 06:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 06:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 06:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 06:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 06:18 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 06:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 06:18 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 06:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 06:18 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 06:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 06:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 06:18 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 06:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 11:32 - 2011-01-30 18:09 - 00000000 ____D () C:\Users\Ursel
2014-02-03 11:25 - 2012-11-29 19:23 - 00000000 ____D () C:\Users\Ursel\Documents\DOC. Word
2014-02-02 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-02 12:49 - 2012-11-19 08:08 - 00000000 ____D () C:\Users\Ursel\Allerlei
2014-01-31 06:22 - 2014-01-31 06:22 - 00957112 _____ (Microsoft Corporation) C:\Users\Ursel\Downloads\SaveAsPDFandXPS.exe
2014-01-27 07:19 - 2014-01-21 06:23 - 00000005 _____ () C:\Users\Ursel\AppData\Roaming\WBPU-TTL.DAT
2014-01-26 16:32 - 2010-11-02 10:50 - 00000000 ___RD () C:\Users\Public\Desktop\Medion MediaPack

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Ursel\OOo_3.3.0_Win_x86_install-wJRE_de.exe


Some content of TEMP:
====================
C:\Users\Ursel\AppData\Local\Temp\32386uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\70756uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\AskSLib.dll
C:\Users\Ursel\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ursel\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Ursel\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Ursel\AppData\Local\Temp\install_flashplayer11x32_mssa_au_aih.exe
C:\Users\Ursel\AppData\Local\Temp\iv_uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\mpam-1c7fdfb.exe
C:\Users\Ursel\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Ursel\AppData\Local\Temp\nscC118.exe
C:\Users\Ursel\AppData\Local\Temp\nscC6E4.exe
C:\Users\Ursel\AppData\Local\Temp\nsh8CC9.exe
C:\Users\Ursel\AppData\Local\Temp\nsh8FD6.exe
C:\Users\Ursel\AppData\Local\Temp\nsh9331.exe
C:\Users\Ursel\AppData\Local\Temp\nsn3A37.exe
C:\Users\Ursel\AppData\Local\Temp\nsxC406.exe
C:\Users\Ursel\AppData\Local\Temp\readSTILog.dll
C:\Users\Ursel\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Ursel\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Ursel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ursel\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 18:29

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Hilft das?
__________________

Alt 24.02.2014, 21:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Goodgames Empire - Standard

Goodgames Empire



Das andere Log fehlt (additions.txt)
Außerdem fragte ich nach bisherigen Funden, ist bisher auch unbeantwortet.
Jedenfalls so eine Software installiert sich nicht von allein, da muss jmd schon die Seite angesteuert und das Spiel wohl auch angespielt haben. (btw, die Werbung zu diesem game geht mir langsam echt aufn Senkel )
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.02.2014, 18:25   #5
Ursel
 
Goodgames Empire - Standard

Goodgames Empire



Mist, hatte doch heute morgen geantwortet!!
Nun denn, nochmals.
Bisherige Funde habe ich keine, wüsste zumindest nichts. Auf merinem Laptop ist ausser mir keiner, und ich spiele ausser Mah Jong nichts. Verweigere selbst auf FB alle spiele. Mit sicherheit habe ich nicht gespielt. Mir ist das Spiel gestern morgen aufgefallen, nachdem ich eine Spam auf einer HP hatte, die ich als Moderator betreue.
Was mir auffiel, der Log enthält ja schon viele persönliche Daten. Könnt ihr das nach gebrauch löschen?


Alt 26.02.2014, 00:00   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Goodgames Empire - Standard

Goodgames Empire



Zitat:
Könnt ihr das nach gebrauch löschen?
Bitte unsere Mimachregeln lesen. Ohne Logs geht es nicht. => http://www.trojaner-board.de/69886-a...tml#post412358

Unter "3. Informationen vorbereiten "
__________________
--> Goodgames Empire

Alt 26.02.2014, 06:01   #7
Ursel
 
Goodgames Empire - Standard

Goodgames Empire




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 02
Ran by Ursel (administrator) on URSEL-PC on 24-02-2014 15:54:49
Running from C:\Users\Ursel\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(iMesh, Inc) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-29] (CyberLink)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Ursel\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [iMesh] - C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe [31010816 2013-11-20] (iMesh, Inc)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {70db10cf-b64c-11e1-a97a-485d60d37cf5} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {7a5a2cb6-4821-11e1-a75a-00262dc3bced} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {817083ba-2cdd-11e0-9b27-806e6f6e6963} - E:\AutoPlay.exe -auto
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {964b8874-2fc8-11e0-9df2-485d60d37cf5} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {c0d821c4-6484-11e1-b7b9-00262dc3bced} - F:\Setup.exe
Startup: C:\Users\Ursel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4812_6&babsrc=SP_ss&mntrId=ca8fa28900000000000000262dc3bced
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C6C7B56A-7496-4934-91A2-BCDE5DFA33E1}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default
FF user.js: detected! => C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&SSPV=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll (iMesh)
FF SearchPlugin: C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\Extensions\staged [2014-02-24]
FF Extension: WEB.DE MailCheck - C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\Extensions\toolbar@web.de.xpi [2012-02-06]

Chrome: 
=======
CHR HomePage: http:\/\/search.conduit.com\/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: http:\/\/search.conduit.com\/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: 
CHR Extension: (Google Wallet) - C:\Users\Ursel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH)
S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-24 15:54 - 2014-02-24 15:56 - 00019271 _____ () C:\Users\Ursel\Downloads\FRST.txt
2014-02-24 15:54 - 2014-02-24 15:54 - 00000000 ____D () C:\ProgramData\1E2C0
2014-02-24 15:53 - 2014-02-24 15:54 - 00000000 ___DC () C:\FRST
2014-02-24 15:51 - 2014-02-24 15:51 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64.exe
2014-02-24 15:48 - 2014-02-24 15:48 - 00001280 _____ () C:\Users\Public\Desktop\Free Games.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00001186 _____ () C:\Users\Ursel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00001156 _____ () C:\Users\Ursel\Desktop\iMesh.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\Documents\My Received Files
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\MusicNet
2014-02-24 15:47 - 2014-02-24 15:54 - 00000000 ____D () C:\Users\Ursel\AppData\Local\iMesh
2014-02-24 15:47 - 2014-02-24 15:47 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
2014-02-24 15:43 - 2014-02-24 15:43 - 01431792 _____ (iMesh Inc) C:\Users\Ursel\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-24 08:27 - 2014-02-24 08:27 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\AVG2014
2014-02-24 08:26 - 2014-02-24 08:26 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-24 08:25 - 2014-02-24 08:47 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-24 08:25 - 2014-02-24 08:25 - 00000000 __HDC () C:\$AVG
2014-02-24 08:24 - 2014-02-24 08:24 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-24 08:21 - 2014-02-24 15:13 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-24 08:21 - 2014-02-24 08:30 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Avg2014
2014-02-24 08:21 - 2014-02-24 08:21 - 04435768 _____ (AVG Technologies) C:\Users\Ursel\Downloads\avg_avct_stb_all_2014_4259_cm10.exe
2014-02-24 08:21 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\MFAData
2014-02-24 07:58 - 2014-02-24 08:04 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Lollipop
2014-02-24 07:57 - 2014-02-24 07:57 - 00118784 _____ () C:\Windows\system32\liokinfo.exe
2014-02-24 07:51 - 2014-02-24 07:51 - 00000000 ____C () C:\END
2014-02-24 07:50 - 2014-02-24 07:50 - 00000148 _____ () C:\Users\Ursel\Desktop\Goodgame Empire.url
2014-02-24 07:50 - 2014-02-24 07:50 - 00000000 ____D () C:\Users\Ursel\AppData\Local\DownloadGuide
2014-02-24 07:48 - 2014-02-24 07:48 - 00689352 _____ () C:\Users\Ursel\Downloads\AVG-Anti-Virus-Free_Setup_Download.exe
2014-02-22 20:28 - 2014-02-22 20:28 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Ursel-PC-Ursel
2014-02-22 20:28 - 2014-02-22 20:28 - 00000000 ____D () C:\Users\Ursel\Documents\NewBlueFX
2014-02-22 14:09 - 2014-02-23 17:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-21 19:18 - 2014-02-21 19:18 - 00016311 _____ () C:\Users\Ursel\Downloads\Bundesschau 2014.odt
2014-02-12 15:07 - 2014-02-12 15:07 - 00000000 ___DC () C:\Program Files\McAfee Security Scan
2014-02-12 06:19 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 06:19 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 06:18 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 06:18 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 06:18 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 06:18 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 06:18 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 06:18 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 06:18 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 06:18 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 06:18 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 06:18 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 06:18 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 06:18 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 06:18 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 06:18 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 06:18 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 06:18 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 06:18 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 06:18 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 06:18 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 06:18 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 06:18 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 06:18 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 06:18 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 06:18 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 06:18 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 06:18 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 06:18 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 06:18 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 06:18 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 06:18 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 06:18 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 06:18 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 06:18 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 06:18 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 06:18 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 06:18 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 06:18 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 06:18 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 06:18 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 05:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 05:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 05:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 05:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 05:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 05:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 05:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 05:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 05:53 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 05:53 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 05:53 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 05:53 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 05:53 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 05:53 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 05:53 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 05:53 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 05:53 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 05:53 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-06 15:32 - 2014-02-06 15:32 - 00283120 _____ (Mozilla) C:\Users\Ursel\Downloads\Firefox Setup Stub 27.0.exe
2014-01-31 06:22 - 2014-01-31 06:22 - 00957112 _____ (Microsoft Corporation) C:\Users\Ursel\Downloads\SaveAsPDFandXPS.exe

==================== One Month Modified Files and Folders =======

2014-02-24 15:56 - 2014-02-24 15:54 - 00019271 _____ () C:\Users\Ursel\Downloads\FRST.txt
2014-02-24 15:56 - 2012-08-20 05:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-24 15:54 - 2014-02-24 15:54 - 00000000 ____D () C:\ProgramData\1E2C0
2014-02-24 15:54 - 2014-02-24 15:53 - 00000000 ___DC () C:\FRST
2014-02-24 15:54 - 2014-02-24 15:47 - 00000000 ____D () C:\Users\Ursel\AppData\Local\iMesh
2014-02-24 15:51 - 2014-02-24 15:51 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64.exe
2014-02-24 15:48 - 2014-02-24 15:48 - 00001280 _____ () C:\Users\Public\Desktop\Free Games.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00001186 _____ () C:\Users\Ursel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00001156 _____ () C:\Users\Ursel\Desktop\iMesh.lnk
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\Documents\My Received Files
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\MusicNet
2014-02-24 15:47 - 2014-02-24 15:47 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
2014-02-24 15:43 - 2014-02-24 15:43 - 01431792 _____ (iMesh Inc) C:\Users\Ursel\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-24 15:30 - 2011-01-30 18:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 15:18 - 2011-01-30 18:02 - 01969110 _____ () C:\Windows\WindowsUpdate.log
2014-02-24 15:17 - 2014-01-21 06:23 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-24 15:16 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 15:16 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 15:13 - 2014-02-24 08:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-24 15:12 - 2014-01-21 06:25 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\newnext.me
2014-02-24 15:11 - 2011-01-30 18:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 15:09 - 2011-12-12 08:07 - 00074717 _____ () C:\Windows\setupact.log
2014-02-24 15:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-24 15:08 - 2012-07-31 04:45 - 00078770 _____ () C:\Windows\PFRO.log
2014-02-24 11:55 - 2011-10-03 16:05 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Skype
2014-02-24 09:19 - 2012-07-19 19:36 - 00000000 __SHD () C:\Users\Ursel\AppData\Roaming\.#
2014-02-24 09:19 - 2012-07-19 19:36 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\ALDI_SUED_Mah_Jong
2014-02-24 08:47 - 2014-02-24 08:25 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-24 08:42 - 2014-01-21 06:23 - 00000173 _____ () C:\Users\Ursel\AppData\Roaming\WB.CFG
2014-02-24 08:30 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Avg2014
2014-02-24 08:27 - 2014-02-24 08:27 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\AVG2014
2014-02-24 08:26 - 2014-02-24 08:26 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-24 08:26 - 2014-01-22 06:01 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\TuneUp Software
2014-02-24 08:25 - 2014-02-24 08:25 - 00000000 __HDC () C:\$AVG
2014-02-24 08:24 - 2014-02-24 08:24 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-24 08:21 - 2014-02-24 08:21 - 04435768 _____ (AVG Technologies) C:\Users\Ursel\Downloads\avg_avct_stb_all_2014_4259_cm10.exe
2014-02-24 08:21 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\MFAData
2014-02-24 08:04 - 2014-02-24 07:58 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Lollipop
2014-02-24 07:57 - 2014-02-24 07:57 - 00118784 _____ () C:\Windows\system32\liokinfo.exe
2014-02-24 07:51 - 2014-02-24 07:51 - 00000000 ____C () C:\END
2014-02-24 07:50 - 2014-02-24 07:50 - 00000148 _____ () C:\Users\Ursel\Desktop\Goodgame Empire.url
2014-02-24 07:50 - 2014-02-24 07:50 - 00000000 ____D () C:\Users\Ursel\AppData\Local\DownloadGuide
2014-02-24 07:48 - 2014-02-24 07:48 - 00689352 _____ () C:\Users\Ursel\Downloads\AVG-Anti-Virus-Free_Setup_Download.exe
2014-02-24 06:49 - 2011-03-14 12:42 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Adobe
2014-02-24 06:38 - 2009-07-14 05:45 - 03356880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-23 18:15 - 2011-01-30 18:13 - 00080808 _____ () C:\Users\Ursel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-23 17:47 - 2013-06-24 06:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-23 17:44 - 2014-02-22 14:09 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-23 06:10 - 2010-07-07 17:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-22 20:28 - 2014-02-22 20:28 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Ursel-PC-Ursel
2014-02-22 20:28 - 2014-02-22 20:28 - 00000000 ____D () C:\Users\Ursel\Documents\NewBlueFX
2014-02-22 20:28 - 2011-02-06 03:51 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Adobe
2014-02-22 17:34 - 2013-06-24 06:51 - 00000000 ____D () C:\Users\Ursel\Documents\Adobe
2014-02-22 14:07 - 2010-07-07 17:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-22 14:06 - 2013-06-24 06:47 - 00000000 ___DC () C:\Program Files\Adobe
2014-02-21 19:18 - 2014-02-21 19:18 - 00016311 _____ () C:\Users\Ursel\Downloads\Bundesschau 2014.odt
2014-02-21 15:33 - 2011-01-30 18:06 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 05:56 - 2012-08-20 05:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 05:56 - 2012-08-20 05:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 05:56 - 2011-09-02 13:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 18:01 - 2012-11-19 21:23 - 00000000 ____D () C:\Users\Ursel\Documents\IG sach
2014-02-17 19:25 - 2011-01-30 18:06 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 19:25 - 2011-01-30 18:06 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 08:38 - 2013-07-14 06:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 08:36 - 2010-07-07 16:49 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 17:26 - 2012-11-30 14:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 12:16 - 2013-12-21 07:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 08:17 - 2014-01-21 06:23 - 00003232 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-02-14 17:56 - 2010-05-12 09:18 - 00654852 _____ () C:\Windows\system32\perfh007.dat
2014-02-14 17:56 - 2010-05-12 09:18 - 00130434 _____ () C:\Windows\system32\perfc007.dat
2014-02-14 17:56 - 2009-07-14 06:13 - 01500358 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 18:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 15:08 - 2011-09-02 13:03 - 00001935 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-12 15:07 - 2014-02-12 15:07 - 00000000 ___DC () C:\Program Files\McAfee Security Scan
2014-02-11 05:41 - 2011-10-30 19:38 - 00000000 ____D () C:\Users\Ursel\Downloads\schoko-amarena-torte_105049-Dateien
2014-02-11 05:36 - 2012-11-29 19:20 - 00000000 ____D () C:\Users\Ursel\Documents\Hölderlin
2014-02-11 05:36 - 2012-07-13 07:09 - 00000000 ____D () C:\Users\Ursel\Documents\Forum
2014-02-10 12:50 - 2012-11-30 14:48 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-07 05:32 - 2014-01-22 06:13 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-02-06 15:37 - 2013-08-27 20:28 - 00003074 _____ () C:\Windows\System32\Tasks\{7DC17C54-3C81-438E-B75B-44610CC06F91}
2014-02-06 15:37 - 2011-10-03 16:02 - 00003146 _____ () C:\Windows\System32\Tasks\{1A5992A8-71B7-47D7-AB61-1376EF897169}
2014-02-06 15:32 - 2014-02-06 15:32 - 00283120 _____ (Mozilla) C:\Users\Ursel\Downloads\Firefox Setup Stub 27.0.exe
2014-02-06 13:16 - 2014-02-12 06:18 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 06:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 06:18 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 06:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 06:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 06:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 06:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 06:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 06:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 06:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 06:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 06:18 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 06:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 06:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 06:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 06:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 06:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 06:18 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 06:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 06:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 06:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 06:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 06:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 06:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 06:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 06:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 06:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 06:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 06:18 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 06:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 06:18 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 06:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 06:18 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 06:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 06:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 06:18 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 06:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 11:32 - 2011-01-30 18:09 - 00000000 ____D () C:\Users\Ursel
2014-02-03 11:25 - 2012-11-29 19:23 - 00000000 ____D () C:\Users\Ursel\Documents\DOC. Word
2014-02-02 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-02 12:49 - 2012-11-19 08:08 - 00000000 ____D () C:\Users\Ursel\Allerlei
2014-01-31 06:22 - 2014-01-31 06:22 - 00957112 _____ (Microsoft Corporation) C:\Users\Ursel\Downloads\SaveAsPDFandXPS.exe
2014-01-27 07:19 - 2014-01-21 06:23 - 00000005 _____ () C:\Users\Ursel\AppData\Roaming\WBPU-TTL.DAT
2014-01-26 16:32 - 2010-11-02 10:50 - 00000000 ___RD () C:\Users\Public\Desktop\Medion MediaPack

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Ursel\OOo_3.3.0_Win_x86_install-wJRE_de.exe


Some content of TEMP:
====================
C:\Users\Ursel\AppData\Local\Temp\32386uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\70756uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\AskSLib.dll
C:\Users\Ursel\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ursel\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Ursel\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Ursel\AppData\Local\Temp\install_flashplayer11x32_mssa_au_aih.exe
C:\Users\Ursel\AppData\Local\Temp\iv_uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\mpam-1c7fdfb.exe
C:\Users\Ursel\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Ursel\AppData\Local\Temp\nscC118.exe
C:\Users\Ursel\AppData\Local\Temp\nscC6E4.exe
C:\Users\Ursel\AppData\Local\Temp\nsh8CC9.exe
C:\Users\Ursel\AppData\Local\Temp\nsh8FD6.exe
C:\Users\Ursel\AppData\Local\Temp\nsh9331.exe
C:\Users\Ursel\AppData\Local\Temp\nsn3A37.exe
C:\Users\Ursel\AppData\Local\Temp\nsxC406.exe
C:\Users\Ursel\AppData\Local\Temp\readSTILog.dll
C:\Users\Ursel\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Ursel\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Ursel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ursel\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 18:29

==================== End Of Log ============================
         
--- --- ---


Habe ich das richtig verstanden, defogger fehlt auch noch?

Übrigens, danke.

Alt 26.02.2014, 09:51   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Goodgames Empire - Standard

Goodgames Empire



defogger brauch ich nicht. Ist nur relevant wenn du CD/DVD Emulatoren im Einsatz hast.

Ich vermisse allerdings das andere FRST-Logs (additions.txt)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.02.2014, 15:27   #9
Ursel
 
Goodgames Empire - Standard

Goodgames Empire



Ich habe doch zwei kopiert? Tut mir leid, weiß nicht was fehlt?

OK. Sehe gerade, habe zwei mal das gleiche gespeichert. Wie komme ich jetzt an die andere Version?

Alt 26.02.2014, 16:02   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Goodgames Empire - Standard

Goodgames Empire



Einfach mal die Anleitungen richtig lesen, es ist genau beschrieben wo du die geforderten Logs findest.

Zitat:
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.02.2014, 18:49   #11
Ursel
 
Goodgames Empire - Standard

Goodgames Empire



Gefunden. Nix Desktop. Habe aber auch mein Problm eingekreist. Nix Spiel. Verknüpfung auf dem Desktop. Verknüpfung lässt sich nicht löschen, sagt das ich dazu Adminrechte brauche. Aber ich bin Admin.

Alt 27.02.2014, 01:09   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Goodgames Empire - Standard

Goodgames Empire



Kann es sein, dass du FRST nicht zum ersten Mal ausführst?
FRST erstellt nur die additions.txt wenn ein Haken gesetzt ist. So steht es auch unterschwellig in der Anleitung.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.02.2014, 06:14   #13
Ursel
 
Goodgames Empire - Standard

Goodgames Empire



Mit sicherheit habe ich FRST noch nie heruntergeladen. War ja so stolz auf mich, das ich das konnte! Aber ich habe beim herunterladen von FRST gleichzeitig ein neues Spiel heruntergeladen und so ein musik teil, das mit jeder menge kostenloser musik geworben hat.
Das Spiel ist bein deinstallieren des musikteiles wieder mitverschunden.

Mit sicherheit habe ich FRST noch nie heruntergeladen. War ja so stolz auf mich, das ich das konnte! Aber ich habe beim herunterladen von FRST gleichzeitig ein neues Spiel heruntergeladen und so ein musik teil, das mit jeder menge kostenloser musik geworben hat.
Das Spiel ist bein deinstallieren des musikteiles wieder mitverschunden. Zumindest das zweite. Die verknüpfung auf das erste ist noch da.
Recercen im Internet haben von Unlocked gesprochen. Möchte jedoch nichts unternehmen, ohne hier Rat zu bekommen.

Alt 27.02.2014, 10:23   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Goodgames Empire - Standard

Goodgames Empire



Ja dann kann ich nur appellieren, die Anleitungen richtig zu lesen und auch 1:1 umzusetzen

Wenn du FRST noch nie auf diesem Rechner gestartet hast, muss es beim ersten Mal auch die additions.txt erstellt haben, es sei denn du hast die Haken bei FRST verändert.

Starte FRST neu, setze nen Haken bei additions und klick erneut auf Scan um neue Logs zu erstellen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.02.2014, 11:10   #15
Ursel
 
Goodgames Empire - Standard

Goodgames Empire




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Ursel (administrator) on URSEL-PC on 28-02-2014 11:01:54
Running from C:\Users\Ursel\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\Ursel\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1739480 2014-02-28] (Bitdefender)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-29] (CyberLink)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-28] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-02-28] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-28] (Bitdefender)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-28] (Bitdefender)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-02-28] (Bitdefender)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-28] (Bitdefender)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {70db10cf-b64c-11e1-a97a-485d60d37cf5} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {7a5a2cb6-4821-11e1-a75a-00262dc3bced} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {817083ba-2cdd-11e0-9b27-806e6f6e6963} - E:\AutoPlay.exe -auto
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {964b8874-2fc8-11e0-9df2-485d60d37cf5} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {c0d821c4-6484-11e1-b7b9-00262dc3bced} - F:\Setup.exe
Startup: C:\Users\Ursel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4812_6&babsrc=SP_ss&mntrId=ca8fa28900000000000000262dc3bced
BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C6C7B56A-7496-4934-91A2-BCDE5DFA33E1}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default
FF user.js: detected! => C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&SSPV=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\Extensions\staged [2014-02-24]
FF Extension: WEB.DE MailCheck - C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\Extensions\toolbar@web.de.xpi [2012-02-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ []
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-28]

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (Bitdefender Wallet) - C:\Users\Ursel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-02-28]
CHR Extension: (Google Wallet) - C:\Users\Ursel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-02-28]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1507248 2014-02-28] (Bitdefender)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH)
S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-28 11:00 - 2014-02-28 11:00 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64(1).exe
2014-02-28 10:58 - 2014-02-28 10:58 - 01143808 _____ (Farbar) C:\Users\Ursel\Downloads\FRST.exe
2014-02-28 08:36 - 2014-02-28 08:36 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-02-28 07:49 - 2014-02-28 07:49 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-02-28 07:49 - 2014-02-28 07:49 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-02-28 07:25 - 2014-02-28 07:25 - 00693717 _____ () C:\ProgramData\1393567676.bdinstall.bin
2014-02-28 07:18 - 2014-02-28 07:49 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-02-28 07:18 - 2014-02-28 07:18 - 00002194 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-02-28 07:18 - 2014-02-28 07:18 - 00002075 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security.lnk
2014-02-28 07:18 - 2014-02-28 07:18 - 00000684 ___HC () C:\bdr-cf01
2014-02-28 07:18 - 2014-02-28 07:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-02-28 07:18 - 2014-02-28 07:18 - 00000000 ____D () C:\ProgramData\BDLogging
2014-02-28 07:18 - 2013-12-02 11:58 - 00635392 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-02-28 07:18 - 2013-12-02 11:56 - 00893440 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-02-28 07:18 - 2013-11-04 15:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-02-28 07:18 - 2013-02-22 18:46 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2014-02-28 07:18 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-02-28 07:18 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-02-28 07:13 - 2014-02-28 07:18 - 00253404 ____H () C:\bdr-ld01
2014-02-28 07:13 - 2014-02-28 07:18 - 00009216 ____H () C:\bdr-ld01.mbr
2014-02-28 07:13 - 2014-02-28 07:13 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Bitdefender
2014-02-28 07:13 - 2013-09-24 15:38 - 46879860 ____H () C:\bdr-im01.gz
2014-02-28 07:13 - 2013-08-13 12:38 - 03271472 ____H () C:\bdr-bz01
2014-02-28 07:08 - 2014-02-28 07:49 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-02-28 07:08 - 2014-02-28 07:08 - 00000000 ___DC () C:\Program Files\Bitdefender
2014-02-28 07:08 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-02-28 07:08 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-02-28 07:08 - 2013-08-23 12:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-02-28 07:08 - 2013-08-07 12:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-02-28 07:07 - 2014-02-28 07:07 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\QuickScan
2014-02-28 06:56 - 2014-02-28 06:57 - 05701712 _____ () C:\Users\Ursel\Downloads\bitdefender_14isecurity(1).exe
2014-02-28 06:53 - 2014-02-12 15:07 - 00000426 ____C () C:\AVScanner.ini
2014-02-28 06:51 - 2014-02-28 07:08 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-02-28 06:29 - 2014-02-28 06:29 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-25 19:59 - 2014-02-25 19:59 - 00000000 ____D () C:\Users\Ursel\Desktop\PSE
2014-02-24 19:11 - 2014-02-24 19:11 - 00000000 _____ () C:\ProgramData\Vocal Transformer
2014-02-24 15:56 - 2014-02-24 15:58 - 00037754 _____ () C:\Users\Ursel\Downloads\Addition.txt
2014-02-24 15:54 - 2014-02-28 11:01 - 00021409 _____ () C:\Users\Ursel\Downloads\FRST.txt
2014-02-24 15:54 - 2014-02-24 15:54 - 00000000 ____D () C:\ProgramData\1E2C0
2014-02-24 15:53 - 2014-02-28 11:01 - 00000000 ___DC () C:\FRST
2014-02-24 15:51 - 2014-02-24 15:51 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64.exe
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\Documents\My Received Files
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\MusicNet
2014-02-24 08:27 - 2014-02-24 08:27 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\AVG2014
2014-02-24 08:25 - 2014-02-28 07:05 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-24 08:25 - 2014-02-28 07:02 - 00000000 __HDC () C:\$AVG
2014-02-24 08:21 - 2014-02-28 08:34 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-24 08:21 - 2014-02-28 07:06 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Avg2014
2014-02-24 08:21 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\MFAData
2014-02-24 07:58 - 2014-02-24 08:04 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Lollipop
2014-02-24 07:57 - 2014-02-24 07:57 - 00118784 _____ () C:\Windows\system32\liokinfo.exe
2014-02-24 07:51 - 2014-02-24 07:51 - 00000000 ____C () C:\END
2014-02-24 07:50 - 2014-02-24 07:50 - 00000148 _____ () C:\Users\Ursel\Desktop\Goodgame Empire.url
2014-02-24 07:50 - 2014-02-24 07:50 - 00000000 ____D () C:\Users\Ursel\AppData\Local\DownloadGuide
2014-02-22 20:28 - 2014-02-22 20:28 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Ursel-PC-Ursel
2014-02-22 20:28 - 2014-02-22 20:28 - 00000000 ____D () C:\Users\Ursel\Documents\NewBlueFX
2014-02-22 14:09 - 2014-02-23 17:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-21 19:18 - 2014-02-21 19:18 - 00016311 _____ () C:\Users\Ursel\Downloads\Bundesschau 2014.odt
2014-02-12 06:19 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 06:19 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 06:18 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 06:18 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 06:18 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 06:18 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 06:18 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 06:18 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 06:18 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 06:18 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 06:18 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 06:18 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 06:18 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 06:18 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 06:18 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 06:18 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 06:18 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 06:18 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 06:18 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 06:18 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 06:18 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 06:18 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 06:18 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 06:18 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 06:18 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 06:18 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 06:18 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 06:18 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 06:18 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 06:18 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 06:18 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 06:18 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 06:18 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 06:18 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 06:18 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 06:18 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 06:18 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 06:18 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 06:18 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 06:18 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 06:18 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 05:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 05:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 05:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 05:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 05:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 05:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 05:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 05:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 05:53 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 05:53 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 05:53 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 05:53 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 05:53 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 05:53 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 05:53 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 05:53 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 05:53 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 05:53 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-06 15:32 - 2014-02-06 15:32 - 00283120 _____ (Mozilla) C:\Users\Ursel\Downloads\Firefox Setup Stub 27.0.exe
2014-01-31 06:22 - 2014-01-31 06:22 - 00957112 _____ (Microsoft Corporation) C:\Users\Ursel\Downloads\SaveAsPDFandXPS.exe

==================== One Month Modified Files and Folders =======

2014-02-28 11:02 - 2014-02-24 15:54 - 00021409 _____ () C:\Users\Ursel\Downloads\FRST.txt
2014-02-28 11:01 - 2014-02-24 15:53 - 00000000 ___DC () C:\FRST
2014-02-28 11:00 - 2014-02-28 11:00 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64(1).exe
2014-02-28 10:58 - 2014-02-28 10:58 - 01143808 _____ (Farbar) C:\Users\Ursel\Downloads\FRST.exe
2014-02-28 08:47 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 08:47 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 08:44 - 2014-01-21 06:25 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\newnext.me
2014-02-28 08:36 - 2014-02-28 08:36 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-02-28 08:35 - 2011-12-12 08:07 - 00075632 _____ () C:\Windows\setupact.log
2014-02-28 08:35 - 2011-01-30 18:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 08:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 08:34 - 2014-02-24 08:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-28 08:34 - 2012-07-31 04:45 - 00180710 _____ () C:\Windows\PFRO.log
2014-02-28 08:02 - 2011-01-30 18:02 - 01199556 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 07:56 - 2012-08-20 05:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 07:49 - 2014-02-28 07:49 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-02-28 07:49 - 2014-02-28 07:49 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-02-28 07:49 - 2014-02-28 07:18 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-02-28 07:49 - 2014-02-28 07:08 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-02-28 07:30 - 2011-01-30 18:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 07:25 - 2014-02-28 07:25 - 00693717 _____ () C:\ProgramData\1393567676.bdinstall.bin
2014-02-28 07:18 - 2014-02-28 07:18 - 00002194 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-02-28 07:18 - 2014-02-28 07:18 - 00002075 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security.lnk
2014-02-28 07:18 - 2014-02-28 07:18 - 00000684 ___HC () C:\bdr-cf01
2014-02-28 07:18 - 2014-02-28 07:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-02-28 07:18 - 2014-02-28 07:18 - 00000000 ____D () C:\ProgramData\BDLogging
2014-02-28 07:18 - 2014-02-28 07:13 - 00253404 ____H () C:\bdr-ld01
2014-02-28 07:18 - 2014-02-28 07:13 - 00009216 ____H () C:\bdr-ld01.mbr
2014-02-28 07:17 - 2014-01-21 06:23 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-28 07:13 - 2014-02-28 07:13 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Bitdefender
2014-02-28 07:08 - 2014-02-28 07:08 - 00000000 ___DC () C:\Program Files\Bitdefender
2014-02-28 07:08 - 2014-02-28 06:51 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-02-28 07:07 - 2014-02-28 07:07 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\QuickScan
2014-02-28 07:07 - 2011-03-01 18:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-02-28 07:06 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Avg2014
2014-02-28 07:05 - 2014-02-24 08:25 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-28 07:02 - 2014-02-24 08:25 - 00000000 __HDC () C:\$AVG
2014-02-28 06:57 - 2014-02-28 06:56 - 05701712 _____ () C:\Users\Ursel\Downloads\bitdefender_14isecurity(1).exe
2014-02-28 06:29 - 2014-02-28 06:29 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-28 06:22 - 2014-01-21 06:23 - 00000189 _____ () C:\Users\Ursel\AppData\Roaming\WB.CFG
2014-02-28 06:08 - 2011-03-14 12:42 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Adobe
2014-02-27 19:37 - 2012-12-21 17:22 - 00000000 ____D () C:\Users\Ursel\Documents\My Kindle Content
2014-02-26 18:01 - 2010-05-12 09:18 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-02-26 18:01 - 2010-05-12 09:18 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-02-26 18:01 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 06:32 - 2011-01-30 18:24 - 01596580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 19:59 - 2014-02-25 19:59 - 00000000 ____D () C:\Users\Ursel\Desktop\PSE
2014-02-24 19:11 - 2014-02-24 19:11 - 00000000 _____ () C:\ProgramData\Vocal Transformer
2014-02-24 19:11 - 2011-02-13 09:16 - 00000000 ____H () C:\ProgramData\PKP_DLev.DAT
2014-02-24 19:11 - 2011-02-13 09:16 - 00000000 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-24 19:11 - 2011-02-13 09:16 - 00000000 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-24 19:11 - 2011-02-13 09:16 - 00000000 _____ () C:\Users\Ursel\AppData\Roaming\howto
2014-02-24 15:58 - 2014-02-24 15:56 - 00037754 _____ () C:\Users\Ursel\Downloads\Addition.txt
2014-02-24 15:54 - 2014-02-24 15:54 - 00000000 ____D () C:\ProgramData\1E2C0
2014-02-24 15:51 - 2014-02-24 15:51 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64.exe
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\Documents\My Received Files
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\MusicNet
2014-02-24 11:55 - 2011-10-03 16:05 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Skype
2014-02-24 09:19 - 2012-07-19 19:36 - 00000000 __SHD () C:\Users\Ursel\AppData\Roaming\.#
2014-02-24 09:19 - 2012-07-19 19:36 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\ALDI_SUED_Mah_Jong
2014-02-24 08:27 - 2014-02-24 08:27 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\AVG2014
2014-02-24 08:26 - 2014-01-22 06:01 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\TuneUp Software
2014-02-24 08:21 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\MFAData
2014-02-24 08:04 - 2014-02-24 07:58 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Lollipop
2014-02-24 07:57 - 2014-02-24 07:57 - 00118784 _____ () C:\Windows\system32\liokinfo.exe
2014-02-24 07:51 - 2014-02-24 07:51 - 00000000 ____C () C:\END
2014-02-24 07:50 - 2014-02-24 07:50 - 00000148 _____ () C:\Users\Ursel\Desktop\Goodgame Empire.url
2014-02-24 07:50 - 2014-02-24 07:50 - 00000000 ____D () C:\Users\Ursel\AppData\Local\DownloadGuide
2014-02-24 06:38 - 2009-07-14 05:45 - 03356880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-23 18:15 - 2011-01-30 18:13 - 00080808 _____ () C:\Users\Ursel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-23 17:47 - 2013-06-24 06:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-23 17:44 - 2014-02-22 14:09 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-23 06:10 - 2010-07-07 17:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-22 20:28 - 2014-02-22 20:28 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Ursel-PC-Ursel
2014-02-22 20:28 - 2014-02-22 20:28 - 00000000 ____D () C:\Users\Ursel\Documents\NewBlueFX
2014-02-22 20:28 - 2011-02-06 03:51 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Adobe
2014-02-22 17:34 - 2013-06-24 06:51 - 00000000 ____D () C:\Users\Ursel\Documents\Adobe
2014-02-22 14:07 - 2010-07-07 17:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-22 14:06 - 2013-06-24 06:47 - 00000000 ___DC () C:\Program Files\Adobe
2014-02-21 19:18 - 2014-02-21 19:18 - 00016311 _____ () C:\Users\Ursel\Downloads\Bundesschau 2014.odt
2014-02-21 15:33 - 2011-01-30 18:06 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 05:56 - 2012-08-20 05:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 05:56 - 2012-08-20 05:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 05:56 - 2011-09-02 13:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 18:01 - 2012-11-19 21:23 - 00000000 ____D () C:\Users\Ursel\Documents\IG sach
2014-02-17 19:25 - 2011-01-30 18:06 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 19:25 - 2011-01-30 18:06 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 08:38 - 2013-07-14 06:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 08:36 - 2010-07-07 16:49 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 17:26 - 2012-11-30 14:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 12:16 - 2013-12-21 07:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 08:17 - 2014-01-21 06:23 - 00003232 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-02-13 18:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 15:07 - 2014-02-28 06:53 - 00000426 ____C () C:\AVScanner.ini
2014-02-11 05:41 - 2011-10-30 19:38 - 00000000 ____D () C:\Users\Ursel\Downloads\schoko-amarena-torte_105049-Dateien
2014-02-11 05:36 - 2012-11-29 19:20 - 00000000 ____D () C:\Users\Ursel\Documents\Hölderlin
2014-02-11 05:36 - 2012-07-13 07:09 - 00000000 ____D () C:\Users\Ursel\Documents\Forum
2014-02-10 12:50 - 2012-11-30 14:48 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-07 05:32 - 2014-01-22 06:13 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-02-06 15:37 - 2013-08-27 20:28 - 00003074 _____ () C:\Windows\System32\Tasks\{7DC17C54-3C81-438E-B75B-44610CC06F91}
2014-02-06 15:37 - 2011-10-03 16:02 - 00003146 _____ () C:\Windows\System32\Tasks\{1A5992A8-71B7-47D7-AB61-1376EF897169}
2014-02-06 15:32 - 2014-02-06 15:32 - 00283120 _____ (Mozilla) C:\Users\Ursel\Downloads\Firefox Setup Stub 27.0.exe
2014-02-06 13:16 - 2014-02-12 06:18 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 06:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 06:18 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 06:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 06:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 06:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 06:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 06:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 06:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 06:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 06:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 06:18 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 06:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 06:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 06:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 06:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 06:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 06:18 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 06:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 06:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 06:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 06:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 06:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 06:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 06:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 06:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 06:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 06:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 06:18 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 06:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 06:18 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 06:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 06:18 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 06:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 06:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 06:18 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 06:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 11:32 - 2011-01-30 18:09 - 00000000 ____D () C:\Users\Ursel
2014-02-03 11:25 - 2012-11-29 19:23 - 00000000 ____D () C:\Users\Ursel\Documents\DOC. Word
2014-02-02 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-02 12:49 - 2012-11-19 08:08 - 00000000 ____D () C:\Users\Ursel\Allerlei
2014-01-31 06:22 - 2014-01-31 06:22 - 00957112 _____ (Microsoft Corporation) C:\Users\Ursel\Downloads\SaveAsPDFandXPS.exe

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Ursel\OOo_3.3.0_Win_x86_install-wJRE_de.exe


Some content of TEMP:
====================
C:\Users\Ursel\AppData\Local\Temp\32386uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\70756uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\AskSLib.dll
C:\Users\Ursel\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ursel\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Ursel\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Ursel\AppData\Local\Temp\install_flashplayer11x32_mssa_au_aih.exe
C:\Users\Ursel\AppData\Local\Temp\iv_uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\mpam-1c7fdfb.exe
C:\Users\Ursel\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Ursel\AppData\Local\Temp\nscC118.exe
C:\Users\Ursel\AppData\Local\Temp\nscC6E4.exe
C:\Users\Ursel\AppData\Local\Temp\nsh8CC9.exe
C:\Users\Ursel\AppData\Local\Temp\nsh8FD6.exe
C:\Users\Ursel\AppData\Local\Temp\nsh9331.exe
C:\Users\Ursel\AppData\Local\Temp\nsn3A37.exe
C:\Users\Ursel\AppData\Local\Temp\nsxC406.exe
C:\Users\Ursel\AppData\Local\Temp\readSTILog.dll
C:\Users\Ursel\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Ursel\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Ursel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ursel\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 18:29

==================== End Of Log ============================
         
--- --- ---



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Ursel (administrator) on URSEL-PC on 28-02-2014 11:01:54
Running from C:\Users\Ursel\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\Ursel\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1739480 2014-02-28] (Bitdefender)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-29] (CyberLink)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-28] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-02-28] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-28] (Bitdefender)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-28] (Bitdefender)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-02-28] (Bitdefender)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-28] (Bitdefender)
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {70db10cf-b64c-11e1-a97a-485d60d37cf5} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {7a5a2cb6-4821-11e1-a75a-00262dc3bced} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {817083ba-2cdd-11e0-9b27-806e6f6e6963} - E:\AutoPlay.exe -auto
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {964b8874-2fc8-11e0-9df2-485d60d37cf5} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1019772088-3661694572-1671400686-1000\...\MountPoints2: {c0d821c4-6484-11e1-b7b9-00262dc3bced} - F:\Setup.exe
Startup: C:\Users\Ursel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4812_6&babsrc=SP_ss&mntrId=ca8fa28900000000000000262dc3bced
BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C6C7B56A-7496-4934-91A2-BCDE5DFA33E1}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default
FF user.js: detected! => C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&SSPV=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\Extensions\staged [2014-02-24]
FF Extension: WEB.DE MailCheck - C:\Users\Ursel\AppData\Roaming\Mozilla\Firefox\Profiles\4qbssiuy.default\Extensions\toolbar@web.de.xpi [2012-02-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ []
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-28]

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA933E78C-D24E-4D1E-A318-1936DB36BF82&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (Bitdefender Wallet) - C:\Users\Ursel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-02-28]
CHR Extension: (Google Wallet) - C:\Users\Ursel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-02-28]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1507248 2014-02-28] (Bitdefender)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH)
S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-28 11:00 - 2014-02-28 11:00 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64(1).exe
2014-02-28 10:58 - 2014-02-28 10:58 - 01143808 _____ (Farbar) C:\Users\Ursel\Downloads\FRST.exe
2014-02-28 08:36 - 2014-02-28 08:36 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-02-28 07:49 - 2014-02-28 07:49 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-02-28 07:49 - 2014-02-28 07:49 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-02-28 07:25 - 2014-02-28 07:25 - 00693717 _____ () C:\ProgramData\1393567676.bdinstall.bin
2014-02-28 07:18 - 2014-02-28 07:49 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-02-28 07:18 - 2014-02-28 07:18 - 00002194 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-02-28 07:18 - 2014-02-28 07:18 - 00002075 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security.lnk
2014-02-28 07:18 - 2014-02-28 07:18 - 00000684 ___HC () C:\bdr-cf01
2014-02-28 07:18 - 2014-02-28 07:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-02-28 07:18 - 2014-02-28 07:18 - 00000000 ____D () C:\ProgramData\BDLogging
2014-02-28 07:18 - 2013-12-02 11:58 - 00635392 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-02-28 07:18 - 2013-12-02 11:56 - 00893440 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-02-28 07:18 - 2013-11-04 15:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-02-28 07:18 - 2013-02-22 18:46 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2014-02-28 07:18 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-02-28 07:18 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-02-28 07:13 - 2014-02-28 07:18 - 00253404 ____H () C:\bdr-ld01
2014-02-28 07:13 - 2014-02-28 07:18 - 00009216 ____H () C:\bdr-ld01.mbr
2014-02-28 07:13 - 2014-02-28 07:13 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Bitdefender
2014-02-28 07:13 - 2013-09-24 15:38 - 46879860 ____H () C:\bdr-im01.gz
2014-02-28 07:13 - 2013-08-13 12:38 - 03271472 ____H () C:\bdr-bz01
2014-02-28 07:08 - 2014-02-28 07:49 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-02-28 07:08 - 2014-02-28 07:08 - 00000000 ___DC () C:\Program Files\Bitdefender
2014-02-28 07:08 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-02-28 07:08 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-02-28 07:08 - 2013-08-23 12:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-02-28 07:08 - 2013-08-07 12:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-02-28 07:07 - 2014-02-28 07:07 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\QuickScan
2014-02-28 06:56 - 2014-02-28 06:57 - 05701712 _____ () C:\Users\Ursel\Downloads\bitdefender_14isecurity(1).exe
2014-02-28 06:53 - 2014-02-12 15:07 - 00000426 ____C () C:\AVScanner.ini
2014-02-28 06:51 - 2014-02-28 07:08 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-02-28 06:29 - 2014-02-28 06:29 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-25 19:59 - 2014-02-25 19:59 - 00000000 ____D () C:\Users\Ursel\Desktop\PSE
2014-02-24 19:11 - 2014-02-24 19:11 - 00000000 _____ () C:\ProgramData\Vocal Transformer
2014-02-24 15:56 - 2014-02-24 15:58 - 00037754 _____ () C:\Users\Ursel\Downloads\Addition.txt
2014-02-24 15:54 - 2014-02-28 11:01 - 00021409 _____ () C:\Users\Ursel\Downloads\FRST.txt
2014-02-24 15:54 - 2014-02-24 15:54 - 00000000 ____D () C:\ProgramData\1E2C0
2014-02-24 15:53 - 2014-02-28 11:01 - 00000000 ___DC () C:\FRST
2014-02-24 15:51 - 2014-02-24 15:51 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64.exe
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\Documents\My Received Files
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\MusicNet
2014-02-24 08:27 - 2014-02-24 08:27 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\AVG2014
2014-02-24 08:25 - 2014-02-28 07:05 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-24 08:25 - 2014-02-28 07:02 - 00000000 __HDC () C:\$AVG
2014-02-24 08:21 - 2014-02-28 08:34 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-24 08:21 - 2014-02-28 07:06 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Avg2014
2014-02-24 08:21 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\MFAData
2014-02-24 07:58 - 2014-02-24 08:04 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Lollipop
2014-02-24 07:57 - 2014-02-24 07:57 - 00118784 _____ () C:\Windows\system32\liokinfo.exe
2014-02-24 07:51 - 2014-02-24 07:51 - 00000000 ____C () C:\END
2014-02-24 07:50 - 2014-02-24 07:50 - 00000148 _____ () C:\Users\Ursel\Desktop\Goodgame Empire.url
2014-02-24 07:50 - 2014-02-24 07:50 - 00000000 ____D () C:\Users\Ursel\AppData\Local\DownloadGuide
2014-02-22 20:28 - 2014-02-22 20:28 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Ursel-PC-Ursel
2014-02-22 20:28 - 2014-02-22 20:28 - 00000000 ____D () C:\Users\Ursel\Documents\NewBlueFX
2014-02-22 14:09 - 2014-02-23 17:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-21 19:18 - 2014-02-21 19:18 - 00016311 _____ () C:\Users\Ursel\Downloads\Bundesschau 2014.odt
2014-02-12 06:19 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 06:19 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 06:18 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 06:18 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 06:18 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 06:18 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 06:18 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 06:18 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 06:18 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 06:18 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 06:18 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 06:18 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 06:18 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 06:18 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 06:18 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 06:18 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 06:18 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 06:18 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 06:18 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 06:18 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 06:18 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 06:18 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 06:18 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 06:18 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 06:18 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 06:18 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 06:18 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 06:18 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 06:18 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 06:18 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 06:18 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 06:18 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 06:18 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 06:18 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 06:18 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 06:18 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 06:18 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 06:18 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 06:18 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 06:18 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 06:18 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 05:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 05:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 05:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 05:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 05:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 05:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 05:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 05:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 05:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 05:53 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 05:53 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 05:53 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 05:53 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 05:53 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 05:53 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 05:53 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 05:53 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 05:53 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 05:53 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 05:53 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 05:53 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-06 15:32 - 2014-02-06 15:32 - 00283120 _____ (Mozilla) C:\Users\Ursel\Downloads\Firefox Setup Stub 27.0.exe
2014-01-31 06:22 - 2014-01-31 06:22 - 00957112 _____ (Microsoft Corporation) C:\Users\Ursel\Downloads\SaveAsPDFandXPS.exe

==================== One Month Modified Files and Folders =======

2014-02-28 11:02 - 2014-02-24 15:54 - 00021409 _____ () C:\Users\Ursel\Downloads\FRST.txt
2014-02-28 11:01 - 2014-02-24 15:53 - 00000000 ___DC () C:\FRST
2014-02-28 11:00 - 2014-02-28 11:00 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64(1).exe
2014-02-28 10:58 - 2014-02-28 10:58 - 01143808 _____ (Farbar) C:\Users\Ursel\Downloads\FRST.exe
2014-02-28 08:47 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 08:47 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 08:44 - 2014-01-21 06:25 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\newnext.me
2014-02-28 08:36 - 2014-02-28 08:36 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-02-28 08:35 - 2011-12-12 08:07 - 00075632 _____ () C:\Windows\setupact.log
2014-02-28 08:35 - 2011-01-30 18:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 08:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 08:34 - 2014-02-24 08:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-28 08:34 - 2012-07-31 04:45 - 00180710 _____ () C:\Windows\PFRO.log
2014-02-28 08:02 - 2011-01-30 18:02 - 01199556 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 07:56 - 2012-08-20 05:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 07:49 - 2014-02-28 07:49 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-02-28 07:49 - 2014-02-28 07:49 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-02-28 07:49 - 2014-02-28 07:18 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-02-28 07:49 - 2014-02-28 07:08 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-02-28 07:30 - 2011-01-30 18:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 07:25 - 2014-02-28 07:25 - 00693717 _____ () C:\ProgramData\1393567676.bdinstall.bin
2014-02-28 07:18 - 2014-02-28 07:18 - 00002194 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-02-28 07:18 - 2014-02-28 07:18 - 00002075 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security.lnk
2014-02-28 07:18 - 2014-02-28 07:18 - 00000684 ___HC () C:\bdr-cf01
2014-02-28 07:18 - 2014-02-28 07:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-02-28 07:18 - 2014-02-28 07:18 - 00000000 ____D () C:\ProgramData\BDLogging
2014-02-28 07:18 - 2014-02-28 07:13 - 00253404 ____H () C:\bdr-ld01
2014-02-28 07:18 - 2014-02-28 07:13 - 00009216 ____H () C:\bdr-ld01.mbr
2014-02-28 07:17 - 2014-01-21 06:23 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-28 07:13 - 2014-02-28 07:13 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Bitdefender
2014-02-28 07:08 - 2014-02-28 07:08 - 00000000 ___DC () C:\Program Files\Bitdefender
2014-02-28 07:08 - 2014-02-28 06:51 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-02-28 07:07 - 2014-02-28 07:07 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\QuickScan
2014-02-28 07:07 - 2011-03-01 18:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-02-28 07:06 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Avg2014
2014-02-28 07:05 - 2014-02-24 08:25 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-28 07:02 - 2014-02-24 08:25 - 00000000 __HDC () C:\$AVG
2014-02-28 06:57 - 2014-02-28 06:56 - 05701712 _____ () C:\Users\Ursel\Downloads\bitdefender_14isecurity(1).exe
2014-02-28 06:29 - 2014-02-28 06:29 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-28 06:22 - 2014-01-21 06:23 - 00000189 _____ () C:\Users\Ursel\AppData\Roaming\WB.CFG
2014-02-28 06:08 - 2011-03-14 12:42 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Adobe
2014-02-27 19:37 - 2012-12-21 17:22 - 00000000 ____D () C:\Users\Ursel\Documents\My Kindle Content
2014-02-26 18:01 - 2010-05-12 09:18 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-02-26 18:01 - 2010-05-12 09:18 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-02-26 18:01 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 06:32 - 2011-01-30 18:24 - 01596580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 19:59 - 2014-02-25 19:59 - 00000000 ____D () C:\Users\Ursel\Desktop\PSE
2014-02-24 19:11 - 2014-02-24 19:11 - 00000000 _____ () C:\ProgramData\Vocal Transformer
2014-02-24 19:11 - 2011-02-13 09:16 - 00000000 ____H () C:\ProgramData\PKP_DLev.DAT
2014-02-24 19:11 - 2011-02-13 09:16 - 00000000 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-24 19:11 - 2011-02-13 09:16 - 00000000 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-24 19:11 - 2011-02-13 09:16 - 00000000 _____ () C:\Users\Ursel\AppData\Roaming\howto
2014-02-24 15:58 - 2014-02-24 15:56 - 00037754 _____ () C:\Users\Ursel\Downloads\Addition.txt
2014-02-24 15:54 - 2014-02-24 15:54 - 00000000 ____D () C:\ProgramData\1E2C0
2014-02-24 15:51 - 2014-02-24 15:51 - 02155520 _____ (Farbar) C:\Users\Ursel\Downloads\FRST64.exe
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\Documents\My Received Files
2014-02-24 15:48 - 2014-02-24 15:48 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\MusicNet
2014-02-24 11:55 - 2011-10-03 16:05 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Skype
2014-02-24 09:19 - 2012-07-19 19:36 - 00000000 __SHD () C:\Users\Ursel\AppData\Roaming\.#
2014-02-24 09:19 - 2012-07-19 19:36 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\ALDI_SUED_Mah_Jong
2014-02-24 08:27 - 2014-02-24 08:27 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\AVG2014
2014-02-24 08:26 - 2014-01-22 06:01 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\TuneUp Software
2014-02-24 08:21 - 2014-02-24 08:21 - 00000000 ____D () C:\Users\Ursel\AppData\Local\MFAData
2014-02-24 08:04 - 2014-02-24 07:58 - 00000000 ____D () C:\Users\Ursel\AppData\Local\Lollipop
2014-02-24 07:57 - 2014-02-24 07:57 - 00118784 _____ () C:\Windows\system32\liokinfo.exe
2014-02-24 07:51 - 2014-02-24 07:51 - 00000000 ____C () C:\END
2014-02-24 07:50 - 2014-02-24 07:50 - 00000148 _____ () C:\Users\Ursel\Desktop\Goodgame Empire.url
2014-02-24 07:50 - 2014-02-24 07:50 - 00000000 ____D () C:\Users\Ursel\AppData\Local\DownloadGuide
2014-02-24 06:38 - 2009-07-14 05:45 - 03356880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-23 18:15 - 2011-01-30 18:13 - 00080808 _____ () C:\Users\Ursel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-23 17:47 - 2013-06-24 06:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-23 17:44 - 2014-02-22 14:09 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-23 06:10 - 2010-07-07 17:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-22 20:28 - 2014-02-22 20:28 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Ursel-PC-Ursel
2014-02-22 20:28 - 2014-02-22 20:28 - 00000000 ____D () C:\Users\Ursel\Documents\NewBlueFX
2014-02-22 20:28 - 2011-02-06 03:51 - 00000000 ____D () C:\Users\Ursel\AppData\Roaming\Adobe
2014-02-22 17:34 - 2013-06-24 06:51 - 00000000 ____D () C:\Users\Ursel\Documents\Adobe
2014-02-22 14:07 - 2010-07-07 17:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-22 14:06 - 2013-06-24 06:47 - 00000000 ___DC () C:\Program Files\Adobe
2014-02-21 19:18 - 2014-02-21 19:18 - 00016311 _____ () C:\Users\Ursel\Downloads\Bundesschau 2014.odt
2014-02-21 15:33 - 2011-01-30 18:06 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 05:56 - 2012-08-20 05:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 05:56 - 2012-08-20 05:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 05:56 - 2011-09-02 13:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 18:01 - 2012-11-19 21:23 - 00000000 ____D () C:\Users\Ursel\Documents\IG sach
2014-02-17 19:25 - 2011-01-30 18:06 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 19:25 - 2011-01-30 18:06 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 08:38 - 2013-07-14 06:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 08:36 - 2010-07-07 16:49 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 17:26 - 2012-11-30 14:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 12:16 - 2013-12-21 07:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 08:17 - 2014-01-21 06:23 - 00003232 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-02-13 18:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 15:07 - 2014-02-28 06:53 - 00000426 ____C () C:\AVScanner.ini
2014-02-11 05:41 - 2011-10-30 19:38 - 00000000 ____D () C:\Users\Ursel\Downloads\schoko-amarena-torte_105049-Dateien
2014-02-11 05:36 - 2012-11-29 19:20 - 00000000 ____D () C:\Users\Ursel\Documents\Hölderlin
2014-02-11 05:36 - 2012-07-13 07:09 - 00000000 ____D () C:\Users\Ursel\Documents\Forum
2014-02-10 12:50 - 2012-11-30 14:48 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-07 05:32 - 2014-01-22 06:13 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-02-06 15:37 - 2013-08-27 20:28 - 00003074 _____ () C:\Windows\System32\Tasks\{7DC17C54-3C81-438E-B75B-44610CC06F91}
2014-02-06 15:37 - 2011-10-03 16:02 - 00003146 _____ () C:\Windows\System32\Tasks\{1A5992A8-71B7-47D7-AB61-1376EF897169}
2014-02-06 15:32 - 2014-02-06 15:32 - 00283120 _____ (Mozilla) C:\Users\Ursel\Downloads\Firefox Setup Stub 27.0.exe
2014-02-06 13:16 - 2014-02-12 06:18 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 06:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 06:18 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 06:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 06:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 06:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 06:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 06:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 06:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 06:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 06:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 06:18 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 06:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 06:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 06:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 06:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 06:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 06:18 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 06:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 06:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 06:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 06:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 06:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 06:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 06:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 06:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 06:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 06:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 06:18 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 06:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 06:18 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 06:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 06:18 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 06:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 06:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 06:18 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 06:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 11:32 - 2011-01-30 18:09 - 00000000 ____D () C:\Users\Ursel
2014-02-03 11:25 - 2012-11-29 19:23 - 00000000 ____D () C:\Users\Ursel\Documents\DOC. Word
2014-02-02 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-02 12:49 - 2012-11-19 08:08 - 00000000 ____D () C:\Users\Ursel\Allerlei
2014-01-31 06:22 - 2014-01-31 06:22 - 00957112 _____ (Microsoft Corporation) C:\Users\Ursel\Downloads\SaveAsPDFandXPS.exe

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Ursel\OOo_3.3.0_Win_x86_install-wJRE_de.exe


Some content of TEMP:
====================
C:\Users\Ursel\AppData\Local\Temp\32386uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\70756uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\AskSLib.dll
C:\Users\Ursel\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ursel\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Ursel\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Ursel\AppData\Local\Temp\install_flashplayer11x32_mssa_au_aih.exe
C:\Users\Ursel\AppData\Local\Temp\iv_uninstall.exe
C:\Users\Ursel\AppData\Local\Temp\mpam-1c7fdfb.exe
C:\Users\Ursel\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Ursel\AppData\Local\Temp\nscC118.exe
C:\Users\Ursel\AppData\Local\Temp\nscC6E4.exe
C:\Users\Ursel\AppData\Local\Temp\nsh8CC9.exe
C:\Users\Ursel\AppData\Local\Temp\nsh8FD6.exe
C:\Users\Ursel\AppData\Local\Temp\nsh9331.exe
C:\Users\Ursel\AppData\Local\Temp\nsn3A37.exe
C:\Users\Ursel\AppData\Local\Temp\nsxC406.exe
C:\Users\Ursel\AppData\Local\Temp\readSTILog.dll
C:\Users\Ursel\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Ursel\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Ursel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ursel\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 18:29

==================== End Of Log ============================
         
--- --- ---


Diesesmal hat es ohne musik geklappt

Antwort

Themen zu Goodgames Empire
absoluter, auf einmal, conduit search, conduit search entfernen, conduit-search, conduit-search entfernen, conduit.search, conduit.search entfernen, empire, gesuch, heute, mobogenie, mobogenie entfernen, pup.optional.babylon.a, pup.optional.bandoo.a, pup.optional.conduit.a, pup.optional.jumpflip.a, pup.optional.nextlive.a, pup.optional.regcleanpro, pup.optional.searchprotect.a, spielen, systems



Ähnliche Themen: Goodgames Empire


  1. Goodgame Empire lässt sich nicht entfernen
    Log-Analyse und Auswertung - 24.08.2015 (14)
  2. Windows 8 : Goodgame Empire hat sich selbst installiert, lässt sich nicht löschen
    Log-Analyse und Auswertung - 27.01.2015 (1)
  3. goodgame empire lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.03.2014 (3)
  4. Proxy Empire Trojaner mit Firefox
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (4)
  5. Star Wars - Empire At War: Forces Of Corruption
    Alles rund um Windows - 30.08.2012 (1)
  6. Empire Earth II + Erweiterung vollständig entfernen
    Alles rund um Windows - 13.07.2010 (0)
  7. Empire Earth 2 nicht löschbar
    Alles rund um Windows - 20.07.2008 (12)
  8. Empire Earth Aoc stuerzt oft ab.....
    Plagegeister aller Art und deren Bekämpfung - 12.12.2007 (0)

Zum Thema Goodgames Empire - Hallo ihr lieben, bin ein absoluter PC laie und habe heute auf meinem PC auf einmal Goodgames Empire gefunden. Da ich absolut nicht weiß, wie das Spiel auf meinem PC - Goodgames Empire...
Archiv
Du betrachtest: Goodgames Empire auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.