Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Mystartsearch- Totales Chaos nach Entfernungsversuch

Mystartsearch- Totales Chaos nach Entfernungsversuch


Plagegeister aller Art und deren Bekämpfung: Mystartsearch- Totales Chaos nach Entfernungsversuch

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 4 1 23 Letzte »
Alt 29.04.2015, 17:09   #1
dr.tschuna
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Hallo!

Habe gestern versucht "mystartsearch" zu entfernen. Seitdem ist Firefox weg und ein Ordner "alter Firefox" auf meinem Desktop. Der Internet Explorer lädt "globososo.com.
Malwarebytes hat 108 Bedrohungen gefunden.
Wäre toll wenn ihr mir helfen könntet
Geändert von dr.tschuna (29.04.2015 um 17:25 Uhr)

Alt 29.04.2015, 17:35   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch




Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 29.04.2015, 17:42   #3
dr.tschuna
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015
Ran by Ron at 2015-04-29 18:40:44
Running from C:\Users\Ron\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2673002154-866942330-3263328844-500 - Administrator - Disabled)
Gast (S-1-5-21-2673002154-866942330-3263328844-501 - Limited - Disabled)
Ron (S-1-5-21-2673002154-866942330-3263328844-1000 - Administrator - Enabled) => C:\Users\Ron

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP630 series Benutzerregistrierung (HKLM-x32\...\Canon MP630 series Benutzerregistrierung) (Version:  - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
EB4aFCB8 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150113 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FormatFactory 2.50 (HKLM-x32\...\FormatFactory) (Version: 2.50 - Free Time)
Google Chrome Frame (HKLM-x32\...\{8618AE04-1210-3C32-A8C3-45A5E44CD340}) (Version: 65.169.107 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hardware Diagnose Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5048.14 - PC-Doctor, Inc.)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{E1591139-8B44-411B-A81B-D35F83A0565A}) (Version: 5.7.0.2875 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2717 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2415 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Light Image Resizer 4.6.4.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.4.0 - ObviousIdea)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
MAGIX Audio Cleaning Lab 17 deluxe (HKLM-x32\...\MAGIX_MSI_mclab_17dlx) (Version: 17.0.0.2 - MAGIX AG)
MAGIX Audio Cleaning Lab 17 deluxe (x32 Version: 17.0.0.2 - MAGIX AG) Hidden
MAGIX Speed 2 (MSI) (HKLM-x32\...\{FF34AF1C-705B-424A-A850-1A1F61D6EB71}) (Version: 6.0.1.4 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd)
MyMDb 3.6 (HKLM-x32\...\MyMDb_0) (Version:  - )
Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.6.4.0 - Napster)
Napster Burn Engine (x32 Version: 3.5.0000 - Ihr Firmenname) Hidden
Napster Label Creator (HKLM-x32\...\{16FD907B-FA72-4F3C-B959-E076C8238F80}) (Version: 1.00.0000 - Roxio Inc.,)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Optimierte Multimedia-Tastatur-Lösung (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.5.311.0 - Tracker Software Products Ltd)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5740 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.6005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
sp43204 (HKLM-x32\...\sp43204) (Version:  - Hewlett-Packard)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
thriXXX-Launcher (HKLM-x32\...\thriXXX-Launcher) (Version:  - thriXXX Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2673002154-866942330-3263328844-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Ron\AppData\Local\Temp\EB4aFCB8.exe No File

==================== Restore Points  =========================
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by Ron (administrator) on RON-PC on 29-04-2015 18:39:44
Running from C:\Users\Ron\Downloads
Loaded Profiles: Ron (Available profiles: Ron)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
() C:\Windows\mrsm.exe
() C:\Windows\rsm.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll [X]
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-08-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-04-11]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-28]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}\hqghumeaylnlf.exe (Super PC Tools Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM -> {CA8FE908-E845-4081-937D-C045FEC0FC98} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018
FF DefaultSearchEngine: oursurfing
FF SelectedSearchEngine: oursurfing
FF Homepage: ?type=hppp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2673002154-866942330-3263328844-1000: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Ron\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\quick_searchff@gmail.com [2015-04-29]
FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\sweetsearch@gmail.com [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-04]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-09-15]
FF HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-01] (Kaspersky Lab ZAO)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mrsm; c:\windows\mrsm.exe [408576 2015-04-28] () [File not signed]
R2 rsm; c:\windows\rsm.exe [417792 2015-04-28] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; No ImagePath
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-01] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-04-29] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 LVUSBS64; system32\drivers\LVUSBS64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 18:39 - 2015-04-29 18:40 - 00022594 _____ () C:\Users\Ron\Downloads\FRST.txt
2015-04-29 18:39 - 2015-04-29 18:39 - 02101248 _____ (Farbar) C:\Users\Ron\Downloads\FRST64.exe
2015-04-29 09:14 - 2015-04-29 09:14 - 00262144 _____ () C:\Windows\system32\config\elam
2015-04-29 08:34 - 2015-04-29 08:34 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-04-29 08:33 - 2015-04-29 18:00 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-29 08:32 - 2015-04-29 17:52 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\oursurfing
2015-04-28 23:57 - 2015-04-28 23:57 - 00000000 ____D () C:\Users\Ron\Desktop\Alte Firefox-Daten
2015-04-28 23:44 - 2015-04-28 23:44 - 00000000 ____D () C:\ProgramData\c50e087800005cff
2015-04-28 22:16 - 2015-04-28 22:41 - 00003428 _____ () C:\Windows\System32\Tasks\NetEngine
2015-04-28 22:04 - 2015-04-28 22:04 - 00000000 ____D () C:\ProgramData\Uniblue
2015-04-28 21:46 - 2015-04-28 23:42 - 00000000 ____D () C:\ProgramData\NetEngine
2015-04-28 21:44 - 2015-04-28 23:42 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\mystartsearch
2015-04-28 21:44 - 2015-04-28 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer
2015-04-28 21:44 - 2015-04-28 21:44 - 00000000 ____D () C:\Users\Ron\AppData\Local\BrowserWeb
2015-04-28 21:43 - 2015-04-29 10:35 - 00000000 ___HD () C:\ProgramData\rsm
2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\System NotifierV28.04
2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\MixVideoPlayer
2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\Cinema Pro Plus 3.4cV28.04
2015-04-28 21:41 - 2015-04-28 22:03 - 00000000 ____D () C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}
2015-04-28 21:41 - 2015-04-28 21:41 - 00000119 _____ () C:\Windows\wininit.ini
2015-04-28 21:40 - 2015-04-28 23:42 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RinoReader
2015-04-28 21:40 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\RinoReader
2015-04-28 21:40 - 2015-04-28 21:40 - 00631296 _____ () C:\Windows\rsm.dat
2015-04-28 21:40 - 2015-04-28 21:40 - 00417792 _____ () C:\Windows\rsm.exe
2015-04-28 21:40 - 2015-04-28 21:40 - 00408576 _____ () C:\Windows\mrsm.exe
2015-04-28 21:39 - 2015-04-28 21:39 - 00704936 _____ () C:\Users\Ron\Downloads\Setup.exe
2015-04-27 20:51 - 2015-04-27 20:51 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall(1).exe
2015-04-27 20:50 - 2015-04-27 20:50 - 00413368 _____ () C:\Users\Ron\Downloads\model_trisha_1089506_hendrix78_GameroticaAutoInstall.exe
2015-04-26 10:05 - 2015-04-26 10:05 - 00243416 _____ () C:\Users\Ron\Downloads\pose_sandypose librarian dual 14_1087984_sandreane_GameroticaAutoInstall.exe
2015-04-26 10:04 - 2015-04-26 10:04 - 00485816 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_jewelry_devil_heart_1088454_veemy_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:04 - 00286824 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088616_like_a_lion_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 02647568 _____ () C:\Users\Ron\Downloads\texture_cloth_mse short shorts wlow_1088640_mouse_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 00254208 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088618_like_a_lion_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall.exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00328864 _____ () C:\Users\Ron\Downloads\pose_jbroot naa cunilover_1085010_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00336520 _____ () C:\Users\Ron\Downloads\pose_jbroot naa ride 2_1085014_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00333464 _____ () C:\Users\Ron\Downloads\pose_jbroot naa blowjob_1084994_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00331568 _____ () C:\Users\Ron\Downloads\pose_jbroot naa prelude to assfuck_1085016_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00230880 _____ () C:\Users\Ron\Downloads\pose_office mutual_1085048_pnyxprs420_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00279256 _____ () C:\Users\Ron\Downloads\pose_intense fbp missionary 1 a_1086054_skar123_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00263160 _____ () C:\Users\Ron\Downloads\pose_ekusoy movieaction 19_1085564_ekusoy_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00239096 _____ () C:\Users\Ron\Downloads\pose_office dual masterbation_1085050_pnyxprs420_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00258544 _____ () C:\Users\Ron\Downloads\pose_working girls working hard 1 a_1086096_skar123_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00235248 _____ () C:\Users\Ron\Downloads\pose_licking love_1086102_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00231624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian single 29_1086128_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00229632 _____ () C:\Users\Ron\Downloads\pose_licking love iii_1086108_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00229344 _____ () C:\Users\Ron\Downloads\pose_licking love ii_1086104_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:44 - 2015-04-22 20:44 - 00239296 _____ () C:\Users\Ron\Downloads\pose_seducting pose 01_1086376_prime_005_GameroticaAutoInstall.exe
2015-04-22 20:43 - 2015-04-22 20:43 - 00261240 _____ () C:\Users\Ron\Downloads\pose_rb blowjob_1087686_s-hunter_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00250992 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 61_1087698_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00241616 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 59_1087702_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00240800 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 58_1087694_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:41 - 2015-04-22 20:41 - 00247472 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 09_1087974_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:41 - 2015-04-22 20:41 - 00234784 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 11_1087978_sandreane_GameroticaAutoInstall.exe
2015-04-21 09:35 - 2015-04-29 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-16 08:32 - 2015-03-14 04:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 08:32 - 2015-03-14 04:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 08:32 - 2015-03-13 03:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 08:32 - 2015-03-13 03:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 08:32 - 2015-03-13 03:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 08:32 - 2015-03-13 02:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 08:32 - 2015-03-13 02:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 08:32 - 2015-03-13 02:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 08:32 - 2015-03-05 04:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 08:32 - 2015-03-05 03:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 08:24 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 08:24 - 2015-03-09 02:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 08:24 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 08:24 - 2015-03-05 04:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 08:24 - 2015-03-05 03:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:19 - 2015-03-10 02:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 08:19 - 2015-03-10 02:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 08:19 - 2015-03-10 02:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 08:19 - 2015-03-10 02:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 08:19 - 2015-03-10 02:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 08:19 - 2015-03-10 02:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 08:19 - 2015-03-10 02:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 08:19 - 2015-03-10 02:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 08:19 - 2015-03-10 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 08:19 - 2015-03-10 02:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-15 08:19 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 08:19 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 08:19 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 08:19 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 08:19 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 08:19 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 08:19 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 08:19 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 08:19 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-15 08:19 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-13 12:09 - 2015-04-13 12:09 - 00241448 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed doggy in and out_1081888_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:08 - 2015-04-13 12:08 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall(1).exe
2015-04-13 12:08 - 2015-04-13 12:08 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall(1).exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00611776 _____ () C:\Users\Ron\Downloads\model_this is not addison timlin_1082304_eganem_GameroticaAutoInstall.exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall(1).exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall(1).exe
2015-04-13 12:06 - 2015-04-13 12:06 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall(1).exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00791960 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 1_1082640_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00751952 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 2_1082630_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00727200 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 3_1082646_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00721272 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 4_1082650_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:05 - 00728336 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 5_1082656_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:04 - 00241848 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed cowgirl_1082978_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:04 - 00237240 _____ () C:\Users\Ron\Downloads\pose_bed ride_1082990_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00787304 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 9_1083054_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00724776 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 7_1083050_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00719736 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 8_1083052_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00691144 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 6_1083048_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00704416 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 10_1083056_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00525448 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 2_1083776_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00467232 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 1_1083774_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 06622576 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_mini_1083946_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 06493368 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_micromini_1083948_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 00502528 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 3_1083778_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 00241024 _____ () C:\Users\Ron\Downloads\pose_ride_1083822_maxi1009_GameroticaAutoInstall.exe
2015-04-13 12:00 - 2015-04-13 12:00 - 05568672 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_towaist_1083954_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:00 - 2015-04-13 12:00 - 00303120 _____ () C:\Users\Ron\Downloads\pose_wap pegging the new girl_1083838_nottsandnotts_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00563576 _____ () C:\Users\Ron\Downloads\texture_cloth_m5kkcfma_1084090_meatloaf5k_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00246136 _____ () C:\Users\Ron\Downloads\pose_bed room bed hump_1084010_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00245384 _____ () C:\Users\Ron\Downloads\pose_bed room bed her turn_1084000_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00245376 _____ () C:\Users\Ron\Downloads\pose_edge of bed room bed_1084014_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00244264 _____ () C:\Users\Ron\Downloads\pose_bed room bed in and out_1084006_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00251376 _____ () C:\Users\Ron\Downloads\pose_animated ride_1084046_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 41_1084212_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00248624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 44_1084224_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00246456 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 40_1084206_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00250656 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 47_1084254_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00246576 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 48_1084256_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00245760 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 49_1084258_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00295296 _____ () C:\Users\Ron\Downloads\pose_wap hoisted lick_1084204_nottsandnotts_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 54_1084376_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00242312 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 53_1084370_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00253104 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 55_1084380_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00241880 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 52_1084362_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00236632 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 51_1084360_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:23 - 2015-04-07 21:23 - 00229976 _____ () C:\Users\Ron\Downloads\pose_nipple suck on livingroom chair_1079890_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00944272 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa l1 h3_1080182_mouse_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00243744 _____ () C:\Users\Ron\Downloads\pose_handcuffed bed grind_1079942_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00236992 _____ () C:\Users\Ron\Downloads\pose_high above_1080094_klondyke_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00943808 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa sex1 h3_1080186_mouse_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00928584 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa photopose_1080180_mouse_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00254504 _____ () C:\Users\Ron\Downloads\pose_cuffed library machine ride_1080390_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:20 - 2015-04-07 21:20 - 00251976 _____ () C:\Users\Ron\Downloads\pose_cuffed on library table_1080460_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:17 - 2015-04-07 21:17 - 01362752 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_hairstyle_spring_wind_1080506_veemy_GameroticaAutoInstall.exe
2015-04-07 21:17 - 2015-04-07 21:17 - 00225184 _____ () C:\Users\Ron\Downloads\pose_mutual respect animated_1080532_pnyxprs420_GameroticaAutoInstall.exe
2015-04-07 21:16 - 2015-04-07 21:16 - 00410808 _____ () C:\Users\Ron\Downloads\model_jasmin_1081134_t03289a_GameroticaAutoInstall.exe
2015-04-07 21:15 - 2015-04-07 21:15 - 00757440 _____ () C:\Users\Ron\Downloads\texture_cloth_sloggi underwear white_1081628_howlin_GameroticaAutoInstall.exe
2015-04-07 21:15 - 2015-04-07 21:15 - 00245576 _____ () C:\Users\Ron\Downloads\pose_jail desk in and out_1081686_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:14 - 2015-04-07 21:14 - 00210688 _____ () C:\Users\Ron\Downloads\pose_pose_1081738_cybermach_GameroticaAutoInstall.exe
2015-04-07 21:13 - 2015-04-07 21:13 - 00255368 _____ () C:\Users\Ron\Downloads\pose_cream pie_1081844_lagit38_GameroticaAutoInstall.exe
2015-04-07 21:11 - 2015-04-07 21:11 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:11 - 2015-04-07 21:11 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:10 - 2015-04-07 21:10 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:09 - 2015-04-07 21:09 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall.exe
2015-04-07 21:09 - 2015-04-07 21:09 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 18:39 - 2014-03-30 21:20 - 00000000 ____D () C:\FRST
2015-04-29 18:23 - 2014-02-10 13:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 18:18 - 2012-07-05 19:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-29 17:36 - 2012-08-25 12:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-29 17:27 - 2009-03-09 19:18 - 01289458 _____ () C:\Windows\WindowsUpdate.log
2015-04-29 17:26 - 2014-04-02 19:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-29 17:21 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-29 17:21 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-29 17:20 - 2014-02-10 13:07 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 17:20 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-29 12:03 - 2006-11-02 17:42 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-29 09:53 - 2008-01-21 05:26 - 00851910 _____ () C:\Windows\PFRO.log
2015-04-29 09:52 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-29 09:52 - 2009-02-04 21:42 - 00000831 _____ () C:\Users\Public\Desktop\Internet Explorer.lnk
2015-04-29 09:43 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-28 22:49 - 2014-04-02 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-28 22:49 - 2014-04-02 19:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-28 22:49 - 2013-03-17 13:45 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-28 22:03 - 2009-08-04 19:23 - 00000000 ____D () C:\Users\Ron
2015-04-28 11:00 - 2009-08-04 20:56 - 00000000 ___RD () C:\Users\Ron\Documents\Christine
2015-04-28 08:52 - 2009-08-06 05:37 - 00043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat
2015-04-26 15:53 - 2009-08-05 16:40 - 00000000 ___RD () C:\Users\Ron\Documents\Ronald
2015-04-22 08:05 - 2013-08-15 06:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-22 07:55 - 2006-11-02 14:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-21 21:52 - 2013-04-09 19:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 19:08 - 2014-08-16 22:47 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\spool
2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-21 19:08 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\registration
2015-04-21 19:08 - 2006-11-02 14:33 - 80478208 _____ () C:\Windows\system32\config\software_previous
2015-04-21 19:08 - 2006-11-02 14:33 - 317456384 _____ () C:\Windows\system32\config\system_previous
2015-04-21 19:02 - 2006-11-02 14:33 - 61341696 _____ () C:\Windows\system32\config\components_previous
2015-04-21 19:02 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-20 22:16 - 2006-11-02 14:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-04-20 22:16 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-17 13:29 - 2009-08-07 13:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-16 08:31 - 2009-09-01 20:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 08:26 - 2013-04-12 20:12 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 17:18 - 2013-04-03 21:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 17:18 - 2013-04-03 21:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 17:18 - 2012-07-05 19:40 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-06 07:37 - 2009-08-06 06:15 - 00000000 ____D () C:\Users\Ron\AppData\Local\Google

==================== Files in the root of some directories =======

2014-12-19 18:03 - 2014-12-19 18:03 - 0000396 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFX5SA.log
2010-01-06 23:00 - 2010-01-04 16:43 - 0152848 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Comdlg32.ocx
2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Flanger
2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Flowers
2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Folder Actions
2009-08-06 05:37 - 2015-04-28 08:52 - 0043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat
2012-05-01 10:56 - 2012-12-01 11:46 - 0001356 _____ () C:\Users\Ron\AppData\Local\d3d9caps.dat
2011-07-15 22:45 - 2015-03-04 19:56 - 0009148 _____ () C:\Users\Ron\AppData\Local\d3d9caps64.dat
2010-04-27 22:52 - 2015-03-11 23:46 - 0209408 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 21:07 - 2015-01-25 21:39 - 0523048 _____ () C:\Users\Ron\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2015-01-25 21:06 - 2015-01-25 21:06 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error.txt
2015-01-25 21:11 - 2015-01-25 21:11 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error_lp.txt
2015-01-25 21:06 - 2015-01-25 21:39 - 1041360 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install.txt
2015-01-25 21:11 - 2015-01-25 21:39 - 0170854 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install_lp.txt
2015-01-25 21:11 - 2015-01-25 21:11 - 0974496 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI2695.txt
2015-01-25 21:38 - 2015-01-25 21:39 - 0973680 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI3B7D.txt
2015-01-25 21:09 - 2015-01-25 21:11 - 2828366 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI2521.txt
2015-01-25 21:38 - 2015-01-25 21:38 - 2828752 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI3B22.txt
2011-02-09 12:19 - 2011-02-09 12:19 - 0359330 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI3ADA.txt
2011-09-13 18:55 - 2011-09-13 18:55 - 0363238 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI56CD.txt
2011-02-09 13:19 - 2011-02-09 13:19 - 0358562 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI6914.txt
2011-02-09 10:43 - 2011-02-09 10:43 - 0358772 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI7125.txt
2011-02-09 12:19 - 2011-02-09 12:19 - 0011230 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI3ADA.txt
2011-09-13 18:55 - 2011-09-13 18:55 - 0011454 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI56CD.txt
2011-02-09 13:19 - 2011-02-09 13:19 - 0011198 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI6914.txt
2011-02-09 10:43 - 2011-02-09 10:43 - 0011166 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI7125.txt
2011-06-25 16:00 - 2014-07-12 11:51 - 0000047 _____ () C:\Users\Ron\AppData\Local\Images.fl
2015-01-25 21:06 - 2015-01-25 21:39 - 0006418 _____ () C:\Users\Ron\AppData\Local\uxeventlog.txt
2011-10-16 12:36 - 2011-10-16 12:36 - 0017408 _____ () C:\Users\Ron\AppData\Local\WebpageIcons.db
2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Electric Piano
2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Flange Saw
2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Flowers
2009-02-04 21:50 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.001
2009-02-04 21:12 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\Ron\AppData\Local\temp\APNSetup.exe
C:\Users\Ron\AppData\Local\temp\FileSystemView.dll
C:\Users\Ron\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ron\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ron\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Ron\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Ron\AppData\Local\temp\jre-8u40-windows-au.exe
C:\Users\Ron\AppData\Local\temp\launcher_vs2010_sp1_vcredist_x86.exe
C:\Users\Ron\AppData\Local\temp\Quarantine.exe
C:\Users\Ron\AppData\Local\temp\supoptsetup.exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_d81_emo-punk_bikini_1012878_cpoa_dude81_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_mclainsgidgetbikini_1040220_mclain_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_mclainsgidgetbikini_1040220_mclain_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_yasmine_schuh1_1059430_yasmine_cool_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_yasmine_schuh1_1059430_yasmine_cool_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture_room_kr_ice_camp_1044534_kingrich07_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_room_kr_ice_camp_1044534_kingrich07_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture_room_kr_woodland02_1054848_kingrich07_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_room_kr_woodland02_1054848_kingrich07_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles4_35827_worgr_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles4_35827_worgr_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__41___aerobicpanty_335620_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__41___aerobicpanty_335620_voy969_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__7min-abs_tribal6_147061_mgw1090_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__7min-abs_tribal6_147061_mgw1090_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__87c combination b_535436_joshua_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__87c combination b_535436_joshua_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__987pr hair s06 v1_410138_987philr_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__987pr hair s06 v1_410138_987philr_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__afdesign_danis panty_427484_andreales_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__afdesign_danis panty_427484_andreales_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__black cotton dress_574356_serin_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__black cotton dress_574356_serin_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__black pinstriped top_486230_murmel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__black pinstriped top_486230_murmel_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__bookworm_glasses_413322_fipps_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__bookworm_glasses_413322_fipps_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__br bedhead hairstyle_591046_bigrock42_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__br bedhead hairstyle_591046_bigrock42_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__br re_texture of hairstyle 48_629340_bigrock42_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__br re_texture of hairstyle 48_629340_bigrock42_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__business g_455816_lothar33333_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__business g_455816_lothar33333_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__business pin stripes_434074_murmel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__business pin stripes_434074_murmel_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__challybusinessgirlsuit_709192_challyrally_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__challybusinessgirlsuit_709192_challyrally_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__challyfunky70s008_720690_challyrally_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__challyfunky70s008_720690_challyrally_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__challyvelvettucked_732160_challyrally_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__challyvelvettucked_732160_challyrally_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__chestcum_750008_lorgrom_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__chestcum_750008_lorgrom_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_blue sapphire_469898_cronan_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_blue sapphire_469898_cronan_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_diamond set_508692_cronan_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_diamond set_508692_cronan_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_forest_525112_cronan_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_forest_525112_cronan_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_jewelry_silver_609268_cronan_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_jewelry_silver_609268_cronan_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_bathrobe closed_332648_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_bathrobe closed_332648_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 010_460478_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 010_460478_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 011_659244_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 011_659244_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001 lifted_519660_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001 lifted_519660_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001_519658_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001_519658_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 001_481992_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 001_481992_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 002_481994_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 003_481996_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 004_619254_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_leather jacket 001 t-shirt_386406_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 003_442136_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 004_463532_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 009_580772_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 010_582302_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall(4).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 012_606900_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 014 (undressed)_677206_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 014_677202_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_schoolgirl_jumper_lifted_598878_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_schoolgirl_tie_599738_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_tights (for hd skln)_595252_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_tights_ripped (for hd skin)_595256_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_towel waist_460532_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003 bra pull_368226_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003_360544_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003_panty pull 2_367356_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__dv75-ring08_722810_fritzel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__dv75-schuhe03_723088_fritzel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fblacklacebikini_445190_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fbluewhitestripebikini_453920_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__featured underwear green_327206_murmel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fhotpantsboyshortslacewhite_497554_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__flacepantyoff_499584_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__floral tattoo pack_667592_kewitaxi_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__flor_252040_manalor_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__flower - ring_251264_stisegon_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fpinkstripebikinii_453916_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fship bracelet_128345_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fwhitelaceunderwearset_497212_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__gamerotica netbikini_228488_stisegon_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__grey pinstripes_486286_murmel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 black diamond lingerie_658722_horsman82_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 29_713274_horsman82_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 29_713274_horsman82_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 8_712902_horsman82_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 obsidia lingerie_729682_horsman82_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 viktoria lingerie_664076_horsman82_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__hair braids_446180_iblisazazel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__heart_shirt_745416_newguy_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__hq nipples l_421148_mattisse_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__hq nipples r_421146_mattisse_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__jb_chameleon_satin_and_lace_bra_and_thong_sst_487078_jasonblood_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__jb_olive_satin_and_pearl_burlesque_bra_sst_496210_jasonblood_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__jb_wire_frame_glasses_sst_576582_jasonblood_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__kr_old_canvas_shoes_711124_kingrich07_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__l skirt 01_435218_lothar33333_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__l skirt 02_435220_lothar33333_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__lace lingerie set_352374_mattisse_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__lagit_custom_coloreglasses_521956_lagit38_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__leopard print underwear 2_387328_xab4275_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__lifted wool skirt_348514_murmel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__lingerieset_11_159925_ice_ic_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__lingerieset_12_162157_ice_ic_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__migz angryunicorn_roundup_f_725452_migz_2k13_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture____fbikinithongpolka_342446_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture____fbikinithongpolka_342446_voy969_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\VIS-2013-German.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
__________________
Alt 29.04.2015, 17:47   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Die Addition.txt bitte vollständig posten.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 29.04.2015, 18:40   #5
dr.tschuna
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015
Ran by Ron at 2015-04-29 18:40:44
Running from C:\Users\Ron\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2673002154-866942330-3263328844-500 - Administrator - Disabled)
Gast (S-1-5-21-2673002154-866942330-3263328844-501 - Limited - Disabled)
Ron (S-1-5-21-2673002154-866942330-3263328844-1000 - Administrator - Enabled) => C:\Users\Ron

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP630 series Benutzerregistrierung (HKLM-x32\...\Canon MP630 series Benutzerregistrierung) (Version:  - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
EB4aFCB8 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150113 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FormatFactory 2.50 (HKLM-x32\...\FormatFactory) (Version: 2.50 - Free Time)
Google Chrome Frame (HKLM-x32\...\{8618AE04-1210-3C32-A8C3-45A5E44CD340}) (Version: 65.169.107 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hardware Diagnose Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5048.14 - PC-Doctor, Inc.)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{E1591139-8B44-411B-A81B-D35F83A0565A}) (Version: 5.7.0.2875 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2717 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2415 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Light Image Resizer 4.6.4.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.4.0 - ObviousIdea)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
MAGIX Audio Cleaning Lab 17 deluxe (HKLM-x32\...\MAGIX_MSI_mclab_17dlx) (Version: 17.0.0.2 - MAGIX AG)
MAGIX Audio Cleaning Lab 17 deluxe (x32 Version: 17.0.0.2 - MAGIX AG) Hidden
MAGIX Speed 2 (MSI) (HKLM-x32\...\{FF34AF1C-705B-424A-A850-1A1F61D6EB71}) (Version: 6.0.1.4 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd)
MyMDb 3.6 (HKLM-x32\...\MyMDb_0) (Version:  - )
Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.6.4.0 - Napster)
Napster Burn Engine (x32 Version: 3.5.0000 - Ihr Firmenname) Hidden
Napster Label Creator (HKLM-x32\...\{16FD907B-FA72-4F3C-B959-E076C8238F80}) (Version: 1.00.0000 - Roxio Inc.,)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Optimierte Multimedia-Tastatur-Lösung (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.5.311.0 - Tracker Software Products Ltd)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5740 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.6005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
sp43204 (HKLM-x32\...\sp43204) (Version:  - Hewlett-Packard)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
thriXXX-Launcher (HKLM-x32\...\thriXXX-Launcher) (Version:  - thriXXX Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2673002154-866942330-3263328844-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Ron\AppData\Local\Temp\EB4aFCB8.exe No File

==================== Restore Points  =========================
Mehr habe ich nicht! Was meinst Du genau?

Allerdings "hängt" unten die Farbar Recovery " in der TAskleiste. Kann sie nicht mehr zumachen.

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015
Ran by Ron at 2015-04-29 18:40:44
Running from C:\Users\Ron\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2673002154-866942330-3263328844-500 - Administrator - Disabled)
Gast (S-1-5-21-2673002154-866942330-3263328844-501 - Limited - Disabled)
Ron (S-1-5-21-2673002154-866942330-3263328844-1000 - Administrator - Enabled) => C:\Users\Ron

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP630 series Benutzerregistrierung (HKLM-x32\...\Canon MP630 series Benutzerregistrierung) (Version:  - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
EB4aFCB8 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150113 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FormatFactory 2.50 (HKLM-x32\...\FormatFactory) (Version: 2.50 - Free Time)
Google Chrome Frame (HKLM-x32\...\{8618AE04-1210-3C32-A8C3-45A5E44CD340}) (Version: 65.169.107 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hardware Diagnose Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5048.14 - PC-Doctor, Inc.)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{E1591139-8B44-411B-A81B-D35F83A0565A}) (Version: 5.7.0.2875 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2717 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2415 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Light Image Resizer 4.6.4.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.4.0 - ObviousIdea)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
MAGIX Audio Cleaning Lab 17 deluxe (HKLM-x32\...\MAGIX_MSI_mclab_17dlx) (Version: 17.0.0.2 - MAGIX AG)
MAGIX Audio Cleaning Lab 17 deluxe (x32 Version: 17.0.0.2 - MAGIX AG) Hidden
MAGIX Speed 2 (MSI) (HKLM-x32\...\{FF34AF1C-705B-424A-A850-1A1F61D6EB71}) (Version: 6.0.1.4 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd)
MyMDb 3.6 (HKLM-x32\...\MyMDb_0) (Version:  - )
Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.6.4.0 - Napster)
Napster Burn Engine (x32 Version: 3.5.0000 - Ihr Firmenname) Hidden
Napster Label Creator (HKLM-x32\...\{16FD907B-FA72-4F3C-B959-E076C8238F80}) (Version: 1.00.0000 - Roxio Inc.,)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Optimierte Multimedia-Tastatur-Lösung (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.5.311.0 - Tracker Software Products Ltd)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5740 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.6005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
sp43204 (HKLM-x32\...\sp43204) (Version:  - Hewlett-Packard)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
thriXXX-Launcher (HKLM-x32\...\thriXXX-Launcher) (Version:  - thriXXX Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2673002154-866942330-3263328844-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Ron\AppData\Local\Temp\EB4aFCB8.exe No File

==================== Restore Points  =========================

07-03-2015 18:52:14 Geplanter Prüfpunkt
08-03-2015 20:13:27 Geplanter Prüfpunkt
10-03-2015 10:43:58 Windows Update
11-03-2015 10:12:58 Geplanter Prüfpunkt
12-03-2015 19:17:41 Windows Update
13-03-2015 23:09:43 Geplanter Prüfpunkt
14-03-2015 21:56:57 Removed Search App by Ask
17-03-2015 10:46:55 Windows Update
21-03-2015 07:24:26 Geplanter Prüfpunkt
22-03-2015 16:52:05 Geplanter Prüfpunkt
24-03-2015 20:40:11 Windows Update
27-03-2015 21:53:24 Windows Update
28-03-2015 20:47:37 Geplanter Prüfpunkt
31-03-2015 21:27:23 Windows Update
01-04-2015 11:51:45 Geplanter Prüfpunkt
07-04-2015 09:58:51 Windows Update
09-04-2015 20:01:12 Geplanter Prüfpunkt
11-04-2015 06:11:17 Windows Update
12-04-2015 16:10:14 Geplanter Prüfpunkt
14-04-2015 09:01:58 Windows Update
16-04-2015 08:16:29 Windows Update
19-04-2015 09:29:59 Windows Update
21-04-2015 09:19:32 Windows Update
22-04-2015 07:52:09 Windows Update
23-04-2015 20:23:17 Geplanter Prüfpunkt
28-04-2015 08:33:59 Windows Update
28-04-2015 21:41:47 Uniblue DriverScanner installation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 14:34 - 2013-03-23 22:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {065DA873-2528-401A-8B7F-83B2D80EC84B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {08282741-5461-4111-B00A-DD5A9B7C174F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05] (PC-Doctor, Inc.)
Task: {117A4663-83AB-4234-BEA8-2AC7C63E221C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)
Task: {119A5F16-495E-427F-941D-2B12710A052E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)
Task: {1E1D3464-698B-4C16-97EC-5EB60134094E} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {2D212E8D-E636-4943-99EB-E251743AEC2C} - System32\Tasks\{A700922C-54DD-44A3-9AA3-97AD5D6306BA} => pcalua.exe -a C:\Users\Ron\Documents\Ronald\cc_mh2v11.exe -d C:\Users\Ron\Documents\Ronald
Task: {6D3A4EA8-9B93-4537-B56A-E49EED8CCB93} - \Fifth No Task File <==== ATTENTION
Task: {A7AF82A4-A40E-4BAD-AC5F-660C54C91C7E} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D8\netengine.exe [2015-04-28] () <==== ATTENTION
Task: {A8768CBE-A113-4071-A24D-01D641F87202} - \OMESupervisor No Task File <==== ATTENTION
Task: {B44D4169-04D0-4323-A88B-27D0F33A5EB7} - System32\Tasks\{41E2E354-722F-4126-A717-EF34CDBCBEC4} => pcalua.exe -a F:\flashplayer\Win\install_flash_player.exe -d F:\flashplayer\Win
Task: {C88BDE0D-B6A8-46B0-9B6B-B6CB0D36F114} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E2B104FC-2CDF-40CB-917E-14D860B8D5CA} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Ron => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {E2F9FD4F-03CD-42B4-B77C-EB439D4A00B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FD01D5FB-2D6E-42C1-A347-CDCAC161EE57} - System32\Tasks\{3D4F1524-B579-4F4B-BB6E-33A2B15F82B8} => pcalua.exe -a C:\Users\Ron\Downloads\esetsmartinstaller_enu.exe -d C:\Users\Ron\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml

==================== Loaded Modules (whitelisted) ==============

2011-11-10 04:11 - 2011-11-10 04:11 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-28 21:40 - 2015-04-28 21:40 - 00408576 _____ () c:\windows\mrsm.exe
2015-04-28 21:40 - 2015-04-28 21:40 - 00417792 _____ () c:\windows\rsm.exe
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2006-11-02 17:03 - 2006-11-02 17:03 - 00418816 _____ () C:\Windows\System32\Wpc.dll
2014-03-04 10:58 - 2014-03-04 10:58 - 04591616 _____ () C:\Users\Ron\AppData\Local\Google\Chrome Frame\User Data\iexplore\SwiftShader\1.0.5.0\libglesv2.dll
2014-03-04 10:58 - 2014-03-04 10:58 - 00112128 _____ () C:\Users\Ron\AppData\Local\Google\Chrome Frame\User Data\iexplore\SwiftShader\1.0.5.0\libegl.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-02-10 13:07 - 2014-02-02 01:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\pdf.dll
2014-02-10 13:07 - 2014-02-02 01:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-10 13:07 - 2014-02-02 01:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{FC99AE03-D292-48F7-BB91-477CDCDECF79}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe
FirewallRules: [{BA9EC296-8434-4583-ACAB-0E78C783702F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe
FirewallRules: [{559010AB-F5FD-412B-A3E1-B6D2B11B5EF1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{500CCE24-F335-48F6-9310-5C4F781E6C3E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{8B915CB9-0F64-4A76-B86E-41C0C73B1FC9}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{A67895BD-FC71-4304-8D00-9FEC3E6DBDE6}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{35E318B8-D6C5-4651-B300-0291A29DC4FD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{8AC5445A-D573-4451-9D7E-510D31D5A2D7}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{D210E0E9-0842-4E57-9C6C-125817393DD2}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{0FAE24B0-A1F5-45FC-B391-D7CF7664FAC7}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{5B083104-6E0C-4E44-94A3-7BC87B7BC9F0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{6FBAF1A4-AE74-4D71-A094-500E3324085A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{230CE759-79A9-4A6C-9748-256BD3F8DF3D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{28079C2F-EF06-4EAC-8EFE-6020A4E7DC92}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{FBA5DADC-977F-413A-ACC5-02431B352C15}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{A2D601EB-9907-4430-8A4C-327617A498E4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{5D0D07D5-0D32-42D3-971F-F2899F18427F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{A3903AC9-7CBC-4F9A-99B4-A6F7F6625DD1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{6101F6D8-16E7-4D99-9069-3E557D5CBC8D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [TCP Query User{1D7890CB-F2C2-43FD-9D91-710546164C45}C:\program files (x86)\napster\napster.exe] => (Block) C:\program files (x86)\napster\napster.exe
FirewallRules: [UDP Query User{0BD0618D-6611-423F-9FE6-22B200E02915}C:\program files (x86)\napster\napster.exe] => (Block) C:\program files (x86)\napster\napster.exe
FirewallRules: [{CFD54C7E-83BB-460A-8DE7-6168A27F8DDE}] => (Allow) LPort=80
FirewallRules: [{9BE1370C-23DF-4F48-97B3-2CA4105FA773}] => (Allow) LPort=80
FirewallRules: [{CCE194C7-055B-40B8-ABAE-FDF79735A5FE}] => (Allow) LPort=80
FirewallRules: [{A56E82B7-7534-4C28-A661-9437CA3A2DEB}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{E2AF6A57-7368-4E71-BC19-753A73C59DAB}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{1C632877-3F4A-4733-9395-2AE570A1E0EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6F33C65-D2EB-4507-9026-AFFCBD8A8C22}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5AB752FD-793A-41FA-92ED-F912787F823B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0717930C-1A31-49A0-ADAC-93CAC8CFD9A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{961FD7EE-BB4A-4362-92D4-42ABE952CA6E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6D63D210-600E-4C52-BB13-69684F41EB60}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1F8ACFBA-0B0C-45DA-A489-2C3E59E3594F}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: USB ISDN-Connector
Description: USB ISDN-Connector
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2015 06:47:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 410
Anfangszeit: 01d082901824ebb2
Zeitpunkt der Beendigung: 267

Error: (04/29/2015 05:38:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16636 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1118
Anfangszeit: 01d082927312aec2
Zeitpunkt der Beendigung: 0

Error: (04/29/2015 05:23:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2015 10:37:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1030

Error: (04/29/2015 10:37:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1030

Error: (04/29/2015 10:37:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/29/2015 10:36:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5008

Error: (04/29/2015 10:36:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5008

Error: (04/29/2015 10:36:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/29/2015 10:36:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4010


System errors:
=============
Error: (04/29/2015 05:24:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (04/29/2015 05:21:30 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/29/2015 05:21:22 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/29/2015 05:21:15 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/29/2015 05:21:07 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/29/2015 10:03:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (04/29/2015 10:02:11 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/29/2015 10:02:04 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/29/2015 10:01:56 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/29/2015 10:01:48 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-29 18:39:56.007
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 18:39:55.504
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 18:39:55.023
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 18:39:54.509
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 17:36:45.230
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 17:36:44.770
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 17:36:44.289
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 17:36:43.821
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 17:36:42.316
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 17:36:41.850
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 47%
Total physical RAM: 6142.33 MB
Available physical RAM: 3235.75 MB
Total Pagefile: 12479.12 MB
Available Pagefile: 9519.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:582.33 GB) (Free:265.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.84 GB) (Free:1.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:596.17 GB) (Free:591.8 GB) NTFS
Drive h: (Elements) (Fixed) (Total:931.51 GB) (Free:691.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: 6BD0662C)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00039E2E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Alt 29.04.2015, 18:46   #6
dr.tschuna
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by Ron (administrator) on RON-PC on 29-04-2015 18:39:44
Running from C:\Users\Ron\Downloads
Loaded Profiles: Ron (Available profiles: Ron)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
() C:\Windows\mrsm.exe
() C:\Windows\rsm.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll [X]
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-08-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-04-11]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-28]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}\hqghumeaylnlf.exe (Super PC Tools Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM -> {CA8FE908-E845-4081-937D-C045FEC0FC98} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018
FF DefaultSearchEngine: oursurfing
FF SelectedSearchEngine: oursurfing
FF Homepage: ?type=hppp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2673002154-866942330-3263328844-1000: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Ron\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\quick_searchff@gmail.com [2015-04-29]
FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\sweetsearch@gmail.com [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-04]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-09-15]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-09-15]
FF HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-01] (Kaspersky Lab ZAO)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mrsm; c:\windows\mrsm.exe [408576 2015-04-28] () [File not signed]
R2 rsm; c:\windows\rsm.exe [417792 2015-04-28] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; No ImagePath
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-01] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-04-29] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 LVUSBS64; system32\drivers\LVUSBS64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 18:39 - 2015-04-29 18:40 - 00022594 _____ () C:\Users\Ron\Downloads\FRST.txt
2015-04-29 18:39 - 2015-04-29 18:39 - 02101248 _____ (Farbar) C:\Users\Ron\Downloads\FRST64.exe
2015-04-29 09:14 - 2015-04-29 09:14 - 00262144 _____ () C:\Windows\system32\config\elam
2015-04-29 08:34 - 2015-04-29 08:34 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-04-29 08:33 - 2015-04-29 18:00 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-29 08:32 - 2015-04-29 17:52 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\oursurfing
2015-04-28 23:57 - 2015-04-28 23:57 - 00000000 ____D () C:\Users\Ron\Desktop\Alte Firefox-Daten
2015-04-28 23:44 - 2015-04-28 23:44 - 00000000 ____D () C:\ProgramData\c50e087800005cff
2015-04-28 22:16 - 2015-04-28 22:41 - 00003428 _____ () C:\Windows\System32\Tasks\NetEngine
2015-04-28 22:04 - 2015-04-28 22:04 - 00000000 ____D () C:\ProgramData\Uniblue
2015-04-28 21:46 - 2015-04-28 23:42 - 00000000 ____D () C:\ProgramData\NetEngine
2015-04-28 21:44 - 2015-04-28 23:42 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\mystartsearch
2015-04-28 21:44 - 2015-04-28 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer
2015-04-28 21:44 - 2015-04-28 21:44 - 00000000 ____D () C:\Users\Ron\AppData\Local\BrowserWeb
2015-04-28 21:43 - 2015-04-29 10:35 - 00000000 ___HD () C:\ProgramData\rsm
2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\System NotifierV28.04
2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\MixVideoPlayer
2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\Cinema Pro Plus 3.4cV28.04
2015-04-28 21:41 - 2015-04-28 22:03 - 00000000 ____D () C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}
2015-04-28 21:41 - 2015-04-28 21:41 - 00000119 _____ () C:\Windows\wininit.ini
2015-04-28 21:40 - 2015-04-28 23:42 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RinoReader
2015-04-28 21:40 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\RinoReader
2015-04-28 21:40 - 2015-04-28 21:40 - 00631296 _____ () C:\Windows\rsm.dat
2015-04-28 21:40 - 2015-04-28 21:40 - 00417792 _____ () C:\Windows\rsm.exe
2015-04-28 21:40 - 2015-04-28 21:40 - 00408576 _____ () C:\Windows\mrsm.exe
2015-04-28 21:39 - 2015-04-28 21:39 - 00704936 _____ () C:\Users\Ron\Downloads\Setup.exe
2015-04-27 20:51 - 2015-04-27 20:51 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall(1).exe
2015-04-27 20:50 - 2015-04-27 20:50 - 00413368 _____ () C:\Users\Ron\Downloads\model_trisha_1089506_hendrix78_GameroticaAutoInstall.exe
2015-04-26 10:05 - 2015-04-26 10:05 - 00243416 _____ () C:\Users\Ron\Downloads\pose_sandypose librarian dual 14_1087984_sandreane_GameroticaAutoInstall.exe
2015-04-26 10:04 - 2015-04-26 10:04 - 00485816 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_jewelry_devil_heart_1088454_veemy_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:04 - 00286824 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088616_like_a_lion_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 02647568 _____ () C:\Users\Ron\Downloads\texture_cloth_mse short shorts wlow_1088640_mouse_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 00254208 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088618_like_a_lion_GameroticaAutoInstall.exe
2015-04-26 10:03 - 2015-04-26 10:03 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall.exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:49 - 2015-04-22 20:49 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00328864 _____ () C:\Users\Ron\Downloads\pose_jbroot naa cunilover_1085010_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:48 - 2015-04-22 20:48 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall(1).exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00336520 _____ () C:\Users\Ron\Downloads\pose_jbroot naa ride 2_1085014_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00333464 _____ () C:\Users\Ron\Downloads\pose_jbroot naa blowjob_1084994_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00331568 _____ () C:\Users\Ron\Downloads\pose_jbroot naa prelude to assfuck_1085016_johnbroot_GameroticaAutoInstall.exe
2015-04-22 20:47 - 2015-04-22 20:47 - 00230880 _____ () C:\Users\Ron\Downloads\pose_office mutual_1085048_pnyxprs420_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00279256 _____ () C:\Users\Ron\Downloads\pose_intense fbp missionary 1 a_1086054_skar123_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00263160 _____ () C:\Users\Ron\Downloads\pose_ekusoy movieaction 19_1085564_ekusoy_GameroticaAutoInstall.exe
2015-04-22 20:46 - 2015-04-22 20:46 - 00239096 _____ () C:\Users\Ron\Downloads\pose_office dual masterbation_1085050_pnyxprs420_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00258544 _____ () C:\Users\Ron\Downloads\pose_working girls working hard 1 a_1086096_skar123_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00235248 _____ () C:\Users\Ron\Downloads\pose_licking love_1086102_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00231624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian single 29_1086128_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00229632 _____ () C:\Users\Ron\Downloads\pose_licking love iii_1086108_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00229344 _____ () C:\Users\Ron\Downloads\pose_licking love ii_1086104_cybermach_GameroticaAutoInstall.exe
2015-04-22 20:44 - 2015-04-22 20:44 - 00239296 _____ () C:\Users\Ron\Downloads\pose_seducting pose 01_1086376_prime_005_GameroticaAutoInstall.exe
2015-04-22 20:43 - 2015-04-22 20:43 - 00261240 _____ () C:\Users\Ron\Downloads\pose_rb blowjob_1087686_s-hunter_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00250992 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 61_1087698_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00241616 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 59_1087702_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:42 - 2015-04-22 20:42 - 00240800 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 58_1087694_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:41 - 2015-04-22 20:41 - 00247472 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 09_1087974_sandreane_GameroticaAutoInstall.exe
2015-04-22 20:41 - 2015-04-22 20:41 - 00234784 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 11_1087978_sandreane_GameroticaAutoInstall.exe
2015-04-21 09:35 - 2015-04-29 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-16 08:32 - 2015-03-14 04:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 08:32 - 2015-03-14 04:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 08:32 - 2015-03-13 03:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 08:32 - 2015-03-13 03:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 08:32 - 2015-03-13 03:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 08:32 - 2015-03-13 03:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 08:32 - 2015-03-13 02:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 08:32 - 2015-03-13 02:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 08:32 - 2015-03-13 02:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 08:32 - 2015-03-05 04:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 08:32 - 2015-03-05 03:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 08:24 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 08:24 - 2015-03-09 02:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 08:24 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 08:24 - 2015-03-05 04:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 08:24 - 2015-03-05 03:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:19 - 2015-03-10 02:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 08:19 - 2015-03-10 02:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 08:19 - 2015-03-10 02:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 08:19 - 2015-03-10 02:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 08:19 - 2015-03-10 02:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 08:19 - 2015-03-10 02:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 08:19 - 2015-03-10 02:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 08:19 - 2015-03-10 02:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 08:19 - 2015-03-10 02:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 08:19 - 2015-03-10 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 08:19 - 2015-03-10 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 08:19 - 2015-03-10 02:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-15 08:19 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 08:19 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 08:19 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 08:19 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 08:19 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 08:19 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 08:19 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-15 08:19 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 08:19 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 08:19 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-15 08:19 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-15 08:19 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-13 12:09 - 2015-04-13 12:09 - 00241448 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed doggy in and out_1081888_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:08 - 2015-04-13 12:08 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall(1).exe
2015-04-13 12:08 - 2015-04-13 12:08 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall(1).exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00611776 _____ () C:\Users\Ron\Downloads\model_this is not addison timlin_1082304_eganem_GameroticaAutoInstall.exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall(1).exe
2015-04-13 12:07 - 2015-04-13 12:07 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall(1).exe
2015-04-13 12:06 - 2015-04-13 12:06 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall(1).exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00791960 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 1_1082640_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00751952 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 2_1082630_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00727200 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 3_1082646_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 00721272 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 4_1082650_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:05 - 00728336 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 5_1082656_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:04 - 00241848 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed cowgirl_1082978_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:04 - 2015-04-13 12:04 - 00237240 _____ () C:\Users\Ron\Downloads\pose_bed ride_1082990_jackass_01_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00787304 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 9_1083054_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00724776 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 7_1083050_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00719736 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 8_1083052_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 00691144 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 6_1083048_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00704416 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 10_1083056_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00525448 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 2_1083776_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:02 - 2015-04-13 12:02 - 00467232 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 1_1083774_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 06622576 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_mini_1083946_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 06493368 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_micromini_1083948_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 00502528 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 3_1083778_beez1224_GameroticaAutoInstall.exe
2015-04-13 12:01 - 2015-04-13 12:01 - 00241024 _____ () C:\Users\Ron\Downloads\pose_ride_1083822_maxi1009_GameroticaAutoInstall.exe
2015-04-13 12:00 - 2015-04-13 12:00 - 05568672 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_towaist_1083954_lagit38_GameroticaAutoInstall.exe
2015-04-13 12:00 - 2015-04-13 12:00 - 00303120 _____ () C:\Users\Ron\Downloads\pose_wap pegging the new girl_1083838_nottsandnotts_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00563576 _____ () C:\Users\Ron\Downloads\texture_cloth_m5kkcfma_1084090_meatloaf5k_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00246136 _____ () C:\Users\Ron\Downloads\pose_bed room bed hump_1084010_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00245384 _____ () C:\Users\Ron\Downloads\pose_bed room bed her turn_1084000_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00245376 _____ () C:\Users\Ron\Downloads\pose_edge of bed room bed_1084014_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:59 - 2015-04-13 11:59 - 00244264 _____ () C:\Users\Ron\Downloads\pose_bed room bed in and out_1084006_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00251376 _____ () C:\Users\Ron\Downloads\pose_animated ride_1084046_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 41_1084212_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00248624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 44_1084224_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00246456 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 40_1084206_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00250656 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 47_1084254_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00246576 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 48_1084256_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:57 - 2015-04-13 11:57 - 00245760 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 49_1084258_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00295296 _____ () C:\Users\Ron\Downloads\pose_wap hoisted lick_1084204_nottsandnotts_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 54_1084376_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:56 - 2015-04-13 11:56 - 00242312 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 53_1084370_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00253104 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 55_1084380_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00241880 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 52_1084362_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:55 - 2015-04-13 11:55 - 00236632 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 51_1084360_sandreane_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall.exe
2015-04-13 11:53 - 2015-04-13 11:53 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:23 - 2015-04-07 21:23 - 00229976 _____ () C:\Users\Ron\Downloads\pose_nipple suck on livingroom chair_1079890_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00944272 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa l1 h3_1080182_mouse_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00243744 _____ () C:\Users\Ron\Downloads\pose_handcuffed bed grind_1079942_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:22 - 2015-04-07 21:22 - 00236992 _____ () C:\Users\Ron\Downloads\pose_high above_1080094_klondyke_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00943808 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa sex1 h3_1080186_mouse_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00928584 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa photopose_1080180_mouse_GameroticaAutoInstall.exe
2015-04-07 21:21 - 2015-04-07 21:21 - 00254504 _____ () C:\Users\Ron\Downloads\pose_cuffed library machine ride_1080390_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:20 - 2015-04-07 21:20 - 00251976 _____ () C:\Users\Ron\Downloads\pose_cuffed on library table_1080460_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:17 - 2015-04-07 21:17 - 01362752 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_hairstyle_spring_wind_1080506_veemy_GameroticaAutoInstall.exe
2015-04-07 21:17 - 2015-04-07 21:17 - 00225184 _____ () C:\Users\Ron\Downloads\pose_mutual respect animated_1080532_pnyxprs420_GameroticaAutoInstall.exe
2015-04-07 21:16 - 2015-04-07 21:16 - 00410808 _____ () C:\Users\Ron\Downloads\model_jasmin_1081134_t03289a_GameroticaAutoInstall.exe
2015-04-07 21:15 - 2015-04-07 21:15 - 00757440 _____ () C:\Users\Ron\Downloads\texture_cloth_sloggi underwear white_1081628_howlin_GameroticaAutoInstall.exe
2015-04-07 21:15 - 2015-04-07 21:15 - 00245576 _____ () C:\Users\Ron\Downloads\pose_jail desk in and out_1081686_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:14 - 2015-04-07 21:14 - 00210688 _____ () C:\Users\Ron\Downloads\pose_pose_1081738_cybermach_GameroticaAutoInstall.exe
2015-04-07 21:13 - 2015-04-07 21:13 - 00255368 _____ () C:\Users\Ron\Downloads\pose_cream pie_1081844_lagit38_GameroticaAutoInstall.exe
2015-04-07 21:11 - 2015-04-07 21:11 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall.exe
2015-04-07 21:11 - 2015-04-07 21:11 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:10 - 2015-04-07 21:10 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall.exe
2015-04-07 21:09 - 2015-04-07 21:09 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall.exe
2015-04-07 21:09 - 2015-04-07 21:09 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 18:39 - 2014-03-30 21:20 - 00000000 ____D () C:\FRST
2015-04-29 18:23 - 2014-02-10 13:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 18:18 - 2012-07-05 19:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-29 17:36 - 2012-08-25 12:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-29 17:27 - 2009-03-09 19:18 - 01289458 _____ () C:\Windows\WindowsUpdate.log
2015-04-29 17:26 - 2014-04-02 19:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-29 17:21 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-29 17:21 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-29 17:20 - 2014-02-10 13:07 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 17:20 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-29 12:03 - 2006-11-02 17:42 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-29 09:53 - 2008-01-21 05:26 - 00851910 _____ () C:\Windows\PFRO.log
2015-04-29 09:52 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-29 09:52 - 2009-02-04 21:42 - 00000831 _____ () C:\Users\Public\Desktop\Internet Explorer.lnk
2015-04-29 09:43 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-28 22:49 - 2014-04-02 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-28 22:49 - 2014-04-02 19:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-28 22:49 - 2013-03-17 13:45 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-28 22:03 - 2009-08-04 19:23 - 00000000 ____D () C:\Users\Ron
2015-04-28 11:00 - 2009-08-04 20:56 - 00000000 ___RD () C:\Users\Ron\Documents\Christine
2015-04-28 08:52 - 2009-08-06 05:37 - 00043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat
2015-04-26 15:53 - 2009-08-05 16:40 - 00000000 ___RD () C:\Users\Ron\Documents\Ronald
2015-04-22 08:05 - 2013-08-15 06:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-22 07:55 - 2006-11-02 14:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-21 21:52 - 2013-04-09 19:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 19:08 - 2014-08-16 22:47 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\spool
2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-21 19:08 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\registration
2015-04-21 19:08 - 2006-11-02 14:33 - 80478208 _____ () C:\Windows\system32\config\software_previous
2015-04-21 19:08 - 2006-11-02 14:33 - 317456384 _____ () C:\Windows\system32\config\system_previous
2015-04-21 19:02 - 2006-11-02 14:33 - 61341696 _____ () C:\Windows\system32\config\components_previous
2015-04-21 19:02 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-20 22:16 - 2006-11-02 14:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-04-20 22:16 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-17 13:29 - 2009-08-07 13:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-16 08:31 - 2009-09-01 20:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 08:26 - 2013-04-12 20:12 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 17:18 - 2013-04-03 21:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 17:18 - 2013-04-03 21:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 17:18 - 2012-07-05 19:40 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-06 07:37 - 2009-08-06 06:15 - 00000000 ____D () C:\Users\Ron\AppData\Local\Google

==================== Files in the root of some directories =======

2014-12-19 18:03 - 2014-12-19 18:03 - 0000396 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFX5SA.log
2010-01-06 23:00 - 2010-01-04 16:43 - 0152848 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Comdlg32.ocx
2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Flanger
2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Flowers
2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Folder Actions
2009-08-06 05:37 - 2015-04-28 08:52 - 0043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat
2012-05-01 10:56 - 2012-12-01 11:46 - 0001356 _____ () C:\Users\Ron\AppData\Local\d3d9caps.dat
2011-07-15 22:45 - 2015-03-04 19:56 - 0009148 _____ () C:\Users\Ron\AppData\Local\d3d9caps64.dat
2010-04-27 22:52 - 2015-03-11 23:46 - 0209408 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 21:07 - 2015-01-25 21:39 - 0523048 _____ () C:\Users\Ron\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2015-01-25 21:06 - 2015-01-25 21:06 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error.txt
2015-01-25 21:11 - 2015-01-25 21:11 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error_lp.txt
2015-01-25 21:06 - 2015-01-25 21:39 - 1041360 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install.txt
2015-01-25 21:11 - 2015-01-25 21:39 - 0170854 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install_lp.txt
2015-01-25 21:11 - 2015-01-25 21:11 - 0974496 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI2695.txt
2015-01-25 21:38 - 2015-01-25 21:39 - 0973680 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI3B7D.txt
2015-01-25 21:09 - 2015-01-25 21:11 - 2828366 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI2521.txt
2015-01-25 21:38 - 2015-01-25 21:38 - 2828752 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI3B22.txt
2011-02-09 12:19 - 2011-02-09 12:19 - 0359330 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI3ADA.txt
2011-09-13 18:55 - 2011-09-13 18:55 - 0363238 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI56CD.txt
2011-02-09 13:19 - 2011-02-09 13:19 - 0358562 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI6914.txt
2011-02-09 10:43 - 2011-02-09 10:43 - 0358772 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI7125.txt
2011-02-09 12:19 - 2011-02-09 12:19 - 0011230 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI3ADA.txt
2011-09-13 18:55 - 2011-09-13 18:55 - 0011454 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI56CD.txt
2011-02-09 13:19 - 2011-02-09 13:19 - 0011198 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI6914.txt
2011-02-09 10:43 - 2011-02-09 10:43 - 0011166 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI7125.txt
2011-06-25 16:00 - 2014-07-12 11:51 - 0000047 _____ () C:\Users\Ron\AppData\Local\Images.fl
2015-01-25 21:06 - 2015-01-25 21:39 - 0006418 _____ () C:\Users\Ron\AppData\Local\uxeventlog.txt
2011-10-16 12:36 - 2011-10-16 12:36 - 0017408 _____ () C:\Users\Ron\AppData\Local\WebpageIcons.db
2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Electric Piano
2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Flange Saw
2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Flowers
2009-02-04 21:50 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.001
2009-02-04 21:12 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\Ron\AppData\Local\temp\APNSetup.exe
C:\Users\Ron\AppData\Local\temp\FileSystemView.dll
C:\Users\Ron\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ron\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ron\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Ron\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Ron\AppData\Local\temp\jre-8u40-windows-au.exe
C:\Users\Ron\AppData\Local\temp\launcher_vs2010_sp1_vcredist_x86.exe
C:\Users\Ron\AppData\Local\temp\Quarantine.exe
C:\Users\Ron\AppData\Local\temp\supoptsetup.exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_d81_emo-punk_bikini_1012878_cpoa_dude81_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_mclainsgidgetbikini_1040220_mclain_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_mclainsgidgetbikini_1040220_mclain_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_yasmine_schuh1_1059430_yasmine_cool_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_cloth_yasmine_schuh1_1059430_yasmine_cool_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture_room_kr_ice_camp_1044534_kingrich07_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_room_kr_ice_camp_1044534_kingrich07_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture_room_kr_woodland02_1054848_kingrich07_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture_room_kr_woodland02_1054848_kingrich07_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles4_35827_worgr_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__2facemoles4_35827_worgr_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__41___aerobicpanty_335620_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__41___aerobicpanty_335620_voy969_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__7min-abs_tribal6_147061_mgw1090_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__7min-abs_tribal6_147061_mgw1090_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__87c combination b_535436_joshua_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__87c combination b_535436_joshua_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__987pr hair s06 v1_410138_987philr_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__987pr hair s06 v1_410138_987philr_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__afdesign_danis panty_427484_andreales_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__afdesign_danis panty_427484_andreales_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__black cotton dress_574356_serin_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__black cotton dress_574356_serin_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__black pinstriped top_486230_murmel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__black pinstriped top_486230_murmel_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__bookworm_glasses_413322_fipps_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__bookworm_glasses_413322_fipps_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__br bedhead hairstyle_591046_bigrock42_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__br bedhead hairstyle_591046_bigrock42_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__br re_texture of hairstyle 48_629340_bigrock42_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__br re_texture of hairstyle 48_629340_bigrock42_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__business g_455816_lothar33333_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__business g_455816_lothar33333_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__business pin stripes_434074_murmel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__business pin stripes_434074_murmel_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__challybusinessgirlsuit_709192_challyrally_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__challybusinessgirlsuit_709192_challyrally_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__challyfunky70s008_720690_challyrally_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__challyfunky70s008_720690_challyrally_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__challyvelvettucked_732160_challyrally_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__challyvelvettucked_732160_challyrally_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__chestcum_750008_lorgrom_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__chestcum_750008_lorgrom_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_blue sapphire_469898_cronan_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_blue sapphire_469898_cronan_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_diamond set_508692_cronan_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_diamond set_508692_cronan_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_forest_525112_cronan_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_forest_525112_cronan_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_jewelry_silver_609268_cronan_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__cronan_jewelry_silver_609268_cronan_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_bathrobe closed_332648_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_bathrobe closed_332648_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 010_460478_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 010_460478_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 011_659244_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_casual 011_659244_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001 lifted_519660_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001 lifted_519660_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001_519658_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001_519658_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall(3).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 001_481992_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 001_481992_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 002_481994_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 003_481996_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 004_619254_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_leather jacket 001 t-shirt_386406_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 003_442136_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 004_463532_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 009_580772_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 010_582302_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall(4).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 012_606900_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 014 (undressed)_677206_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 014_677202_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_schoolgirl_jumper_lifted_598878_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_schoolgirl_tie_599738_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_tights (for hd skln)_595252_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_tights_ripped (for hd skin)_595256_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_towel waist_460532_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003 bra pull_368226_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003_360544_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003_panty pull 2_367356_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__dv75-ring08_722810_fritzel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__dv75-schuhe03_723088_fritzel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fblacklacebikini_445190_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fbluewhitestripebikini_453920_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__featured underwear green_327206_murmel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fhotpantsboyshortslacewhite_497554_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__flacepantyoff_499584_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__floral tattoo pack_667592_kewitaxi_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__flor_252040_manalor_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__flower - ring_251264_stisegon_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fpinkstripebikinii_453916_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fship bracelet_128345_darkness_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__fwhitelaceunderwearset_497212_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__gamerotica netbikini_228488_stisegon_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__grey pinstripes_486286_murmel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 black diamond lingerie_658722_horsman82_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 29_713274_horsman82_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 29_713274_horsman82_GameroticaAutoInstall(2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 8_712902_horsman82_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 obsidia lingerie_729682_horsman82_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__h82 viktoria lingerie_664076_horsman82_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__hair braids_446180_iblisazazel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__heart_shirt_745416_newguy_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__hq nipples l_421148_mattisse_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__hq nipples r_421146_mattisse_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__jb_chameleon_satin_and_lace_bra_and_thong_sst_487078_jasonblood_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__jb_olive_satin_and_pearl_burlesque_bra_sst_496210_jasonblood_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__jb_wire_frame_glasses_sst_576582_jasonblood_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__kr_old_canvas_shoes_711124_kingrich07_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__l skirt 01_435218_lothar33333_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__l skirt 02_435220_lothar33333_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__lace lingerie set_352374_mattisse_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__lagit_custom_coloreglasses_521956_lagit38_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__leopard print underwear 2_387328_xab4275_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__lifted wool skirt_348514_murmel_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__lingerieset_11_159925_ice_ic_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__lingerieset_12_162157_ice_ic_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture__migz angryunicorn_roundup_f_725452_migz_2k13_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture____fbikinithongpolka_342446_voy969_GameroticaAutoInstall (2).exe
C:\Users\Ron\AppData\Local\temp\texture____fbikinithongpolka_342446_voy969_GameroticaAutoInstall (3).exe
C:\Users\Ron\AppData\Local\temp\VIS-2013-German.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-29 17:43

==================== End Of Log ============================
--- --- ---

--- --- ---


Jetzt hat es geklappt ! Sorry!

Alt 29.04.2015, 19:02   #7
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Hi,

Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 29.04.2015, 20:04   #8
dr.tschuna
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Code:
ATTFilter
# AdwCleaner v4.202 - Bericht erstellt 29/04/2015 um 20:22:13
# Aktualisiert 23/04/2015 von Xplode
# Datenbank : 2015-04-27.1 [Server]
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Benutzername : Ron - RON-PC
# Gestarted von : C:\Users\Ron\Downloads\AdwCleaner_4.202.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : IHProtect Service

***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\apn
[!] Ordner Gelöscht : C:\ProgramData\Uniblue
[!] Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
[!] Ordner Gelöscht : C:\ProgramData\NetEngine
[!] Ordner Gelöscht : C:\ProgramData\c50e087800005cff
[!] Ordner Gelöscht : C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}
[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer
[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer
[!] Ordner Gelöscht : C:\Program Files (x86)\XTab
[!] Ordner Gelöscht : C:\Program Files (x86)\MixVideoPlayer
[!] Ordner Gelöscht : C:\Program Files (x86)\RinoReader
[!] Ordner Gelöscht : C:\Program Files (x86)\MixVideoPlayer
[!] Ordner Gelöscht : C:\Users\Ron\AppData\Local\Temp\apn
[!] Ordner Gelöscht : C:\Users\Ron\AppData\Local\BrowserWeb
[!] Ordner Gelöscht : C:\Users\Ron\AppData\Local\Genesis_07121006
[!] Ordner Gelöscht : C:\Users\Ron\AppData\Roaming\mystartsearch
[!] Ordner Gelöscht : C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RinoReader
[!] Ordner Gelöscht : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\sweetsearch@gmail.com
[!] Ordner Gelöscht : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\quick_searchff@gmail.com
Datei Gelöscht : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gbmdkmlcnbapgegninelmjbfibaghdmk_0.localstorage

***** [ Geplante Tasks ] *****

Task Gelöscht : NetEngine

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Super Optimizer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\MixVideoPlayer
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RinoReader
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Genesis_07121006
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16636


-\\ Mozilla Firefox v37.0.2 (x86 de)

[1ewveuey.default-1430258247018\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[1ewveuey.default-1430258247018\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [6712 Bytes] - [02/04/2014 19:57:38]
AdwCleaner[R1].txt - [4980 Bytes] - [29/04/2015 20:18:49]
AdwCleaner[S0].txt - [5581 Bytes] - [02/04/2014 20:00:05]
AdwCleaner[S1].txt - [4660 Bytes] - [29/04/2015 20:22:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4719  Bytes] ##########
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.04.2015
Suchlauf-Zeit: 20:34:47
Logdatei: mbamlog.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.04.29.04
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: Ron

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 406007
Verstrichene Zeit: 26 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 3
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.oursurfing.com/web/?type=ds&ts=1430289123&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}, , [02566f03a9e1bf77dd70b2ad55b0629e]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}, , [7eda185a9cee3bfb410c79e6fc09be42]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}|URL, hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}, , [38209dd592f8053151fcc19ea461b44c]

Registrierungsdaten: 6
PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[3b1d29498cfeb284d1fdde225bab7090]
PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[6fe931411d6dc274b41af010b94d52ae]
PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[1048640e4b3f55e1c8065ea29d698e72]
PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[0454ee84d6b493a329a5c53b15f16997]
PUP.Optional.HttpBreaker.A, HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[ed6b0b67e1a96accf1dab44cc6402fd1]
PUP.Optional.HttpBreaker.A, HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[77e1284ad3b7e1557f4cab5566a047b9]

Ordner: 7
PUP.Optional.GlobalUpdate.A, C:\Users\Ron\AppData\Local\temp\comh.143938, , [540498daafdb082e46a71793ea19b54b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Ron\AppData\Local\temp\comh.415473, , [411784ee27632f0749a4acfe38cb7a86], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Pro Plus 3.4cV28.04, , [d286036fe1a91f17f778ac1714ef22de], 
PUP.Optional.SystemNotifier.A, C:\Program Files (x86)\System NotifierV28.04, , [c791244e444643f3ee95972cfe05b848], 
PUP.Optional.OurSurfing.A, C:\Users\Ron\AppData\Roaming\oursurfing, , [193f4f23ec9eb086f4a14c7b897aae52], 
PUP.Optional.OurSurfing.A, C:\Users\Ron\AppData\Roaming\oursurfing\images, , [193f4f23ec9eb086f4a14c7b897aae52], 
PUP.Optional.OurSurfing.A, C:\Users\Ron\AppData\Roaming\oursurfing\images\code, , [193f4f23ec9eb086f4a14c7b897aae52], 

Dateien: 3
PUP.Optional.Softonic.SID.C, C:\Users\Ron\Downloads\Setup.exe, , [c692b9b9dfab0a2c0f353e0a986e718f], 
PUP.Optional.HttpBreaker.A, C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "?type=hppp");), ,[b3a57ef4d3b7bf77a9525feaa75fe21e]
PUP.Optional.OurSurfing.A, C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\search.json, Gut: (), Schlecht: (oursurfing.com), ,[045412603159181e18c4ad9c877fe21e]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Alt 29.04.2015, 20:31   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Die MBAM Funde in Quarantäne verschoben?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 30.04.2015, 05:51   #10
dr.tschuna
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Ja! Habe ich. Aber immer leider noch jede Menge Seiten, die sich ungewollt aufmachen.

Alt 30.04.2015, 13:58   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Zitat:
Zitat von dr.tschuna Beitrag anzeigen
Aber immer leider noch jede Menge Seiten, die sich ungewollt aufmachen.
War ja nur ne Frage, habe ja nicht gesagt, dass wir fertig sind.

Kaspersky vorübergehend deaktivieren.

Schritt 1
Download von ZOEK (by Smeenk)
  • Speichere die zoek.exe auf dem Desktop.
  • Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    systemspecs;
autoclean;
FFdefaults;
iedefaults;
emptyclsid;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
    Zitat:
    Zoek.exe is running now.
    Do not start any browser windows, they may get closed automatically.
    Please wait! This window will close when finished.
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
  • Bitte poste mir das zoek-results.log.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 30.04.2015, 18:38   #12
dr.tschuna
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 23-04-2015
Tool run by Ron on 30.04.2015 at 19:04:48,07.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ron\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

30.04.2015 19:06:34 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Carbonite deleted successfully
C:\PROGRA~2\Cinema Pro Plus 3.4cV28.04 deleted successfully
C:\PROGRA~2\Convar deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Nikon deleted successfully
C:\PROGRA~2\System NotifierV28.04 deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\Logitech deleted successfully
C:\Users\Ron\AppData\Roaming\Common deleted successfully
C:\Users\Ron\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Ron\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully
C:\Users\Ron\AppData\Local\Nikon deleted successfully
C:\Users\Ron\AppData\Local\Secunia PSI deleted successfully
C:\Users\Ron\AppData\Local\Verkleinert deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\prefs.js:
user_pref("browser.search.defaultenginename", "oursurfing");
user_pref("browser.search.selectedEngine", "oursurfing");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018

---- Lines Sweet removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"quick_searchff@gmail.com\":{\"d\":\"C:\\\\Users\\\\Ron\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firef
---- Lines Sweet modified from prefs.js ----

user_pref("extensions.enabledAddons", "sweetsearch%40gmail.com:1.0.0.1031,quick_searchff%40gmail.com:5.4.10,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ---- 

user__1923_.backup
prefs__1923_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Carbonite not found
C:\PROGRA~2\Cinema Pro Plus 3.4cV28.04 not found
C:\PROGRA~2\Convar not found
C:\PROGRA~2\Nikon not found
C:\PROGRA~2\System NotifierV28.04 not found
C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\sweetsearch@gmail.com not found
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Ron\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\ext_offermosquito deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Windows\patsearch.bin deleted
C:\Windows\wininit.ini deleted
C:\windows\SysNative\drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf deleted
C:\Users\Ron\Desktop\WordToPDF - CHIP Downloader.lnk deleted
"C:\Users\Ron\AppData\Roaming\Flanger" deleted
"C:\Users\Ron\AppData\Roaming\Flowers" deleted
"C:\Users\Ron\AppData\Roaming\Folder Actions" deleted
"C:\ProgramData\Electric Piano" deleted
"C:\ProgramData\Flange Saw" deleted
"C:\ProgramData\Flowers" deleted
"C:\PROGRA~2\Windows Collaboration" deleted

==== System Specs ======================

Windows: Windows Vista Home Premium Edition (64-bit) Service Pack 2 (Build 6002)
Memory (RAM): 6143 MB
CPU Info: Intel(R) Core(TM)2 Quad  CPU   Q8200  @ 2.33GHz
CPU Speed: 2346,6 MHz
Sound Card: Lautsprecher (Realtek High Defi | 
Realtek Digital Output (Realtek | 
Realtek HDMI Output (Realtek Hi | 
Display Adapters: ATI Radeon HD 5400 Series | ATI Radeon HD 5400 Series | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; PnP-Monitor (Standard) | 
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
CD / DVD Drives: 1x (F: | ) F: TSSTcorpCDDVDW TS-H653Z
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  582,3GB | D:  13,8GB | E:  596,2GB | H:  931,5GB
Hard Disks - Free: C:  265,3GB | D:  1,6GB | E:  589,9GB | H:  691,2GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 12/16/08 | HPQOEM - 20081216
Time Zone: Mitteleuropäische Zeit
Motherboard *: PEGATRON CORPORATION Benicia
Country: Deutschland 
Language: DEU 

==== System Specs (Software) ======================

Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Kaspersky Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Kaspersky Internet Security disabled
Internet Explorer Version: 9.0.8112.16421 
Mozilla Firefox version: 37.0.2 (x86 de)
Adobe Reader version: 10.1.13.16
Sun Java version: 1.8.0_40 (32-bit) 
Sun Java version: 1.8.0_40 (64-bit) 
Flash Player version: 17.0.0.169

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [16.12.2014 15:58]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04.04.2014 12:36]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018
AB87EEFFD18F2BAAFC274E7075EA6C67	- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
9AE02005247DA91AB1743F5208DBEF76	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -	Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[14.08.2013 12:43]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[14.08.2013 12:43]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[14.08.2013 12:43]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[16.12.2014 15:55]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[14.08.2013 12:43]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="hxxp://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com/ie"
"Default_Search_URL"="hxxp://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{E733165D-CBCF-4FDA-883E-ADEF965B476C} Google  Url="web/?type=dspp&q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Ron\AppData\Local\temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ron\AppData\Local\temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ron\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=32 folders=22 15005657 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Ron\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Ron\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 30.04.2015 at 19:34:32,99 ======================

Alt 30.04.2015, 18:43   #13
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Wie schaut es jetzt aus?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 30.04.2015, 18:48   #14
dr.tschuna
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Jetzt habe ich , nachdem ich schon wieder google als Startseite hatte, MSN.com!

Und "bing.com" !

Alt 30.04.2015, 18:51   #15
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Mystartsearch- Totales Chaos nach Entfernungsversuch - Standard

Mystartsearch- Totales Chaos nach Entfernungsversuch


Ja, das ist kein Wunder. Das ist so, wenn man den Browser auf Standardeinstellungen zurücksetzt.

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort
Seite 1 von 4 1 23 Letzte »

Themen zu Mystartsearch- Totales Chaos nach Entfernungsversuch
bedrohungen, entferne, explorer, fehlercode 28, fehlercode windows, internet, internet explorer, malwarebytes, pup.optional.crossrider.a, pup.optional.globalupdate.a, pup.optional.httpbreaker.a, pup.optional.oursurfing.a, pup.optional.softonic.sid.c, pup.optional.systemnotifier.a, suchlauf, versucht


« Fehlermeldung ".exe - ungültiges Bild" + Ergebniss Farbar's Recovery Scan Tool | Facebook postet in meinem Name Erotikvideos »


Ähnliche Themen: Mystartsearch- Totales Chaos nach Entfernungsversuch


  1. nach jva *neu* installieren totales chaos und internet geht ganz langsam
    Log-Analyse und Auswertung - 19.05.2015 (35)
  2. mystartsearch.com
    Plagegeister aller Art und deren Bekämpfung - 07.04.2015 (11)
  3. Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos
    Log-Analyse und Auswertung - 31.03.2015 (27)
  4. Totales Chaos - kaum ein Programm startet richtig
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (9)
  5. Systemüberprüfung nach Befall durch MyStartSearch und weiterer Adware
    Log-Analyse und Auswertung - 24.01.2015 (12)
  6. total chaos nach recover
    Plagegeister aller Art und deren Bekämpfung - 28.02.2012 (1)
  7. Nach Online Spiel plötzlich Computer Chaos: Sich öffnende Fenster, Buchstabenchaos etc.
    Plagegeister aller Art und deren Bekämpfung - 26.06.2011 (11)
  8. Totales Chaos doch eigene Doofheit ?
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
  9. War Entfernungsversuch von Trojaner win32 erfolgreich?
    Log-Analyse und Auswertung - 18.11.2009 (1)
  10. Totales desaster
    Plagegeister aller Art und deren Bekämpfung - 30.03.2009 (0)
  11. XP Chaos nach letztem Update
    Alles rund um Windows - 31.05.2007 (11)
  12. Nach neuer Festplatte wieder das gleiche Chaos..!
    Netzwerk und Hardware - 02.03.2007 (2)
  13. System-Chaos nach E7- & Microsoft Sicherheits-Updt.
    Log-Analyse und Auswertung - 29.10.2006 (2)
  14. Chaos
    Plagegeister aller Art und deren Bekämpfung - 23.09.2005 (2)
  15. chaos pur
    Log-Analyse und Auswertung - 20.02.2005 (3)
  16. Chaos pur!
    Plagegeister aller Art und deren Bekämpfung - 17.01.2005 (5)
  17. Totales Chaos
    Log-Analyse und Auswertung - 29.12.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Mystartsearch- Totales Chaos nach Entfernungsversuch - Hallo! Habe gestern versucht "mystartsearch" zu entfernen. Seitdem ist Firefox weg und ein Ordner "alter Firefox" auf meinem Desktop. Der Internet Explorer lädt "globososo.com. Malwarebytes hat 108 Bedrohungen gefunden. Wäre - Mystartsearch- Totales Chaos nach Entfernungsversuch...
Archiv
Du betrachtest: Mystartsearch- Totales Chaos nach Entfernungsversuch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131