Mystartsearch- Totales Chaos nach Entfernungsversuch

dr.tschuna · 30.04.2015, 19:23

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=aabf0db93d2a534fb32c95081c5f1d0d
# engine=19142
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-12 11:58:49
# local_time=2014-07-12 01:58:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 2797 36644350 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 26038 242690234 0 0
# scanned=39121
# found=1
# cleaned=0
# scan_time=910
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=aabf0db93d2a534fb32c95081c5f1d0d
# engine=19142
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-12 12:57:42
# local_time=2014-07-12 02:57:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 6331 36647884 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 29572 242693768 0 0
# scanned=79237
# found=3
# cleaned=0
# scan_time=3402
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
sh=0FDFADBE9875BD8B5323A9F1D66EF42A6C72AA1D ft=1 fh=9af4519a1485e198 vn="a variant of Win32/Kryptik.CGBJ trojan" ac=I fn="C:\Users\Ron\AppData\Local\Genesis_07121006\Genesis_07121006.exe"
sh=12ECC6D468C619CEF5F5EF4BAE51BA9252BDFC21 ft=1 fh=3a88659837b0bfbd vn="Win32/AdWare.Linkular.AH application" ac=I fn="C:\Users\Ron\AppData\Local\temp\is-9PPM5.tmp\LightImageResizer.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=aabf0db93d2a534fb32c95081c5f1d0d
# engine=23639
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-30 06:21:08
# local_time=2015-04-30 08:21:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 3082 61896090 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 213027 267941974 0 0
# scanned=49035
# found=4
# cleaned=0
# scan_time=1027
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
sh=B05F70FA222B67E1B2798F73D6210AE8117A769A ft=1 fh=79b82a07282ea80b vn="Variante von Win32/Adware.SpeedingUpMyPC.AA Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}\hqghumeaylnlf.exe.vir"
sh=3A6B895DC791135C7B424D6A3AB327EB59ED2462 ft=1 fh=f63cb4459345e5cd vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ron\AppData\Roaming\SCheck\ntdllinst.exe.vir"
sh=EEE3E4F2C9A7A3E6C932073F725FB98D0416A168 ft=1 fh=2fa5d367a4c59724 vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ron\AppData\Roaming\Snz\Snz.exe.vir"

deeprybka · 30.04.2015, 19:24

Den Scan bitte vollständig ausführen.

dr.tschuna · 30.04.2015, 19:31

DAchte ich eigentlich wäre er. Dann nochmal! Moment.

deeprybka · 30.04.2015, 19:52

Der dauert paar Stunden...

dr.tschuna · 01.05.2015, 08:30

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=aabf0db93d2a534fb32c95081c5f1d0d
# engine=23642
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-30 09:17:42
# local_time=2015-04-30 11:17:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 13676 61906684 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 223621 267952568 0 0
# scanned=300735
# found=9
# cleaned=0
# scan_time=9840
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
sh=B05F70FA222B67E1B2798F73D6210AE8117A769A ft=1 fh=79b82a07282ea80b vn="Variante von Win32/Adware.SpeedingUpMyPC.AA Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}\hqghumeaylnlf.exe.vir"
sh=3A6B895DC791135C7B424D6A3AB327EB59ED2462 ft=1 fh=f63cb4459345e5cd vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ron\AppData\Roaming\SCheck\ntdllinst.exe.vir"
sh=EEE3E4F2C9A7A3E6C932073F725FB98D0416A168 ft=1 fh=2fa5d367a4c59724 vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ron\AppData\Roaming\Snz\Snz.exe.vir"
sh=A7266E2BB2EB6F979513C5DE391B20D4FEF2AA48 ft=1 fh=a777d1a9fb2953ce vn="Variante von Win32/Adware.AddLyrics.EA Anwendung" ac=I fn="C:\ProgramData\rsm\1E760D09738E47FB8307EED4F3FFFA61\setup.exe"
sh=3ADED111BA4C362714DD914AF2875D25390F9141 ft=1 fh=960d55973837187f vn="Mehrere Bedrohungen" ac=I fn="C:\ProgramData\rsm\C40B0BF32C954C639ABE3E9253F77EF6\setup.exe"
sh=A7266E2BB2EB6F979513C5DE391B20D4FEF2AA48 ft=1 fh=a777d1a9fb2953ce vn="Variante von Win32/Adware.AddLyrics.EA Anwendung" ac=I fn="C:\Users\All Users\rsm\1E760D09738E47FB8307EED4F3FFFA61\setup.exe"
sh=3ADED111BA4C362714DD914AF2875D25390F9141 ft=1 fh=960d55973837187f vn="Mehrere Bedrohungen" ac=I fn="C:\Users\All Users\rsm\C40B0BF32C954C639ABE3E9253F77EF6\setup.exe"
sh=0EC30DF742984EA79C49703698D5777B1BCC6F42 ft=1 fh=e77459d120c26c8f vn="Variante von Win32/TrojanDownloader.Adcurl.A Trojaner" ac=I fn="C:\Windows\rsm.exe"

Mein Kaspersky will nach dem Booten immer "desinfizieren"! Soll ich das so lange Du dran bist ignorieren, oder mal durchlaufen lassen? Ich vermute mal ignorieren

deeprybka · 01.05.2015, 11:27

Nö, lass ihn mal desinfizieren.

Was gibts denn jetzt noch für ad- bzw. malwarebedingte Probleme mit dem PC?

Schritt 1

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

dr.tschuna · 01.05.2015, 12:20

So! Habe ich gemacht! Mein KAspersky zeigt aber immer noch Malware an.
Führe jetzt noch mal FRST durch. Soll ich dann Firefox neu von der Seite runterladen? Was mache ich mit dem Ordner "Alte Firefoxdaten"?

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Ron (administrator) on RON-PC on 01-05-2015 13:00:34
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron (Available profiles: Ron)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\mrsm.exe
() C:\Windows\rsm.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Skytech Co., Ltd.) C:\Users\Ron\AppData\Roaming\oursurfing\UninstallManager.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll [X]
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-04-11]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-28]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}\hqghumeaylnlf.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {CA8FE908-E845-4081-937D-C045FEC0FC98} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018
FF NewTab: hxxp://www.oursurfing.com/newtab/?type=nt&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Fast Start - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\quick_searchff@gmail.com [2015-05-01]
FF Extension: Search Enginer - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\sweetsearch@gmail.com [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-04]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\sweetsearch@gmail.com
FF HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-01] (Kaspersky Lab ZAO)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mrsm; c:\windows\mrsm.exe [408576 2015-04-28] () [File not signed]
R2 rsm; c:\windows\rsm.exe [417792 2015-04-28] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; No ImagePath
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-01] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-04-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 LVUSBS64; system32\drivers\LVUSBS64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 13:00 - 2015-05-01 13:01 - 00023723 _____ () C:\Users\Ron\Desktop\FRST.txt
2015-05-01 12:55 - 2015-05-01 12:55 - 02101248 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2015-05-01 09:01 - 2015-05-01 09:02 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-30 20:30 - 2015-04-30 20:30 - 02347384 _____ (ESET) C:\Users\Ron\Downloads\esetsmartinstaller_deu.exe
2015-04-30 19:27 - 2015-04-30 19:02 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-04-30 19:05 - 2015-04-30 19:34 - 00013362 _____ () C:\zoek-results.log
2015-04-30 19:02 - 2015-04-30 19:23 - 00000000 ____D () C:\zoek_backup
2015-04-30 19:01 - 2015-04-30 19:01 - 01305600 _____ () C:\Users\Ron\Desktop\zoek.exe
2015-04-29 20:31 - 2015-04-29 20:31 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ron\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-29 20:17 - 2015-04-29 20:17 - 02224640 _____ () C:\Users\Ron\Downloads\AdwCleaner_4.202.exe
2015-04-29 18:40 - 2015-04-29 19:32 - 00039040 _____ () C:\Users\Ron\Downloads\Addition.txt
2015-04-29 18:39 - 2015-04-29 19:32 - 00075085 _____ () C:\Users\Ron\Downloads\FRST.txt
2015-04-29 18:39 - 2015-04-29 18:39 - 02101248 _____ (Farbar) C:\Users\Ron\Downloads\FRST64.exe
2015-04-29 09:14 - 2015-04-29 09:14 - 00262144 _____ () C:\Windows\system32\config\elam
2015-04-29 08:32 - 2015-05-01 09:00 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\oursurfing
2015-04-28 23:57 - 2015-04-28 23:57 - 00000000 ____D () C:\Users\Ron\Desktop\Alte Firefox-Daten
2015-04-28 21:43 - 2015-05-01 09:00 - 00000000 ___HD () C:\ProgramData\rsm
2015-04-28 21:40 - 2015-04-28 21:40 - 00631296 _____ () C:\Windows\rsm.dat
2015-04-28 21:40 - 2015-04-28 21:40 - 00417792 _____ () C:\Windows\rsm.exe
2015-04-28 21:40 - 2015-04-28 21:40 - 00408576 _____ () C:\Windows\mrsm.exe
2015-04-27 20:51 - 2015-04-27 20:51 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall(1).exe
2015-04-27 20:50 - 2015-04-27 20:50 - 00413368 _____ () C:\Users\Ron\Downloads\model_trisha_1089506_hendrix78_GameroticaAutoInstall.exe
2015-04-26 10:05 - 2015-04-26 10:05 - 00243416 _____ () C:\Users\Ron\Downloads\pose_sandypose librarian dual 14_1087984_sandreane_GameroticaAutoInstall.exe
2015-04-26 10:04 - 2015-04-26 10:04 - 00485816 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_jewelry_devil_heart_1088454_veemy_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:04 - 00286824 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088616_like_a_lion_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 02647568 _____ () C:\Users\Ron\Downloads\texture_cloth_mse short shorts wlow_1088640_mouse_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 00254208 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088618_like_a_lion_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall.exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00328864 _____ () C:\Users\Ron\Downloads\pose_jbroot naa cunilover_1085010_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00336520 _____ () C:\Users\Ron\Downloads\pose_jbroot naa ride 2_1085014_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00333464 _____ () C:\Users\Ron\Downloads\pose_jbroot naa blowjob_1084994_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00331568 _____ () C:\Users\Ron\Downloads\pose_jbroot naa prelude to assfuck_1085016_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00230880 _____ () C:\Users\Ron\Downloads\pose_office mutual_1085048_pnyxprs420_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00279256 _____ () C:\Users\Ron\Downloads\pose_intense fbp missionary 1 a_1086054_skar123_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00263160 _____ () C:\Users\Ron\Downloads\pose_ekusoy movieaction 19_1085564_ekusoy_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00239096 _____ () C:\Users\Ron\Downloads\pose_office dual masterbation_1085050_pnyxprs420_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00258544 _____ () C:\Users\Ron\Downloads\pose_working girls working hard 1 a_1086096_skar123_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00235248 _____ () C:\Users\Ron\Downloads\pose_licking love_1086102_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00231624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian single 29_1086128_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00229632 _____ () C:\Users\Ron\Downloads\pose_licking love iii_1086108_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00229344 _____ () C:\Users\Ron\Downloads\pose_licking love ii_1086104_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:44 - 2015-04-22 20:44 - 00239296 _____ () C:\Users\Ron\Downloads\pose_seducting pose 01_1086376_prime_005_GameroticaAutoInstall.exe
2015-04-22 20:43 - 2015-04-22 20:43 - 00261240 _____ () C:\Users\Ron\Downloads\pose_rb blowjob_1087686_s-hunter_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00250992 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 61_1087698_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00241616 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 59_1087702_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00240800 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 58_1087694_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:41 - 2015-04-22 20:41 - 00247472 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 09_1087974_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:41 - 2015-04-22 20:41 - 00234784 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 11_1087978_sandreane_GameroticaAutoInstall.exe
2015-04-21 09:35 - 2015-04-29 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-16 08:32 - 2015-03-14 04:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 08:32 - 2015-03-14 04:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 08:32 - 2015-03-13 03:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 08:32 - 2015-03-13 03:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 08:32 - 2015-03-13 03:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 08:32 - 2015-03-13 02:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 08:32 - 2015-03-13 02:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 08:32 - 2015-03-13 02:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 08:32 - 2015-03-05 04:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 08:32 - 2015-03-05 03:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 08:24 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 08:24 - 2015-03-09 02:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 08:24 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 08:24 - 2015-03-05 04:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 08:24 - 2015-03-05 03:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:19 - 2015-03-10 02:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 08:19 - 2015-03-10 02:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 08:19 - 2015-03-10 02:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 08:19 - 2015-03-10 02:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 08:19 - 2015-03-10 02:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 08:19 - 2015-03-10 02:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 08:19 - 2015-03-10 02:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 08:19 - 2015-03-10 02:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 08:19 - 2015-03-10 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 08:19 - 2015-03-10 02:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-15 08:19 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 08:19 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 08:19 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 08:19 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 08:19 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 08:19 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 08:19 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 08:19 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 08:19 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-15 08:19 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-13 12:09 - 2015-04-13 12:09 - 00241448 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed doggy in and out_1081888_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:08 - 2015-04-13 12:08 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall(1).exe
2015-04-13 12:08 - 2015-04-13 12:08 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall(1).exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00611776 _____ () C:\Users\Ron\Downloads\model_this is not addison timlin_1082304_eganem_GameroticaAutoInstall.exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall(1).exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall(1).exe
2015-04-13 12:06 - 2015-04-13 12:06 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall(1).exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00791960 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 1_1082640_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00751952 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 2_1082630_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00727200 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 3_1082646_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00721272 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 4_1082650_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:05 - 00728336 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 5_1082656_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:04 - 00241848 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed cowgirl_1082978_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:04 - 00237240 _____ () C:\Users\Ron\Downloads\pose_bed ride_1082990_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00787304 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 9_1083054_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00724776 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 7_1083050_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00719736 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 8_1083052_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00691144 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 6_1083048_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00704416 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 10_1083056_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00525448 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 2_1083776_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00467232 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 1_1083774_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 06622576 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_mini_1083946_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 06493368 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_micromini_1083948_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 00502528 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 3_1083778_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 00241024 _____ () C:\Users\Ron\Downloads\pose_ride_1083822_maxi1009_GameroticaAutoInstall.exe
2015-04-13 12:00 - 2015-04-13 12:00 - 05568672 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_towaist_1083954_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:00 - 2015-04-13 12:00 - 00303120 _____ () C:\Users\Ron\Downloads\pose_wap pegging the new girl_1083838_nottsandnotts_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00563576 _____ () C:\Users\Ron\Downloads\texture_cloth_m5kkcfma_1084090_meatloaf5k_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00246136 _____ () C:\Users\Ron\Downloads\pose_bed room bed hump_1084010_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00245384 _____ () C:\Users\Ron\Downloads\pose_bed room bed her turn_1084000_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00245376 _____ () C:\Users\Ron\Downloads\pose_edge of bed room bed_1084014_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00244264 _____ () C:\Users\Ron\Downloads\pose_bed room bed in and out_1084006_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00251376 _____ () C:\Users\Ron\Downloads\pose_animated ride_1084046_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 41_1084212_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00248624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 44_1084224_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00246456 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 40_1084206_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00250656 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 47_1084254_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00246576 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 48_1084256_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00245760 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 49_1084258_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00295296 _____ () C:\Users\Ron\Downloads\pose_wap hoisted lick_1084204_nottsandnotts_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 54_1084376_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00242312 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 53_1084370_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00253104 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 55_1084380_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00241880 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 52_1084362_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00236632 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 51_1084360_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:23 - 2015-04-07 21:23 - 00229976 _____ () C:\Users\Ron\Downloads\pose_nipple suck on livingroom chair_1079890_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00944272 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa l1 h3_1080182_mouse_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00243744 _____ () C:\Users\Ron\Downloads\pose_handcuffed bed grind_1079942_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00236992 _____ () C:\Users\Ron\Downloads\pose_high above_1080094_klondyke_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00943808 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa sex1 h3_1080186_mouse_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00928584 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa photopose_1080180_mouse_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00254504 _____ () C:\Users\Ron\Downloads\pose_cuffed library machine ride_1080390_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:20 - 2015-04-07 21:20 - 00251976 _____ () C:\Users\Ron\Downloads\pose_cuffed on library table_1080460_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:17 - 2015-04-07 21:17 - 01362752 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_hairstyle_spring_wind_1080506_veemy_GameroticaAutoInstall.exe
2015-04-07 21:17 - 2015-04-07 21:17 - 00225184 _____ () C:\Users\Ron\Downloads\pose_mutual respect animated_1080532_pnyxprs420_GameroticaAutoInstall.exe
2015-04-07 21:16 - 2015-04-07 21:16 - 00410808 _____ () C:\Users\Ron\Downloads\model_jasmin_1081134_t03289a_GameroticaAutoInstall.exe
2015-04-07 21:15 - 2015-04-07 21:15 - 00757440 _____ () C:\Users\Ron\Downloads\texture_cloth_sloggi underwear white_1081628_howlin_GameroticaAutoInstall.exe
2015-04-07 21:15 - 2015-04-07 21:15 - 00245576 _____ () C:\Users\Ron\Downloads\pose_jail desk in and out_1081686_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:14 - 2015-04-07 21:14 - 00210688 _____ () C:\Users\Ron\Downloads\pose_pose_1081738_cybermach_GameroticaAutoInstall.exe
2015-04-07 21:13 - 2015-04-07 21:13 - 00255368 _____ () C:\Users\Ron\Downloads\pose_cream pie_1081844_lagit38_GameroticaAutoInstall.exe
2015-04-07 21:11 - 2015-04-07 21:11 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:11 - 2015-04-07 21:11 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:10 - 2015-04-07 21:10 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:09 - 2015-04-07 21:09 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall.exe
2015-04-07 21:09 - 2015-04-07 21:09 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 13:00 - 2014-03-30 21:20 - 00000000 ____D () C:\FRST
2015-05-01 12:55 - 2009-03-09 19:18 - 01418498 _____ () C:\Windows\WindowsUpdate.log
2015-05-01 12:51 - 2012-08-25 12:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-01 12:50 - 2014-02-10 13:07 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 12:50 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-01 12:50 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-01 12:50 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 12:49 - 2006-11-02 17:42 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-01 12:41 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-01 12:30 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-01 12:23 - 2014-02-10 13:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-01 12:18 - 2012-07-05 19:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-01 11:33 - 2009-02-04 21:42 - 00000831 _____ () C:\Users\Public\Desktop\Internet Explorer.lnk
2015-05-01 11:25 - 2008-01-21 05:26 - 00858178 _____ () C:\Windows\PFRO.log
2015-04-30 19:50 - 2009-08-05 16:40 - 00000000 ___RD () C:\Users\Ron\Documents\Ronald
2015-04-30 09:46 - 2009-08-04 20:56 - 00000000 ___RD () C:\Users\Ron\Documents\Christine
2015-04-30 06:39 - 2006-11-02 17:27 - 00238239 _____ () C:\Windows\setupact.log
2015-04-29 20:33 - 2014-04-02 19:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-29 20:32 - 2014-04-02 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-29 20:32 - 2014-04-02 19:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-29 20:32 - 2013-03-17 13:45 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-29 20:22 - 2014-04-02 19:57 - 00000000 ____D () C:\AdwCleaner
2015-04-28 22:03 - 2009-08-04 19:23 - 00000000 ____D () C:\Users\Ron
2015-04-28 08:52 - 2009-08-06 05:37 - 00043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat
2015-04-22 08:05 - 2013-08-15 06:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-22 07:55 - 2006-11-02 14:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-21 21:52 - 2013-04-09 19:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 19:08 - 2014-08-16 22:47 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\spool
2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-21 19:08 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\registration
2015-04-21 19:08 - 2006-11-02 14:33 - 80478208 _____ () C:\Windows\system32\config\software_previous
2015-04-21 19:08 - 2006-11-02 14:33 - 317456384 _____ () C:\Windows\system32\config\system_previous
2015-04-21 19:02 - 2006-11-02 14:33 - 61341696 _____ () C:\Windows\system32\config\components_previous
2015-04-21 19:02 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-20 22:16 - 2006-11-02 14:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-04-20 22:16 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-17 13:29 - 2009-08-07 13:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-16 08:31 - 2009-09-01 20:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 08:26 - 2013-04-12 20:12 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 17:18 - 2013-04-03 21:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 17:18 - 2013-04-03 21:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 17:18 - 2012-07-05 19:40 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 09:37 - 2014-04-02 19:09 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-04-02 19:09 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2013-03-17 13:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-06 07:37 - 2009-08-06 06:15 - 00000000 ____D () C:\Users\Ron\AppData\Local\Google

==================== Files in the root of some directories =======

2014-12-19 18:03 - 2014-12-19 18:03 - 0000396 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFX5SA.log
2010-01-06 23:00 - 2010-01-04 16:43 - 0152848 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Comdlg32.ocx
2009-08-06 05:37 - 2015-04-28 08:52 - 0043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat
2012-05-01 10:56 - 2012-12-01 11:46 - 0001356 _____ () C:\Users\Ron\AppData\Local\d3d9caps.dat
2011-07-15 22:45 - 2015-03-04 19:56 - 0009148 _____ () C:\Users\Ron\AppData\Local\d3d9caps64.dat
2010-04-27 22:52 - 2015-03-11 23:46 - 0209408 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 21:07 - 2015-01-25 21:39 - 0523048 _____ () C:\Users\Ron\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2015-01-25 21:06 - 2015-01-25 21:06 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error.txt
2015-01-25 21:11 - 2015-01-25 21:11 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error_lp.txt
2015-01-25 21:06 - 2015-01-25 21:39 - 1041360 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install.txt
2015-01-25 21:11 - 2015-01-25 21:39 - 0170854 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install_lp.txt
2015-01-25 21:11 - 2015-01-25 21:11 - 0974496 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI2695.txt
2015-01-25 21:38 - 2015-01-25 21:39 - 0973680 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI3B7D.txt
2015-01-25 21:09 - 2015-01-25 21:11 - 2828366 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI2521.txt
2015-01-25 21:38 - 2015-01-25 21:38 - 2828752 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI3B22.txt
2011-02-09 12:19 - 2011-02-09 12:19 - 0359330 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI3ADA.txt
2011-09-13 18:55 - 2011-09-13 18:55 - 0363238 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI56CD.txt
2011-02-09 13:19 - 2011-02-09 13:19 - 0358562 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI6914.txt
2011-02-09 10:43 - 2011-02-09 10:43 - 0358772 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI7125.txt
2011-02-09 12:19 - 2011-02-09 12:19 - 0011230 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI3ADA.txt
2011-09-13 18:55 - 2011-09-13 18:55 - 0011454 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI56CD.txt
2011-02-09 13:19 - 2011-02-09 13:19 - 0011198 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI6914.txt
2011-02-09 10:43 - 2011-02-09 10:43 - 0011166 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI7125.txt
2011-06-25 16:00 - 2014-07-12 11:51 - 0000047 _____ () C:\Users\Ron\AppData\Local\Images.fl
2015-01-25 21:06 - 2015-01-25 21:39 - 0006418 _____ () C:\Users\Ron\AppData\Local\uxeventlog.txt
2011-10-16 12:36 - 2011-10-16 12:36 - 0017408 _____ () C:\Users\Ron\AppData\Local\WebpageIcons.db
2009-02-04 21:50 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.001
2009-02-04 21:12 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-01 12:58

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Ron at 2015-05-01 13:02:09
Running from C:\Users\Ron\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2673002154-866942330-3263328844-500 - Administrator - Disabled)
Gast (S-1-5-21-2673002154-866942330-3263328844-501 - Limited - Disabled)
Ron (S-1-5-21-2673002154-866942330-3263328844-1000 - Administrator - Enabled) => C:\Users\Ron

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP630 series Benutzerregistrierung (HKLM-x32\...\Canon MP630 series Benutzerregistrierung) (Version:  - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
EB4aFCB8 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150113 - Landesfinanzdirektion Thüringen)
FormatFactory 2.50 (HKLM-x32\...\FormatFactory) (Version: 2.50 - Free Time)
Google Chrome Frame (HKLM-x32\...\{8618AE04-1210-3C32-A8C3-45A5E44CD340}) (Version: 65.169.107 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hardware Diagnose Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5048.14 - PC-Doctor, Inc.)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{E1591139-8B44-411B-A81B-D35F83A0565A}) (Version: 5.7.0.2875 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2717 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2415 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Light Image Resizer 4.6.4.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.4.0 - ObviousIdea)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
MAGIX Audio Cleaning Lab 17 deluxe (HKLM-x32\...\MAGIX_MSI_mclab_17dlx) (Version: 17.0.0.2 - MAGIX AG)
MAGIX Audio Cleaning Lab 17 deluxe (x32 Version: 17.0.0.2 - MAGIX AG) Hidden
MAGIX Speed 2 (MSI) (HKLM-x32\...\{FF34AF1C-705B-424A-A850-1A1F61D6EB71}) (Version: 6.0.1.4 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd)
MyMDb 3.6 (HKLM-x32\...\MyMDb_0) (Version:  - )
Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.6.4.0 - Napster)
Napster Burn Engine (x32 Version: 3.5.0000 - Ihr Firmenname) Hidden
Napster Label Creator (HKLM-x32\...\{16FD907B-FA72-4F3C-B959-E076C8238F80}) (Version: 1.00.0000 - Roxio Inc.,)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Optimierte Multimedia-Tastatur-Lösung (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
oursurfing uninstall (HKLM-x32\...\oursurfing uninstall) (Version:  - oursurfing)
PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.5.311.0 - Tracker Software Products Ltd)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5740 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.6005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
sp43204 (HKLM-x32\...\sp43204) (Version:  - Hewlett-Packard)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
thriXXX-Launcher (HKLM-x32\...\thriXXX-Launcher) (Version:  - thriXXX Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2673002154-866942330-3263328844-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Ron\AppData\Local\Temp\EB4aFCB8.exe No File

==================== Restore Points  =========================

11-03-2015 10:12:58 Geplanter Prüfpunkt
12-03-2015 19:17:41 Windows Update
13-03-2015 23:09:43 Geplanter Prüfpunkt
14-03-2015 21:56:57 Removed Search App by Ask
17-03-2015 10:46:55 Windows Update
21-03-2015 07:24:26 Geplanter Prüfpunkt
22-03-2015 16:52:05 Geplanter Prüfpunkt
24-03-2015 20:40:11 Windows Update
27-03-2015 21:53:24 Windows Update
28-03-2015 20:47:37 Geplanter Prüfpunkt
31-03-2015 21:27:23 Windows Update
01-04-2015 11:51:45 Geplanter Prüfpunkt
07-04-2015 09:58:51 Windows Update
09-04-2015 20:01:12 Geplanter Prüfpunkt
11-04-2015 06:11:17 Windows Update
12-04-2015 16:10:14 Geplanter Prüfpunkt
14-04-2015 09:01:58 Windows Update
16-04-2015 08:16:29 Windows Update
19-04-2015 09:29:59 Windows Update
21-04-2015 09:19:32 Windows Update
22-04-2015 07:52:09 Windows Update
23-04-2015 20:23:17 Geplanter Prüfpunkt
28-04-2015 08:33:59 Windows Update
28-04-2015 21:41:47 Uniblue DriverScanner installation
30-04-2015 07:02:52 Revo Uninstaller's restore point - SpeedChecker
30-04-2015 07:12:31 Revo Uninstaller's restore point - Remote Desktop Access (VuuPC)
30-04-2015 19:05:49 zoek.exe restore point
01-05-2015 09:09:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 14:34 - 2013-03-23 22:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {065DA873-2528-401A-8B7F-83B2D80EC84B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {08282741-5461-4111-B00A-DD5A9B7C174F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05] (PC-Doctor, Inc.)
Task: {117A4663-83AB-4234-BEA8-2AC7C63E221C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)
Task: {119A5F16-495E-427F-941D-2B12710A052E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)
Task: {1E1D3464-698B-4C16-97EC-5EB60134094E} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {2D212E8D-E636-4943-99EB-E251743AEC2C} - System32\Tasks\{A700922C-54DD-44A3-9AA3-97AD5D6306BA} => pcalua.exe -a C:\Users\Ron\Documents\Ronald\cc_mh2v11.exe -d C:\Users\Ron\Documents\Ronald
Task: {6D3A4EA8-9B93-4537-B56A-E49EED8CCB93} - \Fifth No Task File <==== ATTENTION
Task: {A8768CBE-A113-4071-A24D-01D641F87202} - \OMESupervisor No Task File <==== ATTENTION
Task: {B44D4169-04D0-4323-A88B-27D0F33A5EB7} - System32\Tasks\{41E2E354-722F-4126-A717-EF34CDBCBEC4} => pcalua.exe -a F:\flashplayer\Win\install_flash_player.exe -d F:\flashplayer\Win
Task: {C88BDE0D-B6A8-46B0-9B6B-B6CB0D36F114} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E2B104FC-2CDF-40CB-917E-14D860B8D5CA} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Ron => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {E2F9FD4F-03CD-42B4-B77C-EB439D4A00B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FD01D5FB-2D6E-42C1-A347-CDCAC161EE57} - System32\Tasks\{3D4F1524-B579-4F4B-BB6E-33A2B15F82B8} => pcalua.exe -a C:\Users\Ron\Downloads\esetsmartinstaller_enu.exe -d C:\Users\Ron\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml

==================== Loaded Modules (whitelisted) ==============

2011-11-10 04:11 - 2011-11-10 04:11 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-28 21:40 - 2015-04-28 21:40 - 00408576 _____ () c:\windows\mrsm.exe
2015-04-28 21:40 - 2015-04-28 21:40 - 00417792 _____ () c:\windows\rsm.exe
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{FC99AE03-D292-48F7-BB91-477CDCDECF79}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe
FirewallRules: [{BA9EC296-8434-4583-ACAB-0E78C783702F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe
FirewallRules: [{559010AB-F5FD-412B-A3E1-B6D2B11B5EF1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{500CCE24-F335-48F6-9310-5C4F781E6C3E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{8B915CB9-0F64-4A76-B86E-41C0C73B1FC9}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{A67895BD-FC71-4304-8D00-9FEC3E6DBDE6}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{35E318B8-D6C5-4651-B300-0291A29DC4FD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{8AC5445A-D573-4451-9D7E-510D31D5A2D7}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{D210E0E9-0842-4E57-9C6C-125817393DD2}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{0FAE24B0-A1F5-45FC-B391-D7CF7664FAC7}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{5B083104-6E0C-4E44-94A3-7BC87B7BC9F0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{6FBAF1A4-AE74-4D71-A094-500E3324085A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{230CE759-79A9-4A6C-9748-256BD3F8DF3D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{28079C2F-EF06-4EAC-8EFE-6020A4E7DC92}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{FBA5DADC-977F-413A-ACC5-02431B352C15}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{A2D601EB-9907-4430-8A4C-327617A498E4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{5D0D07D5-0D32-42D3-971F-F2899F18427F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{A3903AC9-7CBC-4F9A-99B4-A6F7F6625DD1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{6101F6D8-16E7-4D99-9069-3E557D5CBC8D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [TCP Query User{1D7890CB-F2C2-43FD-9D91-710546164C45}C:\program files (x86)\napster\napster.exe] => (Block) C:\program files (x86)\napster\napster.exe
FirewallRules: [UDP Query User{0BD0618D-6611-423F-9FE6-22B200E02915}C:\program files (x86)\napster\napster.exe] => (Block) C:\program files (x86)\napster\napster.exe
FirewallRules: [{CFD54C7E-83BB-460A-8DE7-6168A27F8DDE}] => (Allow) LPort=80
FirewallRules: [{9BE1370C-23DF-4F48-97B3-2CA4105FA773}] => (Allow) LPort=80
FirewallRules: [{CCE194C7-055B-40B8-ABAE-FDF79735A5FE}] => (Allow) LPort=80
FirewallRules: [{A56E82B7-7534-4C28-A661-9437CA3A2DEB}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{E2AF6A57-7368-4E71-BC19-753A73C59DAB}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{1C632877-3F4A-4733-9395-2AE570A1E0EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6F33C65-D2EB-4507-9026-AFFCBD8A8C22}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5AB752FD-793A-41FA-92ED-F912787F823B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0717930C-1A31-49A0-ADAC-93CAC8CFD9A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{961FD7EE-BB4A-4362-92D4-42ABE952CA6E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6D63D210-600E-4C52-BB13-69684F41EB60}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1F8ACFBA-0B0C-45DA-A489-2C3E59E3594F}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: USB ISDN-Connector
Description: USB ISDN-Connector
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2015 00:51:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 00:42:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 11:27:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 08:58:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 06:48:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2015 08:30:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (04/30/2015 08:30:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (04/30/2015 08:30:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (04/30/2015 08:30:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (04/30/2015 08:26:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.


System errors:
=============
Error: (05/01/2015 00:51:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (05/01/2015 00:51:19 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (05/01/2015 00:51:11 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (05/01/2015 00:51:04 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (05/01/2015 00:50:56 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (05/01/2015 00:49:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (05/01/2015 00:43:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (05/01/2015 00:42:25 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (05/01/2015 00:42:17 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (05/01/2015 00:42:09 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-01 13:01:56.197
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-01 13:01:55.776
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-01 13:01:55.339
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-01 13:01:54.918
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-01 13:01:54.372
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-01 13:01:53.951
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-01 13:01:53.483
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-01 13:01:53.030
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-01 13:01:23.188
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-01 13:01:22.704
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 37%
Total physical RAM: 6142.33 MB
Available physical RAM: 3824.91 MB
Total Pagefile: 12405.12 MB
Available Pagefile: 10165.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:582.33 GB) (Free:266.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.84 GB) (Free:1.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:596.17 GB) (Free:589.81 GB) NTFS
Drive h: (Elements) (Fixed) (Total:931.51 GB) (Free:691.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: 6BD0662C)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00039E2E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Kaspersky ist jetzt "sauber" ! juhu!

"Oursurfing " als Startseite im Explorer über Revo Uninstaller entfernen und dort google wieder einsetzen? Dann vermutlich Firefox neu runterladen , oder?

deeprybka · 01.05.2015, 12:38

Zitat:

Zitat von dr.tschuna

Kaspersky ist jetzt "sauber" ! juhu!

Das heißt garnichts! Der Rechner ist es noch lange nicht.

Wo kommt denn dieses Zeug her?

Code:

ATTFilter

C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall(1).exe
2015-04-27 20:50 - 2015-04-27 20:50 - 00413368 _____ () C:\Users\Ron\Downloads\model_trisha_1089506_hendrix78_GameroticaAutoInstall.exe
2015-04-26 10:05 - 2015-04-26 10:05 - 00243416 _____ () C:\Users\Ron\Downloads\pose_sandypose librarian dual 14_1087984_sandreane_GameroticaAutoInstall.exe
2015-04-26 10:04 - 2015-04-26 10:04 - 00485816 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_jewelry_devil_heart_1088454_veemy_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:04 - 00286824 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088616_like_a_lion_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 02647568 _____ () C:\Users\Ron\Downloads\texture_cloth_mse short shorts wlow_1088640_mouse_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 00254208 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088618_like_a_lion_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall.exe

dr.tschuna · 01.05.2015, 12:54

DAs ist ein Online Spiel! Das ist O.K!

Und die 9 Bedrohungen die ESET gefunden hat?

deeprybka · 01.05.2015, 12:57

oursurfing uninstall bitte mit Revo deinstallieren.

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

CloseProcesses:
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-28]
C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}
R2 mrsm; c:\windows\mrsm.exe [408576 2015-04-28] () [File not signed]
R2 rsm; c:\windows\rsm.exe [417792 2015-04-28] () [File not signed]
c:\windows\mrsm.exe 
c:\windows\rsm.exe 
2015-05-01 09:01 - 2015-05-01 09:02 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-29 08:32 - 2015-05-01 09:00 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\oursurfing
2015-04-28 21:43 - 2015-05-01 09:00 - 00000000 ___HD () C:\ProgramData\rsm
2015-04-28 21:40 - 2015-04-28 21:40 - 00631296 _____ () C:\Windows\rsm.dat
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {CA8FE908-E845-4081-937D-C045FEC0FC98} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
FF NewTab: hxxp://www.oursurfing.com/newtab/?type=nt&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
FF Extension: Fast Start - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\quick_searchff@gmail.com [2015-05-01]
FF Extension: Search Enginer - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\sweetsearch@gmail.com [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\sweetsearch@gmail.com
2015-05-01 09:01 - 2015-05-01 09:02 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-29 08:32 - 2015-05-01 09:00 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\oursurfing
2015-04-28 21:43 - 2015-05-01 09:00 - 00000000 ___HD () C:\ProgramData\rsm
2015-04-28 21:40 - 2015-04-28 21:40 - 00631296 _____ () C:\Windows\rsm.dat
Task: {6D3A4EA8-9B93-4537-B56A-E49EED8CCB93} - \Fifth No Task File 
Task: {A8768CBE-A113-4071-A24D-01D641F87202} - \OMESupervisor No Task File 
C:\Users\Ron\AppData\Roaming\oursurfing
EmptyTemp:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Nach dem Reboot:

Schritt 2

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

dr.tschuna · 01.05.2015, 13:12

Ich habe frst auf dem Desktop! Wohin soll ich die datei Fixlist speichern?

deeprybka · 01.05.2015, 13:12

na auch auf den Desktop.

dr.tschuna · 01.05.2015, 13:26

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015 01
Ran by Ron at 2015-05-01 14:13:25 Run:2
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron (Available profiles: Ron)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-28]
C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}
R2 mrsm; c:\windows\mrsm.exe [408576 2015-04-28] () [File not signed]
R2 rsm; c:\windows\rsm.exe [417792 2015-04-28] () [File not signed]
c:\windows\mrsm.exe 
c:\windows\rsm.exe 
2015-05-01 09:01 - 2015-05-01 09:02 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-29 08:32 - 2015-05-01 09:00 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\oursurfing
2015-04-28 21:43 - 2015-05-01 09:00 - 00000000 ___HD () C:\ProgramData\rsm
2015-04-28 21:40 - 2015-04-28 21:40 - 00631296 _____ () C:\Windows\rsm.dat
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {CA8FE908-E845-4081-937D-C045FEC0FC98} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430463687&type=default&q={searchTerms}
FF NewTab: hxxp://www.oursurfing.com/newtab/?type=nt&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1430463649&z=ee4544974c62fb8a8c746b9g2z6c6e3z5q1ceqfwbz&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826
FF Extension: Fast Start - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\quick_searchff@gmail.com [2015-05-01]
FF Extension: Search Enginer - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\sweetsearch@gmail.com [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\sweetsearch@gmail.com
2015-05-01 09:01 - 2015-05-01 09:02 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-29 08:32 - 2015-05-01 09:00 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\oursurfing
2015-04-28 21:43 - 2015-05-01 09:00 - 00000000 ___HD () C:\ProgramData\rsm
2015-04-28 21:40 - 2015-04-28 21:40 - 00631296 _____ () C:\Windows\rsm.dat
Task: {6D3A4EA8-9B93-4537-B56A-E49EED8CCB93} - \Fifth No Task File 
Task: {A8768CBE-A113-4071-A24D-01D641F87202} - \OMESupervisor No Task File 
C:\Users\Ron\AppData\Roaming\oursurfing
EmptyTemp:
         
*****************

Processes closed successfully.
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully.
"C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}" => File/Directory not found.
mrsm => Service deleted successfully.
rsm => Service deleted successfully.
c:\windows\mrsm.exe => Moved successfully.
c:\windows\rsm.exe => Moved successfully.
C:\Program Files (x86)\XTab => Moved successfully.
"C:\Users\Ron\AppData\Roaming\oursurfing" => File/Directory not found.
C:\ProgramData\rsm => Moved successfully.
C:\Windows\rsm.dat => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}" => Key deleted successfully.
HKCR\CLSID\{CA8FE908-E845-4081-937D-C045FEC0FC98} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found. 
"HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. 
"HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. 
Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\quick_searchff@gmail.com => Moved successfully.
C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\sweetsearch@gmail.com => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\quick_searchff@gmail.com => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sweetsearch@gmail.com => value deleted successfully.
"C:\Program Files (x86)\XTab" => File/Directory not found.
"C:\Users\Ron\AppData\Roaming\oursurfing" => File/Directory not found.
"C:\ProgramData\rsm" => File/Directory not found.
"C:\Windows\rsm.dat" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D3A4EA8-9B93-4537-B56A-E49EED8CCB93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D3A4EA8-9B93-4537-B56A-E49EED8CCB93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fifth" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8768CBE-A113-4071-A24D-01D641F87202}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8768CBE-A113-4071-A24D-01D641F87202}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OMESupervisor" => Key deleted successfully.
"C:\Users\Ron\AppData\Roaming\oursurfing" => File/Directory not found.
EmptyTemp: => Removed 2.4 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 14:13:42 ====

Code:

ATTFilter

LastRegBack: 2015-05-01 14:23

==================== End Of Log ============================

deeprybka · 01.05.2015, 13:27

FRST-Scan wiederholen bitte.

dr.tschuna · 01.05.2015, 13:31

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Ron (administrator) on RON-PC on 01-05-2015 14:30:27
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron (Available profiles: Ron)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll [X]
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-04-11]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-04]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-09-15]
FF HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\quick_searchff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\sweetsearch@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\quick_searchff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\sweetsearch@gmail.com [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-01] (Kaspersky Lab ZAO)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; No ImagePath
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-01] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-04-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 LVUSBS64; system32\drivers\LVUSBS64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 13:00 - 2015-05-01 14:30 - 00018475 _____ () C:\Users\Ron\Desktop\FRST.txt
2015-05-01 12:55 - 2015-05-01 12:55 - 02101248 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2015-04-30 20:30 - 2015-04-30 20:30 - 02347384 _____ (ESET) C:\Users\Ron\Downloads\esetsmartinstaller_deu.exe
2015-04-30 19:27 - 2015-04-30 19:02 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-04-30 19:05 - 2015-04-30 19:34 - 00013362 _____ () C:\zoek-results.log
2015-04-30 19:02 - 2015-04-30 19:23 - 00000000 ____D () C:\zoek_backup
2015-04-30 19:01 - 2015-04-30 19:01 - 01305600 _____ () C:\Users\Ron\Desktop\zoek.exe
2015-04-29 20:31 - 2015-04-29 20:31 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ron\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-29 20:17 - 2015-04-29 20:17 - 02224640 _____ () C:\Users\Ron\Downloads\AdwCleaner_4.202.exe
2015-04-29 18:40 - 2015-04-29 19:32 - 00039040 _____ () C:\Users\Ron\Downloads\Addition.txt
2015-04-29 18:39 - 2015-04-29 19:32 - 00075085 _____ () C:\Users\Ron\Downloads\FRST.txt
2015-04-29 18:39 - 2015-04-29 18:39 - 02101248 _____ (Farbar) C:\Users\Ron\Downloads\FRST64.exe
2015-04-29 09:14 - 2015-04-29 09:14 - 00262144 _____ () C:\Windows\system32\config\elam
2015-04-28 23:57 - 2015-04-28 23:57 - 00000000 ____D () C:\Users\Ron\Desktop\Alte Firefox-Daten
2015-04-27 20:51 - 2015-04-27 20:51 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall(1).exe
2015-04-27 20:50 - 2015-04-27 20:50 - 00413368 _____ () C:\Users\Ron\Downloads\model_trisha_1089506_hendrix78_GameroticaAutoInstall.exe
2015-04-26 10:05 - 2015-04-26 10:05 - 00243416 _____ () C:\Users\Ron\Downloads\pose_sandypose librarian dual 14_1087984_sandreane_GameroticaAutoInstall.exe
2015-04-26 10:04 - 2015-04-26 10:04 - 00485816 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_jewelry_devil_heart_1088454_veemy_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:04 - 00286824 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088616_like_a_lion_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 02647568 _____ () C:\Users\Ron\Downloads\texture_cloth_mse short shorts wlow_1088640_mouse_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 00254208 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088618_like_a_lion_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall.exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00328864 _____ () C:\Users\Ron\Downloads\pose_jbroot naa cunilover_1085010_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00336520 _____ () C:\Users\Ron\Downloads\pose_jbroot naa ride 2_1085014_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00333464 _____ () C:\Users\Ron\Downloads\pose_jbroot naa blowjob_1084994_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00331568 _____ () C:\Users\Ron\Downloads\pose_jbroot naa prelude to assfuck_1085016_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00230880 _____ () C:\Users\Ron\Downloads\pose_office mutual_1085048_pnyxprs420_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00279256 _____ () C:\Users\Ron\Downloads\pose_intense fbp missionary 1 a_1086054_skar123_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00263160 _____ () C:\Users\Ron\Downloads\pose_ekusoy movieaction 19_1085564_ekusoy_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00239096 _____ () C:\Users\Ron\Downloads\pose_office dual masterbation_1085050_pnyxprs420_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00258544 _____ () C:\Users\Ron\Downloads\pose_working girls working hard 1 a_1086096_skar123_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00235248 _____ () C:\Users\Ron\Downloads\pose_licking love_1086102_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00231624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian single 29_1086128_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00229632 _____ () C:\Users\Ron\Downloads\pose_licking love iii_1086108_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00229344 _____ () C:\Users\Ron\Downloads\pose_licking love ii_1086104_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:44 - 2015-04-22 20:44 - 00239296 _____ () C:\Users\Ron\Downloads\pose_seducting pose 01_1086376_prime_005_GameroticaAutoInstall.exe
2015-04-22 20:43 - 2015-04-22 20:43 - 00261240 _____ () C:\Users\Ron\Downloads\pose_rb blowjob_1087686_s-hunter_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00250992 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 61_1087698_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00241616 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 59_1087702_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00240800 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 58_1087694_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:41 - 2015-04-22 20:41 - 00247472 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 09_1087974_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:41 - 2015-04-22 20:41 - 00234784 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 11_1087978_sandreane_GameroticaAutoInstall.exe
2015-04-21 09:35 - 2015-04-29 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-16 08:32 - 2015-03-14 04:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 08:32 - 2015-03-14 04:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 08:32 - 2015-03-13 03:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 08:32 - 2015-03-13 03:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 08:32 - 2015-03-13 03:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 08:32 - 2015-03-13 02:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 08:32 - 2015-03-13 02:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 08:32 - 2015-03-13 02:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 08:32 - 2015-03-05 04:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 08:32 - 2015-03-05 03:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 08:24 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 08:24 - 2015-03-09 02:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 08:24 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 08:24 - 2015-03-05 04:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 08:24 - 2015-03-05 03:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:19 - 2015-03-10 02:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 08:19 - 2015-03-10 02:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 08:19 - 2015-03-10 02:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 08:19 - 2015-03-10 02:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 08:19 - 2015-03-10 02:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 08:19 - 2015-03-10 02:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 08:19 - 2015-03-10 02:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 08:19 - 2015-03-10 02:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 08:19 - 2015-03-10 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 08:19 - 2015-03-10 02:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-15 08:19 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 08:19 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 08:19 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 08:19 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 08:19 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 08:19 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 08:19 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 08:19 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 08:19 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-15 08:19 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-13 12:09 - 2015-04-13 12:09 - 00241448 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed doggy in and out_1081888_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:08 - 2015-04-13 12:08 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall(1).exe
2015-04-13 12:08 - 2015-04-13 12:08 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall(1).exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00611776 _____ () C:\Users\Ron\Downloads\model_this is not addison timlin_1082304_eganem_GameroticaAutoInstall.exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall(1).exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall(1).exe
2015-04-13 12:06 - 2015-04-13 12:06 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall(1).exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00791960 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 1_1082640_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00751952 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 2_1082630_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00727200 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 3_1082646_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00721272 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 4_1082650_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:05 - 00728336 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 5_1082656_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:04 - 00241848 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed cowgirl_1082978_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:04 - 00237240 _____ () C:\Users\Ron\Downloads\pose_bed ride_1082990_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00787304 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 9_1083054_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00724776 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 7_1083050_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00719736 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 8_1083052_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00691144 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 6_1083048_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00704416 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 10_1083056_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00525448 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 2_1083776_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00467232 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 1_1083774_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 06622576 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_mini_1083946_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 06493368 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_micromini_1083948_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 00502528 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 3_1083778_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 00241024 _____ () C:\Users\Ron\Downloads\pose_ride_1083822_maxi1009_GameroticaAutoInstall.exe
2015-04-13 12:00 - 2015-04-13 12:00 - 05568672 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_towaist_1083954_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:00 - 2015-04-13 12:00 - 00303120 _____ () C:\Users\Ron\Downloads\pose_wap pegging the new girl_1083838_nottsandnotts_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00563576 _____ () C:\Users\Ron\Downloads\texture_cloth_m5kkcfma_1084090_meatloaf5k_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00246136 _____ () C:\Users\Ron\Downloads\pose_bed room bed hump_1084010_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00245384 _____ () C:\Users\Ron\Downloads\pose_bed room bed her turn_1084000_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00245376 _____ () C:\Users\Ron\Downloads\pose_edge of bed room bed_1084014_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00244264 _____ () C:\Users\Ron\Downloads\pose_bed room bed in and out_1084006_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00251376 _____ () C:\Users\Ron\Downloads\pose_animated ride_1084046_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 41_1084212_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00248624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 44_1084224_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00246456 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 40_1084206_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00250656 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 47_1084254_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00246576 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 48_1084256_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00245760 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 49_1084258_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00295296 _____ () C:\Users\Ron\Downloads\pose_wap hoisted lick_1084204_nottsandnotts_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 54_1084376_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00242312 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 53_1084370_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00253104 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 55_1084380_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00241880 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 52_1084362_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00236632 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 51_1084360_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:23 - 2015-04-07 21:23 - 00229976 _____ () C:\Users\Ron\Downloads\pose_nipple suck on livingroom chair_1079890_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00944272 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa l1 h3_1080182_mouse_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00243744 _____ () C:\Users\Ron\Downloads\pose_handcuffed bed grind_1079942_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00236992 _____ () C:\Users\Ron\Downloads\pose_high above_1080094_klondyke_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00943808 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa sex1 h3_1080186_mouse_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00928584 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa photopose_1080180_mouse_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00254504 _____ () C:\Users\Ron\Downloads\pose_cuffed library machine ride_1080390_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:20 - 2015-04-07 21:20 - 00251976 _____ () C:\Users\Ron\Downloads\pose_cuffed on library table_1080460_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:17 - 2015-04-07 21:17 - 01362752 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_hairstyle_spring_wind_1080506_veemy_GameroticaAutoInstall.exe
2015-04-07 21:17 - 2015-04-07 21:17 - 00225184 _____ () C:\Users\Ron\Downloads\pose_mutual respect animated_1080532_pnyxprs420_GameroticaAutoInstall.exe
2015-04-07 21:16 - 2015-04-07 21:16 - 00410808 _____ () C:\Users\Ron\Downloads\model_jasmin_1081134_t03289a_GameroticaAutoInstall.exe
2015-04-07 21:15 - 2015-04-07 21:15 - 00757440 _____ () C:\Users\Ron\Downloads\texture_cloth_sloggi underwear white_1081628_howlin_GameroticaAutoInstall.exe
2015-04-07 21:15 - 2015-04-07 21:15 - 00245576 _____ () C:\Users\Ron\Downloads\pose_jail desk in and out_1081686_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:14 - 2015-04-07 21:14 - 00210688 _____ () C:\Users\Ron\Downloads\pose_pose_1081738_cybermach_GameroticaAutoInstall.exe
2015-04-07 21:13 - 2015-04-07 21:13 - 00255368 _____ () C:\Users\Ron\Downloads\pose_cream pie_1081844_lagit38_GameroticaAutoInstall.exe
2015-04-07 21:11 - 2015-04-07 21:11 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:11 - 2015-04-07 21:11 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:10 - 2015-04-07 21:10 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:09 - 2015-04-07 21:09 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall.exe
2015-04-07 21:09 - 2015-04-07 21:09 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 14:30 - 2014-03-30 21:20 - 00000000 ____D () C:\FRST
2015-05-01 14:23 - 2014-02-10 13:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-01 14:23 - 2009-03-09 19:18 - 01429031 _____ () C:\Windows\WindowsUpdate.log
2015-05-01 14:18 - 2012-08-25 12:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-01 14:18 - 2012-07-05 19:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-01 14:15 - 2014-02-10 13:07 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 14:15 - 2008-01-21 05:26 - 00858664 _____ () C:\Windows\PFRO.log
2015-05-01 14:15 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-01 14:15 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-01 14:15 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 14:13 - 2006-11-02 17:42 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-01 13:29 - 2009-08-07 13:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-01 12:41 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-01 12:30 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-01 11:33 - 2009-02-04 21:42 - 00000831 _____ () C:\Users\Public\Desktop\Internet Explorer.lnk
2015-04-30 19:50 - 2009-08-05 16:40 - 00000000 ___RD () C:\Users\Ron\Documents\Ronald
2015-04-30 09:46 - 2009-08-04 20:56 - 00000000 ___RD () C:\Users\Ron\Documents\Christine
2015-04-30 06:39 - 2006-11-02 17:27 - 00238239 _____ () C:\Windows\setupact.log
2015-04-29 20:33 - 2014-04-02 19:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-29 20:32 - 2014-04-02 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-29 20:32 - 2014-04-02 19:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-29 20:32 - 2013-03-17 13:45 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-29 20:22 - 2014-04-02 19:57 - 00000000 ____D () C:\AdwCleaner
2015-04-28 22:03 - 2009-08-04 19:23 - 00000000 ____D () C:\Users\Ron
2015-04-28 08:52 - 2009-08-06 05:37 - 00043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat
2015-04-22 08:05 - 2013-08-15 06:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-22 07:55 - 2006-11-02 14:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-21 21:52 - 2013-04-09 19:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 19:08 - 2014-08-16 22:47 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\spool
2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-21 19:08 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\registration
2015-04-21 19:08 - 2006-11-02 14:33 - 80478208 _____ () C:\Windows\system32\config\software_previous
2015-04-21 19:08 - 2006-11-02 14:33 - 317456384 _____ () C:\Windows\system32\config\system_previous
2015-04-21 19:02 - 2006-11-02 14:33 - 61341696 _____ () C:\Windows\system32\config\components_previous
2015-04-21 19:02 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-20 22:16 - 2006-11-02 14:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-04-20 22:16 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-16 08:31 - 2009-09-01 20:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 08:26 - 2013-04-12 20:12 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 17:18 - 2013-04-03 21:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 17:18 - 2013-04-03 21:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 17:18 - 2012-07-05 19:40 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 09:37 - 2014-04-02 19:09 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-04-02 19:09 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2013-03-17 13:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-06 07:37 - 2009-08-06 06:15 - 00000000 ____D () C:\Users\Ron\AppData\Local\Google

==================== Files in the root of some directories =======

2014-12-19 18:03 - 2014-12-19 18:03 - 0000396 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFX5SA.log
2010-01-06 23:00 - 2010-01-04 16:43 - 0152848 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Comdlg32.ocx
2009-08-06 05:37 - 2015-04-28 08:52 - 0043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat
2012-05-01 10:56 - 2012-12-01 11:46 - 0001356 _____ () C:\Users\Ron\AppData\Local\d3d9caps.dat
2011-07-15 22:45 - 2015-03-04 19:56 - 0009148 _____ () C:\Users\Ron\AppData\Local\d3d9caps64.dat
2010-04-27 22:52 - 2015-03-11 23:46 - 0209408 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 21:07 - 2015-01-25 21:39 - 0523048 _____ () C:\Users\Ron\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2015-01-25 21:06 - 2015-01-25 21:06 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error.txt
2015-01-25 21:11 - 2015-01-25 21:11 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error_lp.txt
2015-01-25 21:06 - 2015-01-25 21:39 - 1041360 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install.txt
2015-01-25 21:11 - 2015-01-25 21:39 - 0170854 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install_lp.txt
2015-01-25 21:11 - 2015-01-25 21:11 - 0974496 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI2695.txt
2015-01-25 21:38 - 2015-01-25 21:39 - 0973680 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI3B7D.txt
2015-01-25 21:09 - 2015-01-25 21:11 - 2828366 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI2521.txt
2015-01-25 21:38 - 2015-01-25 21:38 - 2828752 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI3B22.txt
2011-02-09 12:19 - 2011-02-09 12:19 - 0359330 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI3ADA.txt
2011-09-13 18:55 - 2011-09-13 18:55 - 0363238 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI56CD.txt
2011-02-09 13:19 - 2011-02-09 13:19 - 0358562 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI6914.txt
2011-02-09 10:43 - 2011-02-09 10:43 - 0358772 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI7125.txt
2011-02-09 12:19 - 2011-02-09 12:19 - 0011230 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI3ADA.txt
2011-09-13 18:55 - 2011-09-13 18:55 - 0011454 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI56CD.txt
2011-02-09 13:19 - 2011-02-09 13:19 - 0011198 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI6914.txt
2011-02-09 10:43 - 2011-02-09 10:43 - 0011166 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI7125.txt
2011-06-25 16:00 - 2014-07-12 11:51 - 0000047 _____ () C:\Users\Ron\AppData\Local\Images.fl
2015-01-25 21:06 - 2015-01-25 21:39 - 0006418 _____ () C:\Users\Ron\AppData\Local\uxeventlog.txt
2011-10-16 12:36 - 2011-10-16 12:36 - 0017408 _____ () C:\Users\Ron\AppData\Local\WebpageIcons.db
2009-02-04 21:50 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.001
2009-02-04 21:12 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-01 14:25

==================== End Of Log ============================

--- --- ---

30.04.2015, 19:24	#17
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Mystartsearch- Totales Chaos nach Entfernungsversuch Den Scan bitte vollständig ausführen. __________________ __________________

30.04.2015, 19:52	#19
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Mystartsearch- Totales Chaos nach Entfernungsversuch Der dauert paar Stunden... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

01.05.2015, 13:12	#27
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Mystartsearch- Totales Chaos nach Entfernungsversuch na auch auf den Desktop. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

01.05.2015, 13:27	#29
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Mystartsearch- Totales Chaos nach Entfernungsversuch FRST-Scan wiederholen bitte. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Mystartsearch- Totales Chaos nach Entfernungsversuch

Plagegeister aller Art und deren Bekämpfung: Mystartsearch- Totales Chaos nach Entfernungsversuch