Trojaner-Board - Mystartsearch- Totales Chaos nach Entfernungsversuch

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Mystartsearch- Totales Chaos nach Entfernungsversuch (https://www.trojaner-board.de/166537-mystartsearch-totales-chaos-entfernungsversuch.html)

Mystartsearch- Totales Chaos nach Entfernungsversuch

Hallo!

Habe gestern versucht "mystartsearch" zu entfernen. Seitdem ist Firefox weg und ein Ordner "alter Firefox" auf meinem Desktop. Der Internet Explorer lädt "globososo.com.
Malwarebytes hat 108 Bedrohungen gefunden.
Wäre toll wenn ihr mir helfen könntet

:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.

Los geht's:

Schritt 1
http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://deeprybka.trojaner-board.de/tdss/codetags.gif

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015

Ran by Ron at 2015-04-29 18:40:44

Running from C:\Users\Ron\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2673002154-866942330-3263328844-500 - Administrator - Disabled)

Gast (S-1-5-21-2673002154-866942330-3263328844-501 - Limited - Disabled)

Ron (S-1-5-21-2673002154-866942330-3263328844-1000 - Administrator - Enabled) => C:\Users\Ron
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)

Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )

AMD Catalyst Install Manager (HKLM\...\{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)

Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )

Canon MP630 series Benutzerregistrierung (HKLM-x32\...\Canon MP630 series Benutzerregistrierung) (Version:  - )

Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version:  - )

Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )

Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

EB4aFCB8 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version:  - )

ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150113 - Landesfinanzdirektion Thüringen)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

FormatFactory 2.50 (HKLM-x32\...\FormatFactory) (Version: 2.50 - Free Time)

Google Chrome Frame (HKLM-x32\...\{8618AE04-1210-3C32-A8C3-45A5E44CD340}) (Version: 65.169.107 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Hardware Diagnose Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5048.14 - PC-Doctor, Inc.)

HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)

HP Customer Experience Enhancements (HKLM-x32\...\{E1591139-8B44-411B-A81B-D35F83A0565A}) (Version: 5.7.0.2875 - Hewlett-Packard)

HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2717 - Hewlett-Packard)

HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2415 - Hewlett-Packard)

HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)

HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)

HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)

Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden

Light Image Resizer 4.6.4.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.4.0 - ObviousIdea)

Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)

MAGIX Audio Cleaning Lab 17 deluxe (HKLM-x32\...\MAGIX_MSI_mclab_17dlx) (Version: 17.0.0.2 - MAGIX AG)

MAGIX Audio Cleaning Lab 17 deluxe (x32 Version: 17.0.0.2 - MAGIX AG) Hidden

MAGIX Speed 2 (MSI) (HKLM-x32\...\{FF34AF1C-705B-424A-A850-1A1F61D6EB71}) (Version: 6.0.1.4 - MAGIX AG)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)

Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)

Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)

Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd)

MyMDb 3.6 (HKLM-x32\...\MyMDb_0) (Version:  - )

Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.6.4.0 - Napster)

Napster Burn Engine (x32 Version: 3.5.0000 - Ihr Firmenname) Hidden

Napster Label Creator (HKLM-x32\...\{16FD907B-FA72-4F3C-B959-E076C8238F80}) (Version: 1.00.0000 - Roxio Inc.,)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)

Optimierte Multimedia-Tastatur-Lösung (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)

PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.5.311.0 - Tracker Software Products Ltd)

Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)

PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden

Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)

Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5740 - Realtek Semiconductor Corp.)

Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Secunia PSI (3.0.0.6005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

sp43204 (HKLM-x32\...\sp43204) (Version:  - Hewlett-Packard)

Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

thriXXX-Launcher (HKLM-x32\...\thriXXX-Launcher) (Version:  - thriXXX Software GmbH)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2673002154-866942330-3263328844-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Ron\AppData\Local\Temp\EB4aFCB8.exe No File
 

==================== Restore Points  =========================

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015

Ran by Ron (administrator) on RON-PC on 29-04-2015 18:39:44

Running from C:\Users\Ron\Downloads

Loaded Profiles: Ron (Available profiles: Ron)

Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe

() C:\Windows\mrsm.exe

() C:\Windows\rsm.exe

(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll [X]

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-08-16]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-04-11]

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-28]

ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}\hqghumeaylnlf.exe (Super PC Tools Ltd)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de

SearchScopes: HKLM -> {CA8FE908-E845-4081-937D-C045FEC0FC98} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

SearchScopes: HKLM -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

SearchScopes: HKLM-x32 -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)

BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)

BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)

BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)

BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)

BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018

FF DefaultSearchEngine: oursurfing

FF SelectedSearchEngine: oursurfing

FF Homepage: ?type=hppp

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()

FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-18] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2673002154-866942330-3263328844-1000: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Ron\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File

FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\quick_searchff@gmail.com [2015-04-29]

FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\sweetsearch@gmail.com [2015-04-29]

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-04]

FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-15]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-15]

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-15]

FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-09-15]

FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-09-15]

FF HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 

Chrome: 

=======

CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default

CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14]

CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-08-14]

CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-08-14]

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-14]

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-14]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-01] (Kaspersky Lab ZAO)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]

R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 mrsm; c:\windows\mrsm.exe [408576 2015-04-28] () [File not signed]

R2 rsm; c:\windows\rsm.exe [417792 2015-04-28] () [File not signed]

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)

S1 Beep; No ImagePath

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-01] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-01] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-04-29] (Malwarebytes Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)

R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [X]

S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]

S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]

S3 LVUSBS64; system32\drivers\LVUSBS64.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-29 18:39 - 2015-04-29 18:40 - 00022594 _____ () C:\Users\Ron\Downloads\FRST.txt

2015-04-29 18:39 - 2015-04-29 18:39 - 02101248 _____ (Farbar) C:\Users\Ron\Downloads\FRST64.exe

2015-04-29 09:14 - 2015-04-29 09:14 - 00262144 _____ () C:\Windows\system32\config\elam

2015-04-29 08:34 - 2015-04-29 08:34 - 00000000 ____D () C:\ProgramData\IHProtectUpDate

2015-04-29 08:33 - 2015-04-29 18:00 - 00000000 ____D () C:\Program Files (x86)\XTab

2015-04-29 08:32 - 2015-04-29 17:52 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\oursurfing

2015-04-28 23:57 - 2015-04-28 23:57 - 00000000 ____D () C:\Users\Ron\Desktop\Alte Firefox-Daten

2015-04-28 23:44 - 2015-04-28 23:44 - 00000000 ____D () C:\ProgramData\c50e087800005cff

2015-04-28 22:16 - 2015-04-28 22:41 - 00003428 _____ () C:\Windows\System32\Tasks\NetEngine

2015-04-28 22:04 - 2015-04-28 22:04 - 00000000 ____D () C:\ProgramData\Uniblue

2015-04-28 21:46 - 2015-04-28 23:42 - 00000000 ____D () C:\ProgramData\NetEngine

2015-04-28 21:44 - 2015-04-28 23:42 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\mystartsearch

2015-04-28 21:44 - 2015-04-28 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer

2015-04-28 21:44 - 2015-04-28 21:44 - 00000000 ____D () C:\Users\Ron\AppData\Local\BrowserWeb

2015-04-28 21:43 - 2015-04-29 10:35 - 00000000 ___HD () C:\ProgramData\rsm

2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\System NotifierV28.04

2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\MixVideoPlayer

2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\Cinema Pro Plus 3.4cV28.04

2015-04-28 21:41 - 2015-04-28 22:03 - 00000000 ____D () C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}

2015-04-28 21:41 - 2015-04-28 21:41 - 00000119 _____ () C:\Windows\wininit.ini

2015-04-28 21:40 - 2015-04-28 23:42 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RinoReader

2015-04-28 21:40 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\RinoReader

2015-04-28 21:40 - 2015-04-28 21:40 - 00631296 _____ () C:\Windows\rsm.dat

2015-04-28 21:40 - 2015-04-28 21:40 - 00417792 _____ () C:\Windows\rsm.exe

2015-04-28 21:40 - 2015-04-28 21:40 - 00408576 _____ () C:\Windows\mrsm.exe

2015-04-28 21:39 - 2015-04-28 21:39 - 00704936 _____ () C:\Users\Ron\Downloads\Setup.exe

2015-04-27 20:51 - 2015-04-27 20:51 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall(1).exe

2015-04-27 20:50 - 2015-04-27 20:50 - 00413368 _____ () C:\Users\Ron\Downloads\model_trisha_1089506_hendrix78_GameroticaAutoInstall.exe

2015-04-26 10:05 - 2015-04-26 10:05 - 00243416 _____ () C:\Users\Ron\Downloads\pose_sandypose librarian dual 14_1087984_sandreane_GameroticaAutoInstall.exe

2015-04-26 10:04 - 2015-04-26 10:04 - 00485816 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_jewelry_devil_heart_1088454_veemy_GameroticaAutoInstall.exe

2015-04-26 10:03 - 2015-04-26 10:04 - 00286824 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088616_like_a_lion_GameroticaAutoInstall.exe

2015-04-26 10:03 - 2015-04-26 10:03 - 02647568 _____ () C:\Users\Ron\Downloads\texture_cloth_mse short shorts wlow_1088640_mouse_GameroticaAutoInstall.exe

2015-04-26 10:03 - 2015-04-26 10:03 - 00254208 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088618_like_a_lion_GameroticaAutoInstall.exe

2015-04-26 10:03 - 2015-04-26 10:03 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall.exe

2015-04-22 20:49 - 2015-04-22 20:49 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:49 - 2015-04-22 20:49 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:49 - 2015-04-22 20:49 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:49 - 2015-04-22 20:49 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:49 - 2015-04-22 20:49 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:48 - 2015-04-22 20:48 - 00328864 _____ () C:\Users\Ron\Downloads\pose_jbroot naa cunilover_1085010_johnbroot_GameroticaAutoInstall.exe

2015-04-22 20:48 - 2015-04-22 20:48 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:48 - 2015-04-22 20:48 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:47 - 2015-04-22 20:47 - 00336520 _____ () C:\Users\Ron\Downloads\pose_jbroot naa ride 2_1085014_johnbroot_GameroticaAutoInstall.exe

2015-04-22 20:47 - 2015-04-22 20:47 - 00333464 _____ () C:\Users\Ron\Downloads\pose_jbroot naa blowjob_1084994_johnbroot_GameroticaAutoInstall.exe

2015-04-22 20:47 - 2015-04-22 20:47 - 00331568 _____ () C:\Users\Ron\Downloads\pose_jbroot naa prelude to assfuck_1085016_johnbroot_GameroticaAutoInstall.exe

2015-04-22 20:47 - 2015-04-22 20:47 - 00230880 _____ () C:\Users\Ron\Downloads\pose_office mutual_1085048_pnyxprs420_GameroticaAutoInstall.exe

2015-04-22 20:46 - 2015-04-22 20:46 - 00279256 _____ () C:\Users\Ron\Downloads\pose_intense fbp missionary 1 a_1086054_skar123_GameroticaAutoInstall.exe

2015-04-22 20:46 - 2015-04-22 20:46 - 00263160 _____ () C:\Users\Ron\Downloads\pose_ekusoy movieaction 19_1085564_ekusoy_GameroticaAutoInstall.exe

2015-04-22 20:46 - 2015-04-22 20:46 - 00239096 _____ () C:\Users\Ron\Downloads\pose_office dual masterbation_1085050_pnyxprs420_GameroticaAutoInstall.exe

2015-04-22 20:45 - 2015-04-22 20:45 - 00258544 _____ () C:\Users\Ron\Downloads\pose_working girls working hard 1 a_1086096_skar123_GameroticaAutoInstall.exe

2015-04-22 20:45 - 2015-04-22 20:45 - 00235248 _____ () C:\Users\Ron\Downloads\pose_licking love_1086102_cybermach_GameroticaAutoInstall.exe

2015-04-22 20:45 - 2015-04-22 20:45 - 00231624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian single 29_1086128_sandreane_GameroticaAutoInstall.exe

2015-04-22 20:45 - 2015-04-22 20:45 - 00229632 _____ () C:\Users\Ron\Downloads\pose_licking love iii_1086108_cybermach_GameroticaAutoInstall.exe

2015-04-22 20:45 - 2015-04-22 20:45 - 00229344 _____ () C:\Users\Ron\Downloads\pose_licking love ii_1086104_cybermach_GameroticaAutoInstall.exe

2015-04-22 20:44 - 2015-04-22 20:44 - 00239296 _____ () C:\Users\Ron\Downloads\pose_seducting pose 01_1086376_prime_005_GameroticaAutoInstall.exe

2015-04-22 20:43 - 2015-04-22 20:43 - 00261240 _____ () C:\Users\Ron\Downloads\pose_rb blowjob_1087686_s-hunter_GameroticaAutoInstall.exe

2015-04-22 20:42 - 2015-04-22 20:42 - 00250992 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 61_1087698_sandreane_GameroticaAutoInstall.exe

2015-04-22 20:42 - 2015-04-22 20:42 - 00241616 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 59_1087702_sandreane_GameroticaAutoInstall.exe

2015-04-22 20:42 - 2015-04-22 20:42 - 00240800 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 58_1087694_sandreane_GameroticaAutoInstall.exe

2015-04-22 20:41 - 2015-04-22 20:41 - 00247472 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 09_1087974_sandreane_GameroticaAutoInstall.exe

2015-04-22 20:41 - 2015-04-22 20:41 - 00234784 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 11_1087978_sandreane_GameroticaAutoInstall.exe

2015-04-21 09:35 - 2015-04-29 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-04-16 08:32 - 2015-03-14 04:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-04-16 08:32 - 2015-03-14 04:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-04-16 08:32 - 2015-03-13 03:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-04-16 08:32 - 2015-03-13 03:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-04-16 08:32 - 2015-03-13 03:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-04-16 08:32 - 2015-03-13 03:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-04-16 08:32 - 2015-03-13 03:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-04-16 08:32 - 2015-03-13 03:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-04-16 08:32 - 2015-03-13 03:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-04-16 08:32 - 2015-03-13 02:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-04-16 08:32 - 2015-03-13 02:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-04-16 08:32 - 2015-03-13 02:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-04-16 08:32 - 2015-03-05 04:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2015-04-16 08:32 - 2015-03-05 03:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-04-16 08:24 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-04-16 08:24 - 2015-03-09 02:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-04-16 08:24 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2015-04-16 08:24 - 2015-03-05 04:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2015-04-16 08:24 - 2015-03-05 03:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-04-15 08:19 - 2015-03-10 02:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-04-15 08:19 - 2015-03-10 02:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-04-15 08:19 - 2015-03-10 02:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-04-15 08:19 - 2015-03-10 02:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-04-15 08:19 - 2015-03-10 02:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-04-15 08:19 - 2015-03-10 02:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-04-15 08:19 - 2015-03-10 02:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-04-15 08:19 - 2015-03-10 02:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-04-15 08:19 - 2015-03-10 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-04-15 08:19 - 2015-03-10 02:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-04-15 08:19 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-04-15 08:19 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-04-15 08:19 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-04-15 08:19 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-04-15 08:19 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-04-15 08:19 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-04-15 08:19 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-04-15 08:19 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-04-15 08:19 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-04-15 08:19 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-04-15 08:19 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2015-04-15 08:19 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-04-15 08:19 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-04-15 08:19 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2015-04-15 08:19 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2015-04-13 12:09 - 2015-04-13 12:09 - 00241448 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed doggy in and out_1081888_jackass_01_GameroticaAutoInstall.exe

2015-04-13 12:08 - 2015-04-13 12:08 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall(1).exe

2015-04-13 12:08 - 2015-04-13 12:08 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall(1).exe

2015-04-13 12:07 - 2015-04-13 12:07 - 00611776 _____ () C:\Users\Ron\Downloads\model_this is not addison timlin_1082304_eganem_GameroticaAutoInstall.exe

2015-04-13 12:07 - 2015-04-13 12:07 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall(1).exe

2015-04-13 12:07 - 2015-04-13 12:07 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall(1).exe

2015-04-13 12:06 - 2015-04-13 12:06 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall(1).exe

2015-04-13 12:05 - 2015-04-13 12:05 - 00791960 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 1_1082640_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:05 - 2015-04-13 12:05 - 00751952 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 2_1082630_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:05 - 2015-04-13 12:05 - 00727200 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 3_1082646_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:05 - 2015-04-13 12:05 - 00721272 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 4_1082650_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:04 - 2015-04-13 12:05 - 00728336 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 5_1082656_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:04 - 2015-04-13 12:04 - 00241848 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed cowgirl_1082978_jackass_01_GameroticaAutoInstall.exe

2015-04-13 12:04 - 2015-04-13 12:04 - 00237240 _____ () C:\Users\Ron\Downloads\pose_bed ride_1082990_jackass_01_GameroticaAutoInstall.exe

2015-04-13 12:03 - 2015-04-13 12:03 - 00787304 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 9_1083054_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:03 - 2015-04-13 12:03 - 00724776 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 7_1083050_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:03 - 2015-04-13 12:03 - 00719736 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 8_1083052_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:03 - 2015-04-13 12:03 - 00691144 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 6_1083048_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:02 - 2015-04-13 12:02 - 00704416 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 10_1083056_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:02 - 2015-04-13 12:02 - 00525448 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 2_1083776_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:02 - 2015-04-13 12:02 - 00467232 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 1_1083774_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:01 - 2015-04-13 12:01 - 06622576 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_mini_1083946_lagit38_GameroticaAutoInstall.exe

2015-04-13 12:01 - 2015-04-13 12:01 - 06493368 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_micromini_1083948_lagit38_GameroticaAutoInstall.exe

2015-04-13 12:01 - 2015-04-13 12:01 - 00502528 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 3_1083778_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:01 - 2015-04-13 12:01 - 00241024 _____ () C:\Users\Ron\Downloads\pose_ride_1083822_maxi1009_GameroticaAutoInstall.exe

2015-04-13 12:00 - 2015-04-13 12:00 - 05568672 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_towaist_1083954_lagit38_GameroticaAutoInstall.exe

2015-04-13 12:00 - 2015-04-13 12:00 - 00303120 _____ () C:\Users\Ron\Downloads\pose_wap pegging the new girl_1083838_nottsandnotts_GameroticaAutoInstall.exe

2015-04-13 11:59 - 2015-04-13 11:59 - 00563576 _____ () C:\Users\Ron\Downloads\texture_cloth_m5kkcfma_1084090_meatloaf5k_GameroticaAutoInstall.exe

2015-04-13 11:59 - 2015-04-13 11:59 - 00246136 _____ () C:\Users\Ron\Downloads\pose_bed room bed hump_1084010_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:59 - 2015-04-13 11:59 - 00245384 _____ () C:\Users\Ron\Downloads\pose_bed room bed her turn_1084000_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:59 - 2015-04-13 11:59 - 00245376 _____ () C:\Users\Ron\Downloads\pose_edge of bed room bed_1084014_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:59 - 2015-04-13 11:59 - 00244264 _____ () C:\Users\Ron\Downloads\pose_bed room bed in and out_1084006_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:58 - 2015-04-13 11:58 - 00251376 _____ () C:\Users\Ron\Downloads\pose_animated ride_1084046_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:58 - 2015-04-13 11:58 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 41_1084212_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:58 - 2015-04-13 11:58 - 00248624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 44_1084224_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:58 - 2015-04-13 11:58 - 00246456 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 40_1084206_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:57 - 2015-04-13 11:57 - 00250656 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 47_1084254_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:57 - 2015-04-13 11:57 - 00246576 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 48_1084256_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:57 - 2015-04-13 11:57 - 00245760 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 49_1084258_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:56 - 2015-04-13 11:56 - 00295296 _____ () C:\Users\Ron\Downloads\pose_wap hoisted lick_1084204_nottsandnotts_GameroticaAutoInstall.exe

2015-04-13 11:56 - 2015-04-13 11:56 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 54_1084376_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:56 - 2015-04-13 11:56 - 00242312 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 53_1084370_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:55 - 2015-04-13 11:55 - 00253104 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 55_1084380_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:55 - 2015-04-13 11:55 - 00241880 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 52_1084362_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:55 - 2015-04-13 11:55 - 00236632 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 51_1084360_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:54 - 2015-04-13 11:54 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:54 - 2015-04-13 11:54 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:54 - 2015-04-13 11:54 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:54 - 2015-04-13 11:54 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:53 - 2015-04-13 11:53 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:53 - 2015-04-13 11:53 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:53 - 2015-04-13 11:53 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:23 - 2015-04-07 21:23 - 00229976 _____ () C:\Users\Ron\Downloads\pose_nipple suck on livingroom chair_1079890_tomislooking_GameroticaAutoInstall.exe

2015-04-07 21:22 - 2015-04-07 21:22 - 00944272 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa l1 h3_1080182_mouse_GameroticaAutoInstall.exe

2015-04-07 21:22 - 2015-04-07 21:22 - 00243744 _____ () C:\Users\Ron\Downloads\pose_handcuffed bed grind_1079942_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:22 - 2015-04-07 21:22 - 00236992 _____ () C:\Users\Ron\Downloads\pose_high above_1080094_klondyke_GameroticaAutoInstall.exe

2015-04-07 21:21 - 2015-04-07 21:21 - 00943808 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa sex1 h3_1080186_mouse_GameroticaAutoInstall.exe

2015-04-07 21:21 - 2015-04-07 21:21 - 00928584 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa photopose_1080180_mouse_GameroticaAutoInstall.exe

2015-04-07 21:21 - 2015-04-07 21:21 - 00254504 _____ () C:\Users\Ron\Downloads\pose_cuffed library machine ride_1080390_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:20 - 2015-04-07 21:20 - 00251976 _____ () C:\Users\Ron\Downloads\pose_cuffed on library table_1080460_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:17 - 2015-04-07 21:17 - 01362752 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_hairstyle_spring_wind_1080506_veemy_GameroticaAutoInstall.exe

2015-04-07 21:17 - 2015-04-07 21:17 - 00225184 _____ () C:\Users\Ron\Downloads\pose_mutual respect animated_1080532_pnyxprs420_GameroticaAutoInstall.exe

2015-04-07 21:16 - 2015-04-07 21:16 - 00410808 _____ () C:\Users\Ron\Downloads\model_jasmin_1081134_t03289a_GameroticaAutoInstall.exe

2015-04-07 21:15 - 2015-04-07 21:15 - 00757440 _____ () C:\Users\Ron\Downloads\texture_cloth_sloggi underwear white_1081628_howlin_GameroticaAutoInstall.exe

2015-04-07 21:15 - 2015-04-07 21:15 - 00245576 _____ () C:\Users\Ron\Downloads\pose_jail desk in and out_1081686_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:14 - 2015-04-07 21:14 - 00210688 _____ () C:\Users\Ron\Downloads\pose_pose_1081738_cybermach_GameroticaAutoInstall.exe

2015-04-07 21:13 - 2015-04-07 21:13 - 00255368 _____ () C:\Users\Ron\Downloads\pose_cream pie_1081844_lagit38_GameroticaAutoInstall.exe

2015-04-07 21:11 - 2015-04-07 21:11 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:11 - 2015-04-07 21:11 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall.exe

2015-04-07 21:10 - 2015-04-07 21:10 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall.exe

2015-04-07 21:09 - 2015-04-07 21:09 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall.exe

2015-04-07 21:09 - 2015-04-07 21:09 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-29 18:39 - 2014-03-30 21:20 - 00000000 ____D () C:\FRST

2015-04-29 18:23 - 2014-02-10 13:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-29 18:18 - 2012-07-05 19:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-29 17:36 - 2012-08-25 12:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2015-04-29 17:27 - 2009-03-09 19:18 - 01289458 _____ () C:\Windows\WindowsUpdate.log

2015-04-29 17:26 - 2014-04-02 19:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-29 17:21 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-29 17:21 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-29 17:20 - 2014-02-10 13:07 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-29 17:20 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-29 12:03 - 2006-11-02 17:42 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-04-29 09:53 - 2008-01-21 05:26 - 00851910 _____ () C:\Windows\PFRO.log

2015-04-29 09:52 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2015-04-29 09:52 - 2009-02-04 21:42 - 00000831 _____ () C:\Users\Public\Desktop\Internet Explorer.lnk

2015-04-29 09:43 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-04-28 22:49 - 2014-04-02 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-04-28 22:49 - 2014-04-02 19:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-28 22:49 - 2013-03-17 13:45 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-04-28 22:03 - 2009-08-04 19:23 - 00000000 ____D () C:\Users\Ron

2015-04-28 11:00 - 2009-08-04 20:56 - 00000000 ___RD () C:\Users\Ron\Documents\Christine

2015-04-28 08:52 - 2009-08-06 05:37 - 00043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat

2015-04-26 15:53 - 2009-08-05 16:40 - 00000000 ___RD () C:\Users\Ron\Documents\Ronald

2015-04-22 08:05 - 2013-08-15 06:42 - 00000000 ____D () C:\Windows\system32\MRT

2015-04-22 07:55 - 2006-11-02 14:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-04-21 21:52 - 2013-04-09 19:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-21 19:08 - 2014-08-16 22:47 - 00000000 ____D () C:\ProgramData\McAfee Security Scan

2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\spool

2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\Msdtc

2015-04-21 19:08 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\registration

2015-04-21 19:08 - 2006-11-02 14:33 - 80478208 _____ () C:\Windows\system32\config\software_previous

2015-04-21 19:08 - 2006-11-02 14:33 - 317456384 _____ () C:\Windows\system32\config\system_previous

2015-04-21 19:02 - 2006-11-02 14:33 - 61341696 _____ () C:\Windows\system32\config\components_previous

2015-04-21 19:02 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous

2015-04-20 22:16 - 2006-11-02 14:33 - 00524288 _____ () C:\Windows\system32\config\default_previous

2015-04-20 22:16 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\security_previous

2015-04-17 13:29 - 2009-08-07 13:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2015-04-16 08:31 - 2009-09-01 20:28 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-04-16 08:26 - 2013-04-12 20:12 - 00000000 ____D () C:\ProgramData\Skype

2015-04-15 17:18 - 2013-04-03 21:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-15 17:18 - 2013-04-03 21:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-15 17:18 - 2012-07-05 19:40 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-04-06 07:37 - 2009-08-06 06:15 - 00000000 ____D () C:\Users\Ron\AppData\Local\Google
 

==================== Files in the root of some directories =======
 

2014-12-19 18:03 - 2014-12-19 18:03 - 0000396 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFX5SA.log

2010-01-06 23:00 - 2010-01-04 16:43 - 0152848 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Comdlg32.ocx

2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Flanger

2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Flowers

2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Folder Actions

2009-08-06 05:37 - 2015-04-28 08:52 - 0043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat

2012-05-01 10:56 - 2012-12-01 11:46 - 0001356 _____ () C:\Users\Ron\AppData\Local\d3d9caps.dat

2011-07-15 22:45 - 2015-03-04 19:56 - 0009148 _____ () C:\Users\Ron\AppData\Local\d3d9caps64.dat

2010-04-27 22:52 - 2015-03-11 23:46 - 0209408 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-01-25 21:07 - 2015-01-25 21:39 - 0523048 _____ () C:\Users\Ron\AppData\Local\dd_depcheck_NETFX_EXP_35.txt

2015-01-25 21:06 - 2015-01-25 21:06 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error.txt

2015-01-25 21:11 - 2015-01-25 21:11 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error_lp.txt

2015-01-25 21:06 - 2015-01-25 21:39 - 1041360 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install.txt

2015-01-25 21:11 - 2015-01-25 21:39 - 0170854 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install_lp.txt

2015-01-25 21:11 - 2015-01-25 21:11 - 0974496 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI2695.txt

2015-01-25 21:38 - 2015-01-25 21:39 - 0973680 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI3B7D.txt

2015-01-25 21:09 - 2015-01-25 21:11 - 2828366 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI2521.txt

2015-01-25 21:38 - 2015-01-25 21:38 - 2828752 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI3B22.txt

2011-02-09 12:19 - 2011-02-09 12:19 - 0359330 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI3ADA.txt

2011-09-13 18:55 - 2011-09-13 18:55 - 0363238 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI56CD.txt

2011-02-09 13:19 - 2011-02-09 13:19 - 0358562 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI6914.txt

2011-02-09 10:43 - 2011-02-09 10:43 - 0358772 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI7125.txt

2011-02-09 12:19 - 2011-02-09 12:19 - 0011230 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI3ADA.txt

2011-09-13 18:55 - 2011-09-13 18:55 - 0011454 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI56CD.txt

2011-02-09 13:19 - 2011-02-09 13:19 - 0011198 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI6914.txt

2011-02-09 10:43 - 2011-02-09 10:43 - 0011166 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI7125.txt

2011-06-25 16:00 - 2014-07-12 11:51 - 0000047 _____ () C:\Users\Ron\AppData\Local\Images.fl

2015-01-25 21:06 - 2015-01-25 21:39 - 0006418 _____ () C:\Users\Ron\AppData\Local\uxeventlog.txt

2011-10-16 12:36 - 2011-10-16 12:36 - 0017408 _____ () C:\Users\Ron\AppData\Local\WebpageIcons.db

2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Electric Piano

2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Flange Saw

2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Flowers

2009-02-04 21:50 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.001

2009-02-04 21:12 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.dat
 

Some content of TEMP:

====================

C:\Users\Ron\AppData\Local\temp\APNSetup.exe

C:\Users\Ron\AppData\Local\temp\FileSystemView.dll

C:\Users\Ron\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Ron\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Ron\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Ron\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Ron\AppData\Local\temp\jre-8u40-windows-au.exe

C:\Users\Ron\AppData\Local\temp\launcher_vs2010_sp1_vcredist_x86.exe

C:\Users\Ron\AppData\Local\temp\Quarantine.exe

C:\Users\Ron\AppData\Local\temp\supoptsetup.exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_d81_emo-punk_bikini_1012878_cpoa_dude81_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_mclainsgidgetbikini_1040220_mclain_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_mclainsgidgetbikini_1040220_mclain_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_yasmine_schuh1_1059430_yasmine_cool_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_yasmine_schuh1_1059430_yasmine_cool_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture_room_kr_ice_camp_1044534_kingrich07_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_room_kr_ice_camp_1044534_kingrich07_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture_room_kr_woodland02_1054848_kingrich07_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_room_kr_woodland02_1054848_kingrich07_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles4_35827_worgr_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles4_35827_worgr_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__41___aerobicpanty_335620_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__41___aerobicpanty_335620_voy969_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__7min-abs_tribal6_147061_mgw1090_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__7min-abs_tribal6_147061_mgw1090_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__87c combination b_535436_joshua_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__87c combination b_535436_joshua_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__987pr hair s06 v1_410138_987philr_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__987pr hair s06 v1_410138_987philr_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__afdesign_danis panty_427484_andreales_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__afdesign_danis panty_427484_andreales_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__black cotton dress_574356_serin_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__black cotton dress_574356_serin_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__black pinstriped top_486230_murmel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__black pinstriped top_486230_murmel_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__bookworm_glasses_413322_fipps_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__bookworm_glasses_413322_fipps_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__br bedhead hairstyle_591046_bigrock42_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__br bedhead hairstyle_591046_bigrock42_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__br re_texture of hairstyle 48_629340_bigrock42_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__br re_texture of hairstyle 48_629340_bigrock42_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__business g_455816_lothar33333_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__business g_455816_lothar33333_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__business pin stripes_434074_murmel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__business pin stripes_434074_murmel_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__challybusinessgirlsuit_709192_challyrally_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__challybusinessgirlsuit_709192_challyrally_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__challyfunky70s008_720690_challyrally_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__challyfunky70s008_720690_challyrally_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__challyvelvettucked_732160_challyrally_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__challyvelvettucked_732160_challyrally_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__chestcum_750008_lorgrom_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__chestcum_750008_lorgrom_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_blue sapphire_469898_cronan_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_blue sapphire_469898_cronan_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_diamond set_508692_cronan_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_diamond set_508692_cronan_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_forest_525112_cronan_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_forest_525112_cronan_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_jewelry_silver_609268_cronan_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_jewelry_silver_609268_cronan_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_bathrobe closed_332648_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_bathrobe closed_332648_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 010_460478_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 010_460478_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 011_659244_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 011_659244_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001 lifted_519660_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001 lifted_519660_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001_519658_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001_519658_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 001_481992_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 001_481992_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 002_481994_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 003_481996_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 004_619254_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_leather jacket 001 t-shirt_386406_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 003_442136_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 004_463532_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 009_580772_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 010_582302_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall(4).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 012_606900_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 014 (undressed)_677206_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 014_677202_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_schoolgirl_jumper_lifted_598878_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_schoolgirl_tie_599738_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_tights (for hd skln)_595252_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_tights_ripped (for hd skin)_595256_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_towel waist_460532_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003 bra pull_368226_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003_360544_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003_panty pull 2_367356_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__dv75-ring08_722810_fritzel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__dv75-schuhe03_723088_fritzel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fblacklacebikini_445190_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fbluewhitestripebikini_453920_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__featured underwear green_327206_murmel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fhotpantsboyshortslacewhite_497554_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__flacepantyoff_499584_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__floral tattoo pack_667592_kewitaxi_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__flor_252040_manalor_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__flower - ring_251264_stisegon_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fpinkstripebikinii_453916_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fship bracelet_128345_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fwhitelaceunderwearset_497212_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__gamerotica netbikini_228488_stisegon_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__grey pinstripes_486286_murmel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 black diamond lingerie_658722_horsman82_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 29_713274_horsman82_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 29_713274_horsman82_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 8_712902_horsman82_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 obsidia lingerie_729682_horsman82_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 viktoria lingerie_664076_horsman82_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__hair braids_446180_iblisazazel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__heart_shirt_745416_newguy_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__hq nipples l_421148_mattisse_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__hq nipples r_421146_mattisse_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__jb_chameleon_satin_and_lace_bra_and_thong_sst_487078_jasonblood_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__jb_olive_satin_and_pearl_burlesque_bra_sst_496210_jasonblood_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__jb_wire_frame_glasses_sst_576582_jasonblood_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__kr_old_canvas_shoes_711124_kingrich07_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__l skirt 01_435218_lothar33333_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__l skirt 02_435220_lothar33333_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__lace lingerie set_352374_mattisse_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__lagit_custom_coloreglasses_521956_lagit38_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__leopard print underwear 2_387328_xab4275_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__lifted wool skirt_348514_murmel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__lingerieset_11_159925_ice_ic_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__lingerieset_12_162157_ice_ic_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__migz angryunicorn_roundup_f_725452_migz_2k13_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture____fbikinithongpolka_342446_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture____fbikinithongpolka_342446_voy969_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\VIS-2013-German.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Die Addition.txt bitte vollständig posten.

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015

Ran by Ron at 2015-04-29 18:40:44

Running from C:\Users\Ron\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2673002154-866942330-3263328844-500 - Administrator - Disabled)

Gast (S-1-5-21-2673002154-866942330-3263328844-501 - Limited - Disabled)

Ron (S-1-5-21-2673002154-866942330-3263328844-1000 - Administrator - Enabled) => C:\Users\Ron
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)

Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )

AMD Catalyst Install Manager (HKLM\...\{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)

Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )

Canon MP630 series Benutzerregistrierung (HKLM-x32\...\Canon MP630 series Benutzerregistrierung) (Version:  - )

Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version:  - )

Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )

Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

EB4aFCB8 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version:  - )

ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150113 - Landesfinanzdirektion Thüringen)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

FormatFactory 2.50 (HKLM-x32\...\FormatFactory) (Version: 2.50 - Free Time)

Google Chrome Frame (HKLM-x32\...\{8618AE04-1210-3C32-A8C3-45A5E44CD340}) (Version: 65.169.107 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Hardware Diagnose Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5048.14 - PC-Doctor, Inc.)

HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)

HP Customer Experience Enhancements (HKLM-x32\...\{E1591139-8B44-411B-A81B-D35F83A0565A}) (Version: 5.7.0.2875 - Hewlett-Packard)

HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2717 - Hewlett-Packard)

HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2415 - Hewlett-Packard)

HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)

HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)

HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)

Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden

Light Image Resizer 4.6.4.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.4.0 - ObviousIdea)

Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)

MAGIX Audio Cleaning Lab 17 deluxe (HKLM-x32\...\MAGIX_MSI_mclab_17dlx) (Version: 17.0.0.2 - MAGIX AG)

MAGIX Audio Cleaning Lab 17 deluxe (x32 Version: 17.0.0.2 - MAGIX AG) Hidden

MAGIX Speed 2 (MSI) (HKLM-x32\...\{FF34AF1C-705B-424A-A850-1A1F61D6EB71}) (Version: 6.0.1.4 - MAGIX AG)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)

Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)

Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)

Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd)

MyMDb 3.6 (HKLM-x32\...\MyMDb_0) (Version:  - )

Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.6.4.0 - Napster)

Napster Burn Engine (x32 Version: 3.5.0000 - Ihr Firmenname) Hidden

Napster Label Creator (HKLM-x32\...\{16FD907B-FA72-4F3C-B959-E076C8238F80}) (Version: 1.00.0000 - Roxio Inc.,)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)

Optimierte Multimedia-Tastatur-Lösung (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)

PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.5.311.0 - Tracker Software Products Ltd)

Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)

PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden

Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)

Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5740 - Realtek Semiconductor Corp.)

Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Secunia PSI (3.0.0.6005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

sp43204 (HKLM-x32\...\sp43204) (Version:  - Hewlett-Packard)

Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

thriXXX-Launcher (HKLM-x32\...\thriXXX-Launcher) (Version:  - thriXXX Software GmbH)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2673002154-866942330-3263328844-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Ron\AppData\Local\Temp\EB4aFCB8.exe No File
 

==================== Restore Points  =========================

Mehr habe ich nicht! Was meinst Du genau?

Allerdings "hängt" unten die Farbar Recovery " in der TAskleiste. Kann sie nicht mehr zumachen.

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015

Ran by Ron at 2015-04-29 18:40:44

Running from C:\Users\Ron\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2673002154-866942330-3263328844-500 - Administrator - Disabled)

Gast (S-1-5-21-2673002154-866942330-3263328844-501 - Limited - Disabled)

Ron (S-1-5-21-2673002154-866942330-3263328844-1000 - Administrator - Enabled) => C:\Users\Ron
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)

Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )

AMD Catalyst Install Manager (HKLM\...\{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)

Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )

Canon MP630 series Benutzerregistrierung (HKLM-x32\...\Canon MP630 series Benutzerregistrierung) (Version:  - )

Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version:  - )

Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )

Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

EB4aFCB8 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version:  - )

ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150113 - Landesfinanzdirektion Thüringen)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

FormatFactory 2.50 (HKLM-x32\...\FormatFactory) (Version: 2.50 - Free Time)

Google Chrome Frame (HKLM-x32\...\{8618AE04-1210-3C32-A8C3-45A5E44CD340}) (Version: 65.169.107 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Hardware Diagnose Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5048.14 - PC-Doctor, Inc.)

HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)

HP Customer Experience Enhancements (HKLM-x32\...\{E1591139-8B44-411B-A81B-D35F83A0565A}) (Version: 5.7.0.2875 - Hewlett-Packard)

HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2717 - Hewlett-Packard)

HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2415 - Hewlett-Packard)

HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)

HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)

HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)

Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden

Light Image Resizer 4.6.4.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.4.0 - ObviousIdea)

Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)

MAGIX Audio Cleaning Lab 17 deluxe (HKLM-x32\...\MAGIX_MSI_mclab_17dlx) (Version: 17.0.0.2 - MAGIX AG)

MAGIX Audio Cleaning Lab 17 deluxe (x32 Version: 17.0.0.2 - MAGIX AG) Hidden

MAGIX Speed 2 (MSI) (HKLM-x32\...\{FF34AF1C-705B-424A-A850-1A1F61D6EB71}) (Version: 6.0.1.4 - MAGIX AG)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)

Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)

Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)

Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd)

MyMDb 3.6 (HKLM-x32\...\MyMDb_0) (Version:  - )

Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.6.4.0 - Napster)

Napster Burn Engine (x32 Version: 3.5.0000 - Ihr Firmenname) Hidden

Napster Label Creator (HKLM-x32\...\{16FD907B-FA72-4F3C-B959-E076C8238F80}) (Version: 1.00.0000 - Roxio Inc.,)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)

Optimierte Multimedia-Tastatur-Lösung (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)

PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.5.311.0 - Tracker Software Products Ltd)

Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)

PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden

Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)

Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5740 - Realtek Semiconductor Corp.)

Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Secunia PSI (3.0.0.6005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

sp43204 (HKLM-x32\...\sp43204) (Version:  - Hewlett-Packard)

Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

thriXXX-Launcher (HKLM-x32\...\thriXXX-Launcher) (Version:  - thriXXX Software GmbH)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2673002154-866942330-3263328844-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Ron\AppData\Local\Temp\EB4aFCB8.exe No File
 

==================== Restore Points  =========================
 

07-03-2015 18:52:14 Geplanter Prüfpunkt

08-03-2015 20:13:27 Geplanter Prüfpunkt

10-03-2015 10:43:58 Windows Update

11-03-2015 10:12:58 Geplanter Prüfpunkt

12-03-2015 19:17:41 Windows Update

13-03-2015 23:09:43 Geplanter Prüfpunkt

14-03-2015 21:56:57 Removed Search App by Ask

17-03-2015 10:46:55 Windows Update

21-03-2015 07:24:26 Geplanter Prüfpunkt

22-03-2015 16:52:05 Geplanter Prüfpunkt

24-03-2015 20:40:11 Windows Update

27-03-2015 21:53:24 Windows Update

28-03-2015 20:47:37 Geplanter Prüfpunkt

31-03-2015 21:27:23 Windows Update

01-04-2015 11:51:45 Geplanter Prüfpunkt

07-04-2015 09:58:51 Windows Update

09-04-2015 20:01:12 Geplanter Prüfpunkt

11-04-2015 06:11:17 Windows Update

12-04-2015 16:10:14 Geplanter Prüfpunkt

14-04-2015 09:01:58 Windows Update

16-04-2015 08:16:29 Windows Update

19-04-2015 09:29:59 Windows Update

21-04-2015 09:19:32 Windows Update

22-04-2015 07:52:09 Windows Update

23-04-2015 20:23:17 Geplanter Prüfpunkt

28-04-2015 08:33:59 Windows Update

28-04-2015 21:41:47 Uniblue DriverScanner installation
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2006-11-02 14:34 - 2013-03-23 22:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {065DA873-2528-401A-8B7F-83B2D80EC84B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)

Task: {08282741-5461-4111-B00A-DD5A9B7C174F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05] (PC-Doctor, Inc.)

Task: {117A4663-83AB-4234-BEA8-2AC7C63E221C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)

Task: {119A5F16-495E-427F-941D-2B12710A052E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10] (Google Inc.)

Task: {1E1D3464-698B-4C16-97EC-5EB60134094E} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)

Task: {2D212E8D-E636-4943-99EB-E251743AEC2C} - System32\Tasks\{A700922C-54DD-44A3-9AA3-97AD5D6306BA} => pcalua.exe -a C:\Users\Ron\Documents\Ronald\cc_mh2v11.exe -d C:\Users\Ron\Documents\Ronald

Task: {6D3A4EA8-9B93-4537-B56A-E49EED8CCB93} - \Fifth No Task File <==== ATTENTION

Task: {A7AF82A4-A40E-4BAD-AC5F-660C54C91C7E} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D8\netengine.exe [2015-04-28] () <==== ATTENTION

Task: {A8768CBE-A113-4071-A24D-01D641F87202} - \OMESupervisor No Task File <==== ATTENTION

Task: {B44D4169-04D0-4323-A88B-27D0F33A5EB7} - System32\Tasks\{41E2E354-722F-4126-A717-EF34CDBCBEC4} => pcalua.exe -a F:\flashplayer\Win\install_flash_player.exe -d F:\flashplayer\Win

Task: {C88BDE0D-B6A8-46B0-9B6B-B6CB0D36F114} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E2B104FC-2CDF-40CB-917E-14D860B8D5CA} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Ron => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)

Task: {E2F9FD4F-03CD-42B4-B77C-EB439D4A00B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {FD01D5FB-2D6E-42C1-A347-CDCAC161EE57} - System32\Tasks\{3D4F1524-B579-4F4B-BB6E-33A2B15F82B8} => pcalua.exe -a C:\Users\Ron\Downloads\esetsmartinstaller_enu.exe -d C:\Users\Ron\Downloads

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
 

==================== Loaded Modules (whitelisted) ==============
 

2011-11-10 04:11 - 2011-11-10 04:11 - 00045056 _____ () C:\Windows\system32\atitmp64.dll

2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-04-28 21:40 - 2015-04-28 21:40 - 00408576 _____ () c:\windows\mrsm.exe

2015-04-28 21:40 - 2015-04-28 21:40 - 00417792 _____ () c:\windows\rsm.exe

2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll

2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll

2006-11-02 17:03 - 2006-11-02 17:03 - 00418816 _____ () C:\Windows\System32\Wpc.dll

2014-03-04 10:58 - 2014-03-04 10:58 - 04591616 _____ () C:\Users\Ron\AppData\Local\Google\Chrome Frame\User Data\iexplore\SwiftShader\1.0.5.0\libglesv2.dll

2014-03-04 10:58 - 2014-03-04 10:58 - 00112128 _____ () C:\Users\Ron\AppData\Local\Google\Chrome Frame\User Data\iexplore\SwiftShader\1.0.5.0\libegl.dll

2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

2014-02-10 13:07 - 2014-02-02 01:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\pdf.dll

2014-02-10 13:07 - 2014-02-02 01:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll

2014-02-10 13:07 - 2014-02-02 01:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\ffmpegsumo.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Internet Explorer trusted/restricted ===============
 

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp

DNS Servers: 192.168.2.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 
 

==================== FirewallRules (whitelisted) ===============
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [{FC99AE03-D292-48F7-BB91-477CDCDECF79}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe

FirewallRules: [{BA9EC296-8434-4583-ACAB-0E78C783702F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe

FirewallRules: [{559010AB-F5FD-412B-A3E1-B6D2B11B5EF1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe

FirewallRules: [{500CCE24-F335-48F6-9310-5C4F781E6C3E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe

FirewallRules: [{8B915CB9-0F64-4A76-B86E-41C0C73B1FC9}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe

FirewallRules: [{A67895BD-FC71-4304-8D00-9FEC3E6DBDE6}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

FirewallRules: [{35E318B8-D6C5-4651-B300-0291A29DC4FD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

FirewallRules: [{8AC5445A-D573-4451-9D7E-510D31D5A2D7}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe

FirewallRules: [{D210E0E9-0842-4E57-9C6C-125817393DD2}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe

FirewallRules: [{0FAE24B0-A1F5-45FC-B391-D7CF7664FAC7}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe

FirewallRules: [{5B083104-6E0C-4E44-94A3-7BC87B7BC9F0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe

FirewallRules: [{6FBAF1A4-AE74-4D71-A094-500E3324085A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe

FirewallRules: [{230CE759-79A9-4A6C-9748-256BD3F8DF3D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe

FirewallRules: [{28079C2F-EF06-4EAC-8EFE-6020A4E7DC92}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe

FirewallRules: [{FBA5DADC-977F-413A-ACC5-02431B352C15}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe

FirewallRules: [{A2D601EB-9907-4430-8A4C-327617A498E4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe

FirewallRules: [{5D0D07D5-0D32-42D3-971F-F2899F18427F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe

FirewallRules: [{A3903AC9-7CBC-4F9A-99B4-A6F7F6625DD1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe

FirewallRules: [{6101F6D8-16E7-4D99-9069-3E557D5CBC8D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe

FirewallRules: [TCP Query User{1D7890CB-F2C2-43FD-9D91-710546164C45}C:\program files (x86)\napster\napster.exe] => (Block) C:\program files (x86)\napster\napster.exe

FirewallRules: [UDP Query User{0BD0618D-6611-423F-9FE6-22B200E02915}C:\program files (x86)\napster\napster.exe] => (Block) C:\program files (x86)\napster\napster.exe

FirewallRules: [{CFD54C7E-83BB-460A-8DE7-6168A27F8DDE}] => (Allow) LPort=80

FirewallRules: [{9BE1370C-23DF-4F48-97B3-2CA4105FA773}] => (Allow) LPort=80

FirewallRules: [{CCE194C7-055B-40B8-ABAE-FDF79735A5FE}] => (Allow) LPort=80

FirewallRules: [{A56E82B7-7534-4C28-A661-9437CA3A2DEB}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

FirewallRules: [{E2AF6A57-7368-4E71-BC19-753A73C59DAB}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

FirewallRules: [{1C632877-3F4A-4733-9395-2AE570A1E0EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{F6F33C65-D2EB-4507-9026-AFFCBD8A8C22}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{5AB752FD-793A-41FA-92ED-F912787F823B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{0717930C-1A31-49A0-ADAC-93CAC8CFD9A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{961FD7EE-BB4A-4362-92D4-42ABE952CA6E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{6D63D210-600E-4C52-BB13-69684F41EB60}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

FirewallRules: [{1F8ACFBA-0B0C-45DA-A489-2C3E59E3594F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 

==================== Faulty Device Manager Devices =============
 

Name: USB ISDN-Connector

Description: USB ISDN-Connector

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (04/29/2015 06:47:25 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.

Prozess-ID: 410

Anfangszeit: 01d082901824ebb2

Zeitpunkt der Beendigung: 267
 

Error: (04/29/2015 05:38:02 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm iexplore.exe, Version 9.0.8112.16636 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.

Prozess-ID: 1118

Anfangszeit: 01d082927312aec2

Zeitpunkt der Beendigung: 0
 

Error: (04/29/2015 05:23:59 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/29/2015 10:37:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1030
 

Error: (04/29/2015 10:37:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1030
 

Error: (04/29/2015 10:37:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (04/29/2015 10:36:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5008
 

Error: (04/29/2015 10:36:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5008
 

Error: (04/29/2015 10:36:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (04/29/2015 10:36:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4010
 
 

System errors:

=============

Error: (04/29/2015 05:24:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Beep

i8042prt
 

Error: (04/29/2015 05:21:30 PM) (Source: bowser) (EventID: 8016) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/29/2015 05:21:22 PM) (Source: bowser) (EventID: 8016) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/29/2015 05:21:15 PM) (Source: bowser) (EventID: 8016) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/29/2015 05:21:07 PM) (Source: bowser) (EventID: 8016) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/29/2015 10:03:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Beep

i8042prt
 

Error: (04/29/2015 10:02:11 AM) (Source: bowser) (EventID: 8016) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/29/2015 10:02:04 AM) (Source: bowser) (EventID: 8016) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/29/2015 10:01:56 AM) (Source: bowser) (EventID: 8016) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/29/2015 10:01:48 AM) (Source: bowser) (EventID: 8016) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RON-PC" auf Transport "NetBT_Tcpip_{A613AC85-778E-46D4-AF83-B95366D74E09}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2015-04-29 18:39:56.007

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-04-29 18:39:55.504

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-04-29 18:39:55.023

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-04-29 18:39:54.509

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-04-29 17:36:45.230

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-04-29 17:36:44.770

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-04-29 17:36:44.289

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-04-29 17:36:43.821

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-04-29 17:36:42.316

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-04-29 17:36:41.850

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz

Percentage of memory in use: 47%

Total physical RAM: 6142.33 MB

Available physical RAM: 3235.75 MB

Total Pagefile: 12479.12 MB

Available Pagefile: 9519.86 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (HP) (Fixed) (Total:582.33 GB) (Free:265.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.84 GB) (Free:1.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive e: (HP2) (Fixed) (Total:596.17 GB) (Free:591.8 GB) NTFS

Drive h: (Elements) (Fixed) (Total:931.51 GB) (Free:691.23 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=582.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=13.8 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 596.2 GB) (Disk ID: 6BD0662C)

Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00039E2E)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015

Ran by Ron (administrator) on RON-PC on 29-04-2015 18:39:44

Running from C:\Users\Ron\Downloads

Loaded Profiles: Ron (Available profiles: Ron)

Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe

() C:\Windows\mrsm.exe

() C:\Windows\rsm.exe

(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll [X]

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-08-16]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-04-11]

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-28]

ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}\hqghumeaylnlf.exe (Super PC Tools Ltd)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de

SearchScopes: HKLM -> {CA8FE908-E845-4081-937D-C045FEC0FC98} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

SearchScopes: HKLM -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

SearchScopes: HKLM-x32 -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2673002154-866942330-3263328844-1000 -> {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)

BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)

BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)

BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-18] (Kaspersky Lab ZAO)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)

BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)

BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018

FF DefaultSearchEngine: oursurfing

FF SelectedSearchEngine: oursurfing

FF Homepage: ?type=hppp

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()

FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-18] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2673002154-866942330-3263328844-1000: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Ron\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File

FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\quick_searchff@gmail.com [2015-04-29]

FF Extension: No Name - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\sweetsearch@gmail.com [2015-04-29]

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-04]

FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-15]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-15]

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-15]

FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-09-15]

FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-09-15]

FF HKU\S-1-5-21-2673002154-866942330-3263328844-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 

Chrome: 

=======

CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default

CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14]

CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-08-14]

CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-08-14]

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-14]

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-14]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-01] (Kaspersky Lab ZAO)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]

R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 mrsm; c:\windows\mrsm.exe [408576 2015-04-28] () [File not signed]

R2 rsm; c:\windows\rsm.exe [417792 2015-04-28] () [File not signed]

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)

S1 Beep; No ImagePath

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-01] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-01] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-04-29] (Malwarebytes Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)

R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [X]

S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]

S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]

S3 LVUSBS64; system32\drivers\LVUSBS64.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-29 18:39 - 2015-04-29 18:40 - 00022594 _____ () C:\Users\Ron\Downloads\FRST.txt

2015-04-29 18:39 - 2015-04-29 18:39 - 02101248 _____ (Farbar) C:\Users\Ron\Downloads\FRST64.exe

2015-04-29 09:14 - 2015-04-29 09:14 - 00262144 _____ () C:\Windows\system32\config\elam

2015-04-29 08:34 - 2015-04-29 08:34 - 00000000 ____D () C:\ProgramData\IHProtectUpDate

2015-04-29 08:33 - 2015-04-29 18:00 - 00000000 ____D () C:\Program Files (x86)\XTab

2015-04-29 08:32 - 2015-04-29 17:52 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\oursurfing

2015-04-28 23:57 - 2015-04-28 23:57 - 00000000 ____D () C:\Users\Ron\Desktop\Alte Firefox-Daten

2015-04-28 23:44 - 2015-04-28 23:44 - 00000000 ____D () C:\ProgramData\c50e087800005cff

2015-04-28 22:16 - 2015-04-28 22:41 - 00003428 _____ () C:\Windows\System32\Tasks\NetEngine

2015-04-28 22:04 - 2015-04-28 22:04 - 00000000 ____D () C:\ProgramData\Uniblue

2015-04-28 21:46 - 2015-04-28 23:42 - 00000000 ____D () C:\ProgramData\NetEngine

2015-04-28 21:44 - 2015-04-28 23:42 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\mystartsearch

2015-04-28 21:44 - 2015-04-28 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer

2015-04-28 21:44 - 2015-04-28 21:44 - 00000000 ____D () C:\Users\Ron\AppData\Local\BrowserWeb

2015-04-28 21:43 - 2015-04-29 10:35 - 00000000 ___HD () C:\ProgramData\rsm

2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\System NotifierV28.04

2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\MixVideoPlayer

2015-04-28 21:41 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\Cinema Pro Plus 3.4cV28.04

2015-04-28 21:41 - 2015-04-28 22:03 - 00000000 ____D () C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}

2015-04-28 21:41 - 2015-04-28 21:41 - 00000119 _____ () C:\Windows\wininit.ini

2015-04-28 21:40 - 2015-04-28 23:42 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RinoReader

2015-04-28 21:40 - 2015-04-28 23:42 - 00000000 ____D () C:\Program Files (x86)\RinoReader

2015-04-28 21:40 - 2015-04-28 21:40 - 00631296 _____ () C:\Windows\rsm.dat

2015-04-28 21:40 - 2015-04-28 21:40 - 00417792 _____ () C:\Windows\rsm.exe

2015-04-28 21:40 - 2015-04-28 21:40 - 00408576 _____ () C:\Windows\mrsm.exe

2015-04-28 21:39 - 2015-04-28 21:39 - 00704936 _____ () C:\Users\Ron\Downloads\Setup.exe

2015-04-27 20:51 - 2015-04-27 20:51 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall(1).exe

2015-04-27 20:50 - 2015-04-27 20:50 - 00413368 _____ () C:\Users\Ron\Downloads\model_trisha_1089506_hendrix78_GameroticaAutoInstall.exe

2015-04-26 10:05 - 2015-04-26 10:05 - 00243416 _____ () C:\Users\Ron\Downloads\pose_sandypose librarian dual 14_1087984_sandreane_GameroticaAutoInstall.exe

2015-04-26 10:04 - 2015-04-26 10:04 - 00485816 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_jewelry_devil_heart_1088454_veemy_GameroticaAutoInstall.exe

2015-04-26 10:03 - 2015-04-26 10:04 - 00286824 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088616_like_a_lion_GameroticaAutoInstall.exe

2015-04-26 10:03 - 2015-04-26 10:03 - 02647568 _____ () C:\Users\Ron\Downloads\texture_cloth_mse short shorts wlow_1088640_mouse_GameroticaAutoInstall.exe

2015-04-26 10:03 - 2015-04-26 10:03 - 00254208 _____ () C:\Users\Ron\Downloads\pose_ff photo shoot_1088618_like_a_lion_GameroticaAutoInstall.exe

2015-04-26 10:03 - 2015-04-26 10:03 - 00226016 _____ () C:\Users\Ron\Downloads\pose_migz pool shower wall00_1089024_migz_2k13_GameroticaAutoInstall.exe

2015-04-22 20:49 - 2015-04-22 20:49 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:49 - 2015-04-22 20:49 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:49 - 2015-04-22 20:49 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:49 - 2015-04-22 20:49 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:49 - 2015-04-22 20:49 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:48 - 2015-04-22 20:48 - 00328864 _____ () C:\Users\Ron\Downloads\pose_jbroot naa cunilover_1085010_johnbroot_GameroticaAutoInstall.exe

2015-04-22 20:48 - 2015-04-22 20:48 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:48 - 2015-04-22 20:48 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall(1).exe

2015-04-22 20:47 - 2015-04-22 20:47 - 00336520 _____ () C:\Users\Ron\Downloads\pose_jbroot naa ride 2_1085014_johnbroot_GameroticaAutoInstall.exe

2015-04-22 20:47 - 2015-04-22 20:47 - 00333464 _____ () C:\Users\Ron\Downloads\pose_jbroot naa blowjob_1084994_johnbroot_GameroticaAutoInstall.exe

2015-04-22 20:47 - 2015-04-22 20:47 - 00331568 _____ () C:\Users\Ron\Downloads\pose_jbroot naa prelude to assfuck_1085016_johnbroot_GameroticaAutoInstall.exe

2015-04-22 20:47 - 2015-04-22 20:47 - 00230880 _____ () C:\Users\Ron\Downloads\pose_office mutual_1085048_pnyxprs420_GameroticaAutoInstall.exe

2015-04-22 20:46 - 2015-04-22 20:46 - 00279256 _____ () C:\Users\Ron\Downloads\pose_intense fbp missionary 1 a_1086054_skar123_GameroticaAutoInstall.exe

2015-04-22 20:46 - 2015-04-22 20:46 - 00263160 _____ () C:\Users\Ron\Downloads\pose_ekusoy movieaction 19_1085564_ekusoy_GameroticaAutoInstall.exe

2015-04-22 20:46 - 2015-04-22 20:46 - 00239096 _____ () C:\Users\Ron\Downloads\pose_office dual masterbation_1085050_pnyxprs420_GameroticaAutoInstall.exe

2015-04-22 20:45 - 2015-04-22 20:45 - 00258544 _____ () C:\Users\Ron\Downloads\pose_working girls working hard 1 a_1086096_skar123_GameroticaAutoInstall.exe

2015-04-22 20:45 - 2015-04-22 20:45 - 00235248 _____ () C:\Users\Ron\Downloads\pose_licking love_1086102_cybermach_GameroticaAutoInstall.exe

2015-04-22 20:45 - 2015-04-22 20:45 - 00231624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian single 29_1086128_sandreane_GameroticaAutoInstall.exe

2015-04-22 20:45 - 2015-04-22 20:45 - 00229632 _____ () C:\Users\Ron\Downloads\pose_licking love iii_1086108_cybermach_GameroticaAutoInstall.exe

2015-04-22 20:45 - 2015-04-22 20:45 - 00229344 _____ () C:\Users\Ron\Downloads\pose_licking love ii_1086104_cybermach_GameroticaAutoInstall.exe

2015-04-22 20:44 - 2015-04-22 20:44 - 00239296 _____ () C:\Users\Ron\Downloads\pose_seducting pose 01_1086376_prime_005_GameroticaAutoInstall.exe

2015-04-22 20:43 - 2015-04-22 20:43 - 00261240 _____ () C:\Users\Ron\Downloads\pose_rb blowjob_1087686_s-hunter_GameroticaAutoInstall.exe

2015-04-22 20:42 - 2015-04-22 20:42 - 00250992 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 61_1087698_sandreane_GameroticaAutoInstall.exe

2015-04-22 20:42 - 2015-04-22 20:42 - 00241616 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 59_1087702_sandreane_GameroticaAutoInstall.exe

2015-04-22 20:42 - 2015-04-22 20:42 - 00240800 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 58_1087694_sandreane_GameroticaAutoInstall.exe

2015-04-22 20:41 - 2015-04-22 20:41 - 00247472 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 09_1087974_sandreane_GameroticaAutoInstall.exe

2015-04-22 20:41 - 2015-04-22 20:41 - 00234784 _____ () C:\Users\Ron\Downloads\pose_sandy pose kitchen single 11_1087978_sandreane_GameroticaAutoInstall.exe

2015-04-21 09:35 - 2015-04-29 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-04-16 08:32 - 2015-03-14 04:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-04-16 08:32 - 2015-03-14 04:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-04-16 08:32 - 2015-03-13 03:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-04-16 08:32 - 2015-03-13 03:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-04-16 08:32 - 2015-03-13 03:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-04-16 08:32 - 2015-03-13 03:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-04-16 08:32 - 2015-03-13 03:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-04-16 08:32 - 2015-03-13 03:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-04-16 08:32 - 2015-03-13 03:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-04-16 08:32 - 2015-03-13 02:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-04-16 08:32 - 2015-03-13 02:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-04-16 08:32 - 2015-03-13 02:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-04-16 08:32 - 2015-03-05 04:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2015-04-16 08:32 - 2015-03-05 03:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-04-16 08:26 - 2015-04-16 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-04-16 08:24 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-04-16 08:24 - 2015-03-09 02:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-04-16 08:24 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2015-04-16 08:24 - 2015-03-05 04:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2015-04-16 08:24 - 2015-03-05 03:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-04-15 08:19 - 2015-03-10 02:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-04-15 08:19 - 2015-03-10 02:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-04-15 08:19 - 2015-03-10 02:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-04-15 08:19 - 2015-03-10 02:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-04-15 08:19 - 2015-03-10 02:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-04-15 08:19 - 2015-03-10 02:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-04-15 08:19 - 2015-03-10 02:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-04-15 08:19 - 2015-03-10 02:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-04-15 08:19 - 2015-03-10 02:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-04-15 08:19 - 2015-03-10 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-04-15 08:19 - 2015-03-10 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-04-15 08:19 - 2015-03-10 02:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-04-15 08:19 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-04-15 08:19 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-04-15 08:19 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-04-15 08:19 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-04-15 08:19 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-04-15 08:19 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-04-15 08:19 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-04-15 08:19 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-04-15 08:19 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-04-15 08:19 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-04-15 08:19 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2015-04-15 08:19 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-04-15 08:19 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-04-15 08:19 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2015-04-15 08:19 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2015-04-15 08:19 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2015-04-13 12:09 - 2015-04-13 12:09 - 00241448 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed doggy in and out_1081888_jackass_01_GameroticaAutoInstall.exe

2015-04-13 12:08 - 2015-04-13 12:08 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall(1).exe

2015-04-13 12:08 - 2015-04-13 12:08 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall(1).exe

2015-04-13 12:07 - 2015-04-13 12:07 - 00611776 _____ () C:\Users\Ron\Downloads\model_this is not addison timlin_1082304_eganem_GameroticaAutoInstall.exe

2015-04-13 12:07 - 2015-04-13 12:07 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall(1).exe

2015-04-13 12:07 - 2015-04-13 12:07 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall(1).exe

2015-04-13 12:06 - 2015-04-13 12:06 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall(1).exe

2015-04-13 12:05 - 2015-04-13 12:05 - 00791960 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 1_1082640_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:05 - 2015-04-13 12:05 - 00751952 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 2_1082630_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:05 - 2015-04-13 12:05 - 00727200 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 3_1082646_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:05 - 2015-04-13 12:05 - 00721272 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 4_1082650_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:04 - 2015-04-13 12:05 - 00728336 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 5_1082656_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:04 - 2015-04-13 12:04 - 00241848 _____ () C:\Users\Ron\Downloads\pose_jail bed cuffed cowgirl_1082978_jackass_01_GameroticaAutoInstall.exe

2015-04-13 12:04 - 2015-04-13 12:04 - 00237240 _____ () C:\Users\Ron\Downloads\pose_bed ride_1082990_jackass_01_GameroticaAutoInstall.exe

2015-04-13 12:03 - 2015-04-13 12:03 - 00787304 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 9_1083054_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:03 - 2015-04-13 12:03 - 00724776 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 7_1083050_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:03 - 2015-04-13 12:03 - 00719736 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 8_1083052_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:03 - 2015-04-13 12:03 - 00691144 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 6_1083048_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:02 - 2015-04-13 12:02 - 00704416 _____ () C:\Users\Ron\Downloads\pose_bedroom fuck 10_1083056_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:02 - 2015-04-13 12:02 - 00525448 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 2_1083776_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:02 - 2015-04-13 12:02 - 00467232 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 1_1083774_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:01 - 2015-04-13 12:01 - 06622576 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_mini_1083946_lagit38_GameroticaAutoInstall.exe

2015-04-13 12:01 - 2015-04-13 12:01 - 06493368 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_micromini_1083948_lagit38_GameroticaAutoInstall.exe

2015-04-13 12:01 - 2015-04-13 12:01 - 00502528 _____ () C:\Users\Ron\Downloads\pose_fuck the doctor 3_1083778_beez1224_GameroticaAutoInstall.exe

2015-04-13 12:01 - 2015-04-13 12:01 - 00241024 _____ () C:\Users\Ron\Downloads\pose_ride_1083822_maxi1009_GameroticaAutoInstall.exe

2015-04-13 12:00 - 2015-04-13 12:00 - 05568672 _____ () C:\Users\Ron\Downloads\texture_cloth_lagit38_winterdress_towaist_1083954_lagit38_GameroticaAutoInstall.exe

2015-04-13 12:00 - 2015-04-13 12:00 - 00303120 _____ () C:\Users\Ron\Downloads\pose_wap pegging the new girl_1083838_nottsandnotts_GameroticaAutoInstall.exe

2015-04-13 11:59 - 2015-04-13 11:59 - 00563576 _____ () C:\Users\Ron\Downloads\texture_cloth_m5kkcfma_1084090_meatloaf5k_GameroticaAutoInstall.exe

2015-04-13 11:59 - 2015-04-13 11:59 - 00246136 _____ () C:\Users\Ron\Downloads\pose_bed room bed hump_1084010_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:59 - 2015-04-13 11:59 - 00245384 _____ () C:\Users\Ron\Downloads\pose_bed room bed her turn_1084000_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:59 - 2015-04-13 11:59 - 00245376 _____ () C:\Users\Ron\Downloads\pose_edge of bed room bed_1084014_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:59 - 2015-04-13 11:59 - 00244264 _____ () C:\Users\Ron\Downloads\pose_bed room bed in and out_1084006_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:58 - 2015-04-13 11:58 - 00251376 _____ () C:\Users\Ron\Downloads\pose_animated ride_1084046_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:58 - 2015-04-13 11:58 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 41_1084212_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:58 - 2015-04-13 11:58 - 00248624 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 44_1084224_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:58 - 2015-04-13 11:58 - 00246456 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 40_1084206_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:57 - 2015-04-13 11:57 - 00250656 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 47_1084254_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:57 - 2015-04-13 11:57 - 00246576 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 48_1084256_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:57 - 2015-04-13 11:57 - 00245760 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 49_1084258_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:56 - 2015-04-13 11:56 - 00295296 _____ () C:\Users\Ron\Downloads\pose_wap hoisted lick_1084204_nottsandnotts_GameroticaAutoInstall.exe

2015-04-13 11:56 - 2015-04-13 11:56 - 00250904 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 54_1084376_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:56 - 2015-04-13 11:56 - 00242312 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 53_1084370_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:55 - 2015-04-13 11:55 - 00253104 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 55_1084380_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:55 - 2015-04-13 11:55 - 00241880 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 52_1084362_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:55 - 2015-04-13 11:55 - 00236632 _____ () C:\Users\Ron\Downloads\pose_sandy pose arabian dual 51_1084360_sandreane_GameroticaAutoInstall.exe

2015-04-13 11:54 - 2015-04-13 11:54 - 00274704 _____ () C:\Users\Ron\Downloads\pose_raised missonary grind 3_1084498_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:54 - 2015-04-13 11:54 - 00269664 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind_1084468_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:54 - 2015-04-13 11:54 - 00255360 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary_1084484_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:54 - 2015-04-13 11:54 - 00254912 _____ () C:\Users\Ron\Downloads\pose_raised missionary 2_1084490_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:53 - 2015-04-13 11:53 - 00270648 _____ () C:\Users\Ron\Downloads\pose_raised ass missionary with cell_1084462_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:53 - 2015-04-13 11:53 - 00260568 _____ () C:\Users\Ron\Downloads\pose_raised missionary 3_1084488_jackass_01_GameroticaAutoInstall.exe

2015-04-13 11:53 - 2015-04-13 11:53 - 00258544 _____ () C:\Users\Ron\Downloads\pose_raised missionary grind 2_1084486_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:23 - 2015-04-07 21:23 - 00229976 _____ () C:\Users\Ron\Downloads\pose_nipple suck on livingroom chair_1079890_tomislooking_GameroticaAutoInstall.exe

2015-04-07 21:22 - 2015-04-07 21:22 - 00944272 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa l1 h3_1080182_mouse_GameroticaAutoInstall.exe

2015-04-07 21:22 - 2015-04-07 21:22 - 00243744 _____ () C:\Users\Ron\Downloads\pose_handcuffed bed grind_1079942_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:22 - 2015-04-07 21:22 - 00236992 _____ () C:\Users\Ron\Downloads\pose_high above_1080094_klondyke_GameroticaAutoInstall.exe

2015-04-07 21:21 - 2015-04-07 21:21 - 00943808 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa sex1 h3_1080186_mouse_GameroticaAutoInstall.exe

2015-04-07 21:21 - 2015-04-07 21:21 - 00928584 _____ () C:\Users\Ron\Downloads\pose_mse fetish sofa photopose_1080180_mouse_GameroticaAutoInstall.exe

2015-04-07 21:21 - 2015-04-07 21:21 - 00254504 _____ () C:\Users\Ron\Downloads\pose_cuffed library machine ride_1080390_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:20 - 2015-04-07 21:20 - 00251976 _____ () C:\Users\Ron\Downloads\pose_cuffed on library table_1080460_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:17 - 2015-04-07 21:17 - 01362752 _____ () C:\Users\Ron\Downloads\texture_cloth_ve_hairstyle_spring_wind_1080506_veemy_GameroticaAutoInstall.exe

2015-04-07 21:17 - 2015-04-07 21:17 - 00225184 _____ () C:\Users\Ron\Downloads\pose_mutual respect animated_1080532_pnyxprs420_GameroticaAutoInstall.exe

2015-04-07 21:16 - 2015-04-07 21:16 - 00410808 _____ () C:\Users\Ron\Downloads\model_jasmin_1081134_t03289a_GameroticaAutoInstall.exe

2015-04-07 21:15 - 2015-04-07 21:15 - 00757440 _____ () C:\Users\Ron\Downloads\texture_cloth_sloggi underwear white_1081628_howlin_GameroticaAutoInstall.exe

2015-04-07 21:15 - 2015-04-07 21:15 - 00245576 _____ () C:\Users\Ron\Downloads\pose_jail desk in and out_1081686_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:14 - 2015-04-07 21:14 - 00210688 _____ () C:\Users\Ron\Downloads\pose_pose_1081738_cybermach_GameroticaAutoInstall.exe

2015-04-07 21:13 - 2015-04-07 21:13 - 00255368 _____ () C:\Users\Ron\Downloads\pose_cream pie_1081844_lagit38_GameroticaAutoInstall.exe

2015-04-07 21:11 - 2015-04-07 21:11 - 00269352 _____ () C:\Users\Ron\Downloads\pose_jail bed muchen and lunchen_1081924_jackass_01_GameroticaAutoInstall.exe

2015-04-07 21:11 - 2015-04-07 21:11 - 00227856 _____ () C:\Users\Ron\Downloads\pose_talking before fucking_1082010_tomislooking_GameroticaAutoInstall.exe

2015-04-07 21:10 - 2015-04-07 21:10 - 00228528 _____ () C:\Users\Ron\Downloads\pose_kissing and slow stroking_1082286_tomislooking_GameroticaAutoInstall.exe

2015-04-07 21:09 - 2015-04-07 21:09 - 00255080 _____ () C:\Users\Ron\Downloads\pose_anal with pushback_1082302_eganem_GameroticaAutoInstall.exe

2015-04-07 21:09 - 2015-04-07 21:09 - 00238656 _____ () C:\Users\Ron\Downloads\pose_f anal riding toy bed_1082502_supersam_GameroticaAutoInstall.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-29 18:39 - 2014-03-30 21:20 - 00000000 ____D () C:\FRST

2015-04-29 18:23 - 2014-02-10 13:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-29 18:18 - 2012-07-05 19:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-29 17:36 - 2012-08-25 12:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2015-04-29 17:27 - 2009-03-09 19:18 - 01289458 _____ () C:\Windows\WindowsUpdate.log

2015-04-29 17:26 - 2014-04-02 19:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-29 17:21 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-29 17:21 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-29 17:20 - 2014-02-10 13:07 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-29 17:20 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-29 12:03 - 2006-11-02 17:42 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-04-29 09:53 - 2008-01-21 05:26 - 00851910 _____ () C:\Windows\PFRO.log

2015-04-29 09:52 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2015-04-29 09:52 - 2009-02-04 21:42 - 00000831 _____ () C:\Users\Public\Desktop\Internet Explorer.lnk

2015-04-29 09:43 - 2009-08-04 19:33 - 00000861 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-04-28 22:49 - 2014-04-02 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-04-28 22:49 - 2014-04-02 19:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-28 22:49 - 2013-03-17 13:45 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-04-28 22:03 - 2009-08-04 19:23 - 00000000 ____D () C:\Users\Ron

2015-04-28 11:00 - 2009-08-04 20:56 - 00000000 ___RD () C:\Users\Ron\Documents\Christine

2015-04-28 08:52 - 2009-08-06 05:37 - 00043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat

2015-04-26 15:53 - 2009-08-05 16:40 - 00000000 ___RD () C:\Users\Ron\Documents\Ronald

2015-04-22 08:05 - 2013-08-15 06:42 - 00000000 ____D () C:\Windows\system32\MRT

2015-04-22 07:55 - 2006-11-02 14:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-04-21 21:52 - 2013-04-09 19:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-21 19:08 - 2014-08-16 22:47 - 00000000 ____D () C:\ProgramData\McAfee Security Scan

2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\spool

2015-04-21 19:08 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\Msdtc

2015-04-21 19:08 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\registration

2015-04-21 19:08 - 2006-11-02 14:33 - 80478208 _____ () C:\Windows\system32\config\software_previous

2015-04-21 19:08 - 2006-11-02 14:33 - 317456384 _____ () C:\Windows\system32\config\system_previous

2015-04-21 19:02 - 2006-11-02 14:33 - 61341696 _____ () C:\Windows\system32\config\components_previous

2015-04-21 19:02 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous

2015-04-20 22:16 - 2006-11-02 14:33 - 00524288 _____ () C:\Windows\system32\config\default_previous

2015-04-20 22:16 - 2006-11-02 14:33 - 00262144 _____ () C:\Windows\system32\config\security_previous

2015-04-17 13:29 - 2009-08-07 13:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2015-04-16 08:31 - 2009-09-01 20:28 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-04-16 08:26 - 2013-04-12 20:12 - 00000000 ____D () C:\ProgramData\Skype

2015-04-15 17:18 - 2013-04-03 21:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-15 17:18 - 2013-04-03 21:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-15 17:18 - 2012-07-05 19:40 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-04-06 07:37 - 2009-08-06 06:15 - 00000000 ____D () C:\Users\Ron\AppData\Local\Google
 

==================== Files in the root of some directories =======
 

2014-12-19 18:03 - 2014-12-19 18:03 - 0000396 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFX5SA.log

2010-01-06 23:00 - 2010-01-04 16:43 - 0152848 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Comdlg32.ocx

2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Flanger

2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Flowers

2011-12-01 17:09 - 2011-12-01 17:53 - 0000000 _____ () C:\Users\Ron\AppData\Roaming\Folder Actions

2009-08-06 05:37 - 2015-04-28 08:52 - 0043314 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat

2012-05-01 10:56 - 2012-12-01 11:46 - 0001356 _____ () C:\Users\Ron\AppData\Local\d3d9caps.dat

2011-07-15 22:45 - 2015-03-04 19:56 - 0009148 _____ () C:\Users\Ron\AppData\Local\d3d9caps64.dat

2010-04-27 22:52 - 2015-03-11 23:46 - 0209408 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-01-25 21:07 - 2015-01-25 21:39 - 0523048 _____ () C:\Users\Ron\AppData\Local\dd_depcheck_NETFX_EXP_35.txt

2015-01-25 21:06 - 2015-01-25 21:06 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error.txt

2015-01-25 21:11 - 2015-01-25 21:11 - 0000002 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35error_lp.txt

2015-01-25 21:06 - 2015-01-25 21:39 - 1041360 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install.txt

2015-01-25 21:11 - 2015-01-25 21:39 - 0170854 _____ () C:\Users\Ron\AppData\Local\dd_dotnetfx35install_lp.txt

2015-01-25 21:11 - 2015-01-25 21:11 - 0974496 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI2695.txt

2015-01-25 21:38 - 2015-01-25 21:39 - 0973680 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_LangPack_MSI3B7D.txt

2015-01-25 21:09 - 2015-01-25 21:11 - 2828366 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI2521.txt

2015-01-25 21:38 - 2015-01-25 21:38 - 2828752 _____ () C:\Users\Ron\AppData\Local\dd_NET_Framework35_x64_MSI3B22.txt

2011-02-09 12:19 - 2011-02-09 12:19 - 0359330 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI3ADA.txt

2011-09-13 18:55 - 2011-09-13 18:55 - 0363238 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI56CD.txt

2011-02-09 13:19 - 2011-02-09 13:19 - 0358562 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI6914.txt

2011-02-09 10:43 - 2011-02-09 10:43 - 0358772 _____ () C:\Users\Ron\AppData\Local\dd_vcredistMSI7125.txt

2011-02-09 12:19 - 2011-02-09 12:19 - 0011230 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI3ADA.txt

2011-09-13 18:55 - 2011-09-13 18:55 - 0011454 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI56CD.txt

2011-02-09 13:19 - 2011-02-09 13:19 - 0011198 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI6914.txt

2011-02-09 10:43 - 2011-02-09 10:43 - 0011166 _____ () C:\Users\Ron\AppData\Local\dd_vcredistUI7125.txt

2011-06-25 16:00 - 2014-07-12 11:51 - 0000047 _____ () C:\Users\Ron\AppData\Local\Images.fl

2015-01-25 21:06 - 2015-01-25 21:39 - 0006418 _____ () C:\Users\Ron\AppData\Local\uxeventlog.txt

2011-10-16 12:36 - 2011-10-16 12:36 - 0017408 _____ () C:\Users\Ron\AppData\Local\WebpageIcons.db

2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Electric Piano

2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Flange Saw

2011-12-01 17:53 - 2011-12-01 17:53 - 0000000 _____ () C:\ProgramData\Flowers

2009-02-04 21:50 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.001

2009-02-04 21:12 - 2012-05-05 11:31 - 0109881 _____ () C:\ProgramData\nvModes.dat
 

Some content of TEMP:

====================

C:\Users\Ron\AppData\Local\temp\APNSetup.exe

C:\Users\Ron\AppData\Local\temp\FileSystemView.dll

C:\Users\Ron\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Ron\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Ron\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Ron\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Ron\AppData\Local\temp\jre-8u40-windows-au.exe

C:\Users\Ron\AppData\Local\temp\launcher_vs2010_sp1_vcredist_x86.exe

C:\Users\Ron\AppData\Local\temp\Quarantine.exe

C:\Users\Ron\AppData\Local\temp\supoptsetup.exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_d81_emo-punk_bikini_1012878_cpoa_dude81_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_fu_nativeamericanwoman_1040356_funkitup_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_mclainsgidgetbikini_1040220_mclain_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_mclainsgidgetbikini_1040220_mclain_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_ve_hairstyle_milkmaid_braids_1059822_veemy_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_yasmine_schuh1_1059430_yasmine_cool_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_cloth_yasmine_schuh1_1059430_yasmine_cool_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture_room_kr_ice_camp_1044534_kingrich07_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_room_kr_ice_camp_1044534_kingrich07_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture_room_kr_woodland02_1054848_kingrich07_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture_room_kr_woodland02_1054848_kingrich07_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles3_35825_worgr_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles4_35827_worgr_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__2facemoles4_35827_worgr_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__41___aerobicpanty_335620_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__41___aerobicpanty_335620_voy969_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__7min-abs_tribal6_147061_mgw1090_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__7min-abs_tribal6_147061_mgw1090_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__87c combination b_535436_joshua_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__87c combination b_535436_joshua_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__987pr hair s06 v1_410138_987philr_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__987pr hair s06 v1_410138_987philr_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__afdesign_danis panty_427484_andreales_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__afdesign_danis panty_427484_andreales_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__bavarian dirndl_346860_holzkopp71_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__black cotton dress_574356_serin_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__black cotton dress_574356_serin_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__black pinstriped top_486230_murmel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__black pinstriped top_486230_murmel_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__bookworm_glasses_413322_fipps_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__bookworm_glasses_413322_fipps_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__br bedhead hairstyle_591046_bigrock42_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__br bedhead hairstyle_591046_bigrock42_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__br re_texture of hairstyle 48_629340_bigrock42_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__br re_texture of hairstyle 48_629340_bigrock42_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__business g_455816_lothar33333_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__business g_455816_lothar33333_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__business pin stripes_434074_murmel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__business pin stripes_434074_murmel_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__challybusinessgirlsuit_709192_challyrally_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__challybusinessgirlsuit_709192_challyrally_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__challyfunky70s008_720690_challyrally_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__challyfunky70s008_720690_challyrally_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__challyvelvettucked_732160_challyrally_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__challyvelvettucked_732160_challyrally_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__chestcum_750008_lorgrom_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__chestcum_750008_lorgrom_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_blue sapphire_469898_cronan_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_blue sapphire_469898_cronan_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_diamond set_508692_cronan_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_diamond set_508692_cronan_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_forest_525112_cronan_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_forest_525112_cronan_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_jewelry_silver_609268_cronan_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__cronan_jewelry_silver_609268_cronan_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_bathrobe closed_332648_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_bathrobe closed_332648_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 001_332638_darkness_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 002_336372_darkness_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 003_349958_darkness_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 010_460478_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 010_460478_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 011_659244_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_casual 011_659244_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001 lifted_519660_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001 lifted_519660_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001_519658_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_f t-shirt 001_519658_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_female skin 003_519200_darkness_GameroticaAutoInstall(3).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 001_481992_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 001_481992_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 002_481994_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 003_481996_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_knickers 004_619254_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_leather jacket 001 t-shirt_386406_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 003_442136_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 004_463532_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 009_580772_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 010_582302_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 011_594360_darkness_GameroticaAutoInstall(4).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 012_606900_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 014 (undressed)_677206_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_lingerie 014_677202_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_schoolgirl_jumper_lifted_598878_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_schoolgirl_tie_599738_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_tights (for hd skln)_595252_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_tights_ripped (for hd skin)_595256_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_towel waist_460532_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003 bra pull_368226_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003_360544_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__drk_underwear 003_panty pull 2_367356_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__dv75-ring08_722810_fritzel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__dv75-schuhe03_723088_fritzel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fblacklacebikini_445190_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fbluewhitestripebikini_453920_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__featured underwear green_327206_murmel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fhotpantsboyshortslacewhite_497554_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__flacepantyoff_499584_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__floral tattoo pack_667592_kewitaxi_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__flor_252040_manalor_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__flower - ring_251264_stisegon_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fpinkstripebikinii_453916_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fship bracelet_128345_darkness_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__fwhitelaceunderwearset_497212_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__gamerotica netbikini_228488_stisegon_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__grey pinstripes_486286_murmel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 black diamond lingerie_658722_horsman82_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 29_713274_horsman82_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 29_713274_horsman82_GameroticaAutoInstall(2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 elise hair 8_712902_horsman82_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 obsidia lingerie_729682_horsman82_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__h82 viktoria lingerie_664076_horsman82_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__hair braids_446180_iblisazazel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__heart_shirt_745416_newguy_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__hq nipples l_421148_mattisse_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__hq nipples r_421146_mattisse_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__jb_chameleon_satin_and_lace_bra_and_thong_sst_487078_jasonblood_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__jb_olive_satin_and_pearl_burlesque_bra_sst_496210_jasonblood_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__jb_wire_frame_glasses_sst_576582_jasonblood_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__kr_old_canvas_shoes_711124_kingrich07_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__l skirt 01_435218_lothar33333_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__l skirt 02_435220_lothar33333_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__lace lingerie set_352374_mattisse_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__lagit_custom_coloreglasses_521956_lagit38_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__leopard print underwear 2_387328_xab4275_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__lifted wool skirt_348514_murmel_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__lingerieset_11_159925_ice_ic_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__lingerieset_12_162157_ice_ic_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture__migz angryunicorn_roundup_f_725452_migz_2k13_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture____fbikinithongpolka_342446_voy969_GameroticaAutoInstall (2).exe

C:\Users\Ron\AppData\Local\temp\texture____fbikinithongpolka_342446_voy969_GameroticaAutoInstall (3).exe

C:\Users\Ron\AppData\Local\temp\VIS-2013-German.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-04-29 17:43
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Jetzt hat es geklappt ! Sorry!

Hi,

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

http://deeprybka.trojaner-board.de/m...mbamlogo4a.png http://deeprybka.trojaner-board.de/m...mbamlogo4b.png

Download und Anleitung
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Code:

# AdwCleaner v4.202 - Bericht erstellt 29/04/2015 um 20:22:13

# Aktualisiert 23/04/2015 von Xplode

# Datenbank : 2015-04-27.1 [Server]

# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (x64)

# Benutzername : Ron - RON-PC

# Gestarted von : C:\Users\Ron\Downloads\AdwCleaner_4.202.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : IHProtect Service
 

***** [ Dateien / Ordner ] *****
 

[!] Ordner Gelöscht : C:\ProgramData\apn

[!] Ordner Gelöscht : C:\ProgramData\Uniblue

[!] Ordner Gelöscht : C:\ProgramData\IHProtectUpDate

[!] Ordner Gelöscht : C:\ProgramData\NetEngine

[!] Ordner Gelöscht : C:\ProgramData\c50e087800005cff

[!] Ordner Gelöscht : C:\ProgramData\{24fcf6c3-427c-fa7f-24fc-cf6c3427db0d}

[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer

[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer

[!] Ordner Gelöscht : C:\Program Files (x86)\XTab

[!] Ordner Gelöscht : C:\Program Files (x86)\MixVideoPlayer

[!] Ordner Gelöscht : C:\Program Files (x86)\RinoReader

[!] Ordner Gelöscht : C:\Program Files (x86)\MixVideoPlayer

[!] Ordner Gelöscht : C:\Users\Ron\AppData\Local\Temp\apn

[!] Ordner Gelöscht : C:\Users\Ron\AppData\Local\BrowserWeb

[!] Ordner Gelöscht : C:\Users\Ron\AppData\Local\Genesis_07121006

[!] Ordner Gelöscht : C:\Users\Ron\AppData\Roaming\mystartsearch

[!] Ordner Gelöscht : C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RinoReader

[!] Ordner Gelöscht : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\sweetsearch@gmail.com

[!] Ordner Gelöscht : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\Extensions\quick_searchff@gmail.com

Datei Gelöscht : C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gbmdkmlcnbapgegninelmjbfibaghdmk_0.localstorage
 

***** [ Geplante Tasks ] *****
 

Task Gelöscht : NetEngine
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}

Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\Super Optimizer

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate

Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions

Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp

Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue

Schlüssel Gelöscht : HKLM\SOFTWARE\MixVideoPlayer

Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RinoReader

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Genesis_07121006

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v9.0.8112.16636
 
 

-\\ Mozilla Firefox v37.0.2 (x86 de)
 

[1ewveuey.default-1430258247018\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);

[1ewveuey.default-1430258247018\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
 

-\\ Google Chrome v
 
 

*************************
 

AdwCleaner[R0].txt - [6712 Bytes] - [02/04/2014 19:57:38]

AdwCleaner[R1].txt - [4980 Bytes] - [29/04/2015 20:18:49]

AdwCleaner[S0].txt - [5581 Bytes] - [02/04/2014 20:00:05]

AdwCleaner[S1].txt - [4660 Bytes] - [29/04/2015 20:22:13]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4719  Bytes] ##########

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 29.04.2015

Suchlauf-Zeit: 20:34:47

Logdatei: mbamlog.txt

Administrator: Ja
 

Version: 2.01.6.1022

Malware Datenbank: v2015.04.29.04

Rootkit Datenbank: v2015.04.21.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows Vista Service Pack 2

CPU: x64

Dateisystem: NTFS

Benutzer: Ron
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 406007

Verstrichene Zeit: 26 Min, 40 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Heuristik: Aktiviert

PUP: Warnen

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente gefunden)
 

Module: 0

(Keine schädliche Elemente gefunden)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente gefunden)
 

Registrierungswerte: 3

PUP.Optional.OurSurfing.A, HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.oursurfing.com/web/?type=ds&ts=1430289123&from=45e&uid=SAMSUNGXHD642JJ_S1GWJ9AS204826&q={searchTerms}, , [02566f03a9e1bf77dd70b2ad55b0629e]

PUP.Optional.OurSurfing.A, HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}, , [7eda185a9cee3bfb410c79e6fc09be42]

PUP.Optional.OurSurfing.A, HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}|URL, hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=45e&utm_campaign=install_ie&utm_content=ds&from=45e&uid=3219913727_67191_52AF82FA&ts=1430289198&type=default&q={searchTerms}, , [38209dd592f8053151fcc19ea461b44c]
 

Registrierungsdaten: 6

PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[3b1d29498cfeb284d1fdde225bab7090]

PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[6fe931411d6dc274b41af010b94d52ae]

PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[1048640e4b3f55e1c8065ea29d698e72]

PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[0454ee84d6b493a329a5c53b15f16997]

PUP.Optional.HttpBreaker.A, HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[ed6b0b67e1a96accf1dab44cc6402fd1]

PUP.Optional.HttpBreaker.A, HKU\S-1-5-21-2673002154-866942330-3263328844-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, ?type=hppp, Gut: (www.google.com), Schlecht: (?type=hppp),,[77e1284ad3b7e1557f4cab5566a047b9]
 

Ordner: 7

PUP.Optional.GlobalUpdate.A, C:\Users\Ron\AppData\Local\temp\comh.143938, , [540498daafdb082e46a71793ea19b54b], 

PUP.Optional.GlobalUpdate.A, C:\Users\Ron\AppData\Local\temp\comh.415473, , [411784ee27632f0749a4acfe38cb7a86], 

PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinema Pro Plus 3.4cV28.04, , [d286036fe1a91f17f778ac1714ef22de], 

PUP.Optional.SystemNotifier.A, C:\Program Files (x86)\System NotifierV28.04, , [c791244e444643f3ee95972cfe05b848], 

PUP.Optional.OurSurfing.A, C:\Users\Ron\AppData\Roaming\oursurfing, , [193f4f23ec9eb086f4a14c7b897aae52], 

PUP.Optional.OurSurfing.A, C:\Users\Ron\AppData\Roaming\oursurfing\images, , [193f4f23ec9eb086f4a14c7b897aae52], 

PUP.Optional.OurSurfing.A, C:\Users\Ron\AppData\Roaming\oursurfing\images\code, , [193f4f23ec9eb086f4a14c7b897aae52], 
 

Dateien: 3

PUP.Optional.Softonic.SID.C, C:\Users\Ron\Downloads\Setup.exe, , [c692b9b9dfab0a2c0f353e0a986e718f], 

PUP.Optional.HttpBreaker.A, C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "?type=hppp");), ,[b3a57ef4d3b7bf77a9525feaa75fe21e]

PUP.Optional.OurSurfing.A, C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\search.json, Gut: (), Schlecht: (oursurfing.com), ,[045412603159181e18c4ad9c877fe21e]
 

Physische Sektoren: 0

(Keine schädliche Elemente gefunden)
 
 

(end)

Die MBAM Funde in Quarantäne verschoben?

Ja! Habe ich. Aber immer leider noch jede Menge Seiten, die sich ungewollt aufmachen.

Zitat:

Zitat von dr.tschuna (Beitrag 1460757)

Aber immer leider noch jede Menge Seiten, die sich ungewollt aufmachen.

War ja nur ne Frage, habe ja nicht gesagt, dass wir fertig sind. :)

Kaspersky vorübergehend deaktivieren.

Schritt 1
Download von https://sites.google.com/site/canned...b27e2-Zoek.png ZOEK (by Smeenk)

Speichere die zoek.exe auf dem Desktop.
Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:

Code:

systemspecs; autoclean; FFdefaults; iedefaults; emptyclsid;

Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.

Zitat:

Zoek.exe is running now.
Do not start any browser windows, they may get closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
Bitte poste mir das zoek-results.log.

Code:

Zoek.exe v5.0.0.0 Updated 23-04-2015

Tool run by Ron on 30.04.2015 at 19:04:48,07.

Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Ron\Downloads\zoek.exe [Scan all users] [Script inserted] 
 

==== System Restore Info ======================
 

30.04.2015 19:06:34 Zoek.exe System Restore Point Created Successfully.
 

==== Empty Folders Check ======================
 

C:\PROGRA~2\Carbonite deleted successfully

C:\PROGRA~2\Cinema Pro Plus 3.4cV28.04 deleted successfully

C:\PROGRA~2\Convar deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\Nikon deleted successfully

C:\PROGRA~2\System NotifierV28.04 deleted successfully

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

C:\Program Files\ATI Technologies deleted successfully

C:\Program Files\Google deleted successfully

C:\Program Files\Logitech deleted successfully

C:\Users\Ron\AppData\Roaming\Common deleted successfully

C:\Users\Ron\AppData\Roaming\Malwarebytes deleted successfully

C:\Users\Ron\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully

C:\Users\Ron\AppData\Local\Nikon deleted successfully

C:\Users\Ron\AppData\Local\Secunia PSI deleted successfully

C:\Users\Ron\AppData\Local\Verkleinert deleted successfully
 

==== Deleting CLSID Registry Keys ======================
 

HKEY_USERS\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} deleted successfully
 

==== Deleting CLSID Registry Values ======================
 
 

==== Deleting Services ======================
 
 

==== FireFox Fix ======================
 

Deleted from C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\prefs.js:

user_pref("browser.search.defaultenginename", "oursurfing");

user_pref("browser.search.selectedEngine", "oursurfing");

user_pref("browser.search.useDBForOrder", true);
 

Added to C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");
 

ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018
 

---- Lines Sweet removed from prefs.js ----

user_pref("extensions.xpiState", "{\"app-profile\":{\"quick_searchff@gmail.com\":{\"d\":\"C:\\\\Users\\\\Ron\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firef

---- Lines Sweet modified from prefs.js ----
 

user_pref("extensions.enabledAddons", "sweetsearch%40gmail.com:1.0.0.1031,quick_searchff%40gmail.com:5.4.10,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 1);

---- FireFox user.js and prefs.js backups ---- 
 

user__1923_.backup

prefs__1923_.backup
 

==== Deleting Files \ Folders ======================
 

C:\PROGRA~2\Carbonite not found

C:\PROGRA~2\Cinema Pro Plus 3.4cV28.04 not found

C:\PROGRA~2\Convar not found

C:\PROGRA~2\Nikon not found

C:\PROGRA~2\System NotifierV28.04 not found

C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\sweetsearch@gmail.com not found

C:\found.000 deleted

C:\found.001 deleted

C:\found.002 deleted

C:\found.003 deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Ron\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\ext_offermosquito deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted

C:\Windows\patsearch.bin deleted

C:\Windows\wininit.ini deleted

C:\windows\SysNative\drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf deleted

C:\Users\Ron\Desktop\WordToPDF - CHIP Downloader.lnk deleted

"C:\Users\Ron\AppData\Roaming\Flanger" deleted

"C:\Users\Ron\AppData\Roaming\Flowers" deleted

"C:\Users\Ron\AppData\Roaming\Folder Actions" deleted

"C:\ProgramData\Electric Piano" deleted

"C:\ProgramData\Flange Saw" deleted

"C:\ProgramData\Flowers" deleted

"C:\PROGRA~2\Windows Collaboration" deleted
 

==== System Specs ======================
 

Windows: Windows Vista Home Premium Edition (64-bit) Service Pack 2 (Build 6002)

Memory (RAM): 6143 MB

CPU Info: Intel(R) Core(TM)2 Quad  CPU   Q8200  @ 2.33GHz

CPU Speed: 2346,6 MHz

Sound Card: Lautsprecher (Realtek High Defi | 

Realtek Digital Output (Realtek | 

Realtek HDMI Output (Realtek Hi | 

Display Adapters: ATI Radeon HD 5400 Series | ATI Radeon HD 5400 Series | RDPDD Chained DD | RDP Encoder Mirror Driver

Monitors: 1x; PnP-Monitor (Standard) | 

Screen Resolution: 1280 X 1024 - 32 bit

Network: Network Present

Network Adapters: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)

CD / DVD Drives: 1x (F: | ) F: TSSTcorpCDDVDW TS-H653Z

Ports: COM Ports NOT Present. LPT Port NOT Present. 

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C:  582,3GB | D:  13,8GB | E:  596,2GB | H:  931,5GB

Hard Disks - Free: C:  265,3GB | D:  1,6GB | E:  589,9GB | H:  691,2GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 12/16/08 | HPQOEM - 20081216

Time Zone: Mitteleuropäische Zeit

Motherboard *: PEGATRON CORPORATION Benicia

Country: Deutschland 

Language: DEU 
 

==== System Specs (Software) ======================
 

Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated)

Anti-Spyware: Kaspersky Internet Security disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Firewall: Kaspersky Internet Security disabled

Internet Explorer Version: 9.0.8112.16421 

Mozilla Firefox version: 37.0.2 (x86 de)

Adobe Reader version: 10.1.13.16

Sun Java version: 1.8.0_40 (32-bit) 

Sun Java version: 1.8.0_40 (64-bit) 

Flash Player version: 17.0.0.169
 

==== Firefox Start and Search pages ======================
 

ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");
 

==== Firefox Extensions Registry ======================
 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [16.12.2014 15:58]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04.04.2014 12:36]
 

==== Firefox Extensions ======================
 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 

==== Firefox Plugins ======================
 

Profilepath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018

AB87EEFFD18F2BAAFC274E7075EA6C67        - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -        Windows Presentation Foundation / Windows Presentation Foundation

9AE02005247DA91AB1743F5208DBEF76        - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -        Shockwave Flash
 
 

==== Chromium Look ======================
 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[14.08.2013 12:43]

hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[14.08.2013 12:43]

hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[14.08.2013 12:43]

jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[16.12.2014 15:55]

pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[14.08.2013 12:43]
 

==== Set IE to Default ======================
 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="hxxp://www.google.com/ie"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="hxxp://www.google.com/search?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="hxxp://www.google.com/ie"

"Default_Search_URL"="hxxp://www.google.com/ie"
 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="hxxp://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
 

==== All HKCU SearchScopes ======================
 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{E733165D-CBCF-4FDA-883E-ADEF965B476C} Google  Url="web/?type=dspp&q={searchTerms}"
 

==== Deleting Registry Keys ======================
 

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
 

==== Empty IE Cache ======================
 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Ron\AppData\Local\temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ron\AppData\Local\temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ron\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 

==== Empty FireFox Cache ======================
 

C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\cache2 emptied successfully
 

==== Empty Chrome Cache ======================
 

No Chrome Cache found
 

==== Empty All Flash Cache ======================
 

Flash Cache Emptied Successfully
 

==== Empty All Java Cache ======================
 

Java Cache cleared successfully
 

==== C:\zoek_backup content ======================
 

C:\zoek_backup (files=32 folders=22 15005657 bytes)
 

==== Empty Temp Folders ======================
 

C:\Users\Administrator\AppData\Local\temp emptied successfully

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\Public\AppData\Local\temp emptied successfully

C:\Users\Ron\AppData\Local\temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot
 

==== After Reboot ======================
 

==== Empty Temp Folders ======================
 

C:\Windows\Temp successfully emptied

C:\Users\Ron\AppData\Local\Temp successfully emptied
 

==== Empty Recycle Bin ======================
 

C:\$RECYCLE.BIN successfully emptied
 

==== Deleting Files / Folders ======================
 

"C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
 

==== EOF on 30.04.2015 at 19:34:32,99 ======================

Wie schaut es jetzt aus?

Jetzt habe ich , nachdem ich schon wieder google als Startseite hatte, MSN.com!

Und "bing.com" !

Ja, das ist kein Wunder. Das ist so, wenn man den Browser auf Standardeinstellungen zurücksetzt.

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset