Nach App-Instalationen extrem viel Werbung

Nightwish · 11.11.2014, 11:00

Guten Morgen,
ich hoffe, Ihr könnt mir nochmals bei einem Problem helfen.
Ich hatte gestern einige Apps heruntergeladen und habe, seitdem ich den Rechner heute morgen hochgefahren hatte, extreme Werbung. Ich habe Adblock de- und neu installiert, es hilft aber nichts.

Folgende Scans habe ich durchgeführt:
- Emisoft
- Defogger
- Malwarebytes
- FRST

Windows Defender meldete keinen Fund

Hier nun die Scans:
Emisoft:

Code:

ATTFilter

Emsisoft Emergency Kit - Version 9.0
Letztes Update: 11.11.2014 08:47:44
Benutzerkonto: GEORGINA-PC\Georgina

Scan Einstellungen:

Scan Methode: Schnelltest
Objekte: Rootkits, Speicher, Traces

PUPs-Erkennung: An
Archiv Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	11.11.2014 08:49:03
C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll 	gefunden: Adware.SearchProtect.H (B)
C:\ProgramData\IePluginServices\PluginService.exe 	gefunden: Adware.Agent.OKO (B)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\relevantknowledge 	gefunden: Application.AdStart (A)
C:\Users\Georgina\AppData\Roaming\systweak 	gefunden: Application.AppInstall (A)
C:\Program Files (x86)\relevantknowledge 	gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\CLTMNGSVC 	gefunden: Application.AdServ (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\RELEVANTKNOWLEDGE 	gefunden: Application.AdServ (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS -> {C7AE725D-FA5C-4027-BB4C-787EF9F8248A} 	gefunden: Application.FireExt (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\SYSTWEAK 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D08D9F98-1C78-4704-87E6-368B0023D831} 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\MKNDCBHCGPHCFKKDDANAKJIEPEKNBGLE 	gefunden: Application.WebExt (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\1CLICKDOWNLOAD 	gefunden: Application.AdTool (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SUPWPM 	gefunden: Application.AdSome (A)
C:\Program Files (x86)\SupTab 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SUPTAB 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\WEBSSEARCHESSOFTWARE 	gefunden: Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\TUTOTAG 	gefunden: Adware.Win32.Ozore (A)
C:\ProgramData\IePluginServices 	gefunden: Application.AdPlug (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SUPDP 	gefunden: Application.InstallTab (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\SUPHPUISOFT 	gefunden: Application.InstallTab (A)
C:\Program Files (x86)\RelevantKnowledge\ 	gefunden: Adware.Win32.Fisub (A)
C:\Program Files (x86)\Searchprotect 	gefunden: Application.AppInstall (A)
C:\Users\Georgina\AppData\Local\Searchprotect 	gefunden: Application.AppInstall (A)
C:\WINDOWS\system32\rlls.dll 	gefunden: Application.Win32.ReKnow (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D08D9F98-1C78-4704-87E6-368B0023D831} 	gefunden: Rogue.Win32.Cleanopt (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\OPTIMIZER PRO 	gefunden: Application.InstallAd (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} 	gefunden: Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} 	gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F} 	gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} 	gefunden: Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C} 	gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEARCHPROTECT 	gefunden: Application.InstallAd (A)

Gescannt	57907
Gefunden	44

Scan Ende:	11.11.2014 08:49:17
Scan Zeit:	0:00:14

Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEARCHPROTECT	Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT	Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}	Quarantäne Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}	Quarantäne Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}	Quarantäne Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}	Quarantäne Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}	Quarantäne Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS	Quarantäne Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}	Quarantäne Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}	Quarantäne Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\OPTIMIZER PRO	Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D08D9F98-1C78-4704-87E6-368B0023D831}	Quarantäne Rogue.Win32.Cleanopt (A)
C:\Program Files (x86)\Searchprotect	Quarantäne Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\SUPHPUISOFT	Quarantäne Application.InstallTab (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SUPDP	Quarantäne Application.InstallTab (A)
C:\ProgramData\IePluginServices	Quarantäne Application.AdPlug (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\TUTOTAG	Quarantäne Adware.Win32.Ozore (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\WEBSSEARCHESSOFTWARE	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SUPTAB	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SUPWPM	Quarantäne Application.AdSome (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}	Quarantäne Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}	Quarantäne Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\1CLICKDOWNLOAD	Quarantäne Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\MKNDCBHCGPHCFKKDDANAKJIEPEKNBGLE	Quarantäne Application.WebExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK	Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3369756559-1339453816-443426222-1001\SOFTWARE\SYSTWEAK	Quarantäne Application.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS -> {C7AE725D-FA5C-4027-BB4C-787EF9F8248A}	Quarantäne Application.FireExt (A)
C:\Program Files (x86)\relevantknowledge	Quarantäne Application.AppInstall (A)
C:\Users\Georgina\AppData\Roaming\systweak	Quarantäne Application.AppInstall (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\relevantknowledge	Quarantäne Application.AdStart (A)

Quarantäne	34

Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:51 on 11/11/2014 (Georgina)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Georgina (administrator) on GEORGINA-PC on 11-11-2014 09:55:36
Running from C:\Users\Georgina\Downloads
Loaded Profile: Georgina (Available profiles: Georgina & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\MountPoints2: {23bece2b-5524-11e4-8269-6002925cc7b8} - "D:\AutoRun.exe" 
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\MountPoints2: {b492acc6-3c04-11e4-8264-6002925cc7b8} - "D:\AutoRun.exe" 
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\MountPoints2: {b492ad27-3c04-11e4-8264-6002925cc7b8} - "D:\AutoRun.exe" 
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
Startup: C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D39183B5-C067-45BF-8EA5-F1028F1E7316}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{D715548C-5CDD-4160-9314-5EA93FDA1A53}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://www.faz.de/", "hxxp://www.google.de/", "hxxp://www.sueddeutsche.de/", "hxxp://www.bundesliga.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (YouTube) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google-Suche) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Google Tabellen) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (AdBlock) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-11]
CHR Extension: (jobehlihkogkaopjdeomandehpjiljjn) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobehlihkogkaopjdeomandehpjiljjn [2014-11-11]
CHR Extension: (Google Wallet) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-11-11]
CHR Extension: (Google Mail) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-04-10] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-24] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [656976 2013-05-21] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-09] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 SPOCJS; C:\WINDOWS\SysWOW64\SPOCJS64.DLL [21664 2014-06-03] (Microsoft)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-11] (Emsisoft GmbH)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-09] (Microsoft Corporation)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-11] (Emsisoft GmbH)
S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [121728 2013-08-22] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [375040 2013-08-22] (Huawei Technologies Co., Ltd.)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-01-31] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [990720 2014-09-18] (Marvell Semiconductors Inc.)
S3 msu30x64w8; C:\Windows\system32\DRIVERS\msu30x64w8.sys [100864 2014-07-11] (Microsoft)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [43152 2014-03-14] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49768 2014-10-13] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [63592 2014-09-26] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-04-14] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-03-19] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
S3 usbaud; C:\Windows\system32\DRIVERS\usbaud64.sys [1809056 2014-06-03] (Microsoft)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411136 2014-08-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 09:55 - 2014-11-11 09:55 - 00017007 _____ () C:\Users\Georgina\Downloads\FRST.txt
2014-11-11 09:55 - 2014-11-11 09:55 - 00000000 ____D () C:\FRST
2014-11-11 09:54 - 2014-11-11 09:54 - 02116096 _____ (Farbar) C:\Users\Georgina\Downloads\FRST64.exe
2014-11-11 09:51 - 2014-11-11 09:51 - 00050477 _____ () C:\Users\Georgina\Downloads\Defogger.exe
2014-11-11 09:51 - 2014-11-11 09:51 - 00000478 _____ () C:\Users\Georgina\Downloads\defogger_disable.log
2014-11-11 09:51 - 2014-11-11 09:51 - 00000000 _____ () C:\Users\Georgina\defogger_reenable
2014-11-11 09:36 - 2014-11-11 09:44 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 09:36 - 2014-11-11 09:36 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-11 09:36 - 2014-11-11 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-11 09:36 - 2014-11-11 09:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-11 09:36 - 2014-11-11 09:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-11 09:36 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-11 09:36 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-11 09:36 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-11 09:35 - 2014-11-11 09:35 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Georgina\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-11 08:51 - 2014-11-11 09:16 - 00006404 _____ () C:\EamClean.log
2014-11-11 08:46 - 2014-11-11 08:53 - 00000000 ____D () C:\EEK
2014-11-11 08:46 - 2014-11-11 08:46 - 00000762 _____ () C:\Users\Georgina\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-11 08:43 - 2014-11-11 08:45 - 156367280 _____ () C:\Users\Georgina\Downloads\EmsisoftEmergencyKit.exe
2014-11-11 08:16 - 2014-11-11 08:18 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\QuickScan
2014-11-11 08:07 - 2014-11-11 08:07 - 00000000 ____D () C:\Program Files (x86)\predm
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files\MSBuild
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-11-11 07:54 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-11-11 07:54 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-11-11 07:53 - 2014-11-11 07:53 - 00003338 _____ () C:\WINDOWS\System32\Tasks\Advanced System Protector
2014-11-11 07:51 - 2014-11-11 09:44 - 00001370 _____ () C:\WINDOWS\Tasks\ORQD.job
2014-11-11 07:51 - 2014-11-11 09:44 - 00001368 _____ () C:\WINDOWS\Tasks\WLX.job
2014-11-11 07:51 - 2014-11-11 09:43 - 00000000 ____D () C:\Program Files (x86)\4cfcc15e-0926-47e0-814b-27b70b64568b
2014-11-11 07:51 - 2014-11-11 07:56 - 00000000 ____D () C:\Users\Georgina\Documents\Add-in Express
2014-11-11 07:51 - 2014-11-11 07:56 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\smileyswelove
2014-11-11 07:51 - 2014-11-11 07:51 - 00004390 _____ () C:\WINDOWS\System32\Tasks\ORQD
2014-11-11 07:51 - 2014-11-11 07:51 - 00004386 _____ () C:\WINDOWS\System32\Tasks\WLX
2014-11-11 07:51 - 2014-11-11 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-11-11 07:50 - 2014-11-11 07:51 - 00000000 ____D () C:\Users\Georgina\Documents\Java
2014-11-11 07:49 - 2014-11-11 07:49 - 00633504 _____ () C:\Users\Georgina\Downloads\setup (3).exe
2014-11-10 10:01 - 2014-11-10 10:10 - 454667877 _____ () C:\Users\Georgina\Downloads\video2brain_excel_bereiche_und_namen.7z
2014-11-10 10:01 - 2014-11-10 10:05 - 168384089 _____ () C:\Users\Georgina\Downloads\video2brain_excel_2010_formulare.7z
2014-11-10 10:01 - 2014-11-10 10:02 - 00244816 _____ () C:\Users\Georgina\Downloads\projektdateien_excel_2010_formulare.7z
2014-11-10 10:01 - 2014-11-10 10:01 - 00177908 _____ () C:\Users\Georgina\Downloads\projektdateien_excel_bereiche_und_namen.7z
2014-11-09 12:29 - 2014-11-09 12:29 - 00021276 _____ () C:\Users\Georgina\Downloads\S_20141109_122955_Neue_Nachrichten.zip
2014-11-09 12:05 - 2014-11-09 13:43 - 00001158 _____ () C:\Users\Public\Desktop\cyberJack Gerätemanager,  Funktionstest.lnk
2014-11-09 12:05 - 2014-11-09 12:21 - 00009358 _____ () C:\WINDOWS\DPINST.LOG
2014-11-09 12:05 - 2014-11-09 12:05 - 00000396 _____ () C:\WINDOWS\hbcikrnl.ini
2014-11-09 12:05 - 2012-09-04 13:15 - 00035192 _____ (REINER SCT) C:\WINDOWS\system32\Drivers\cjusb.sys
2014-11-09 12:05 - 2009-11-09 09:48 - 00061952 _____ ( REINER SCT) C:\WINDOWS\SysWOW64\cjtpl.cpl
2014-11-09 12:04 - 2014-11-09 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REINER SCT cyberJack
2014-11-09 12:04 - 2014-11-09 12:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-09 12:04 - 2014-11-09 12:04 - 00000000 ____D () C:\Program Files (x86)\REINER SCT
2014-11-09 12:04 - 2014-01-27 17:08 - 00518192 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcsc.exe
2014-11-09 12:04 - 2013-05-17 14:17 - 00227672 _____ (Reiner Kartengeräte GmbH & Co.KG 1999-2012) C:\WINDOWS\SysWOW64\cjeca32.dll
2014-11-09 12:04 - 2012-10-19 15:42 - 00787576 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcsc32.dll
2014-11-09 12:04 - 2012-09-04 17:58 - 00058442 _____ () C:\WINDOWS\SysWOW64\cjbc_en.lan
2014-11-09 12:04 - 2012-02-22 15:48 - 00063069 _____ () C:\WINDOWS\SysWOW64\cjbc_de.lan
2014-11-09 12:04 - 2012-02-19 19:32 - 00713648 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcscui.exe
2014-11-09 12:04 - 2012-02-14 11:48 - 00432560 _____ (REINER SCT) C:\WINDOWS\SysWOW64\ctrsct64.dll
2014-11-09 12:04 - 2012-02-14 11:48 - 00352688 _____ (REINER SCT) C:\WINDOWS\SysWOW64\ctrsct32.dll
2014-11-09 12:04 - 2012-02-14 11:48 - 00208816 _____ (Reiner Kartengeräte GmbH) C:\WINDOWS\SysWOW64\cjppa32.dll
2014-11-09 12:04 - 2012-02-14 11:48 - 00053680 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjKbBase.dll
2014-11-09 12:04 - 2012-02-14 11:47 - 00063408 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcscli.exe
2014-11-09 12:04 - 2011-07-22 07:50 - 00359856 _____ (REINER SCT) C:\WINDOWS\SysWOW64\zkasigct.dll
2014-11-09 12:04 - 2010-02-10 19:39 - 00269824 _____ (REINER SCT) C:\WINDOWS\SysWOW64\rsct_pnp.dll
2014-11-09 12:04 - 2009-03-09 17:17 - 00274224 _____ (REINER SCT) C:\WINDOWS\SysWOW64\gkapi.dll
2014-11-09 12:04 - 2008-03-25 09:24 - 00060702 _____ () C:\WINDOWS\SysWOW64\rsct_pv_start.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00060702 _____ () C:\WINDOWS\SysWOW64\rsct_mv_start.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00013084 _____ () C:\WINDOWS\SysWOW64\rsct_key_clear.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00013026 _____ () C:\WINDOWS\SysWOW64\rsct_key_err.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00004636 _____ () C:\WINDOWS\SysWOW64\rsct_key_1.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00000656 _____ () C:\WINDOWS\SysWOW64\rsct_key.wav
2014-11-09 12:04 - 2008-03-19 13:48 - 00033136 _____ () C:\WINDOWS\SysWOW64\rsct_pv_stop.wav
2014-11-09 12:04 - 2008-03-19 13:48 - 00033136 _____ () C:\WINDOWS\SysWOW64\rsct_mv_stop.wav
2014-11-09 12:04 - 2007-11-07 12:20 - 00344064 _____ (REINER SCT) C:\WINDOWS\SysWOW64\SetupHBCI.exe
2014-11-09 12:04 - 2007-11-07 12:20 - 00196608 _____ (REINER SCT) C:\WINDOWS\SysWOW64\rsct_pnp.exe
2014-11-09 12:04 - 2007-05-31 07:38 - 00434252 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCRTD.DLL
2014-11-09 12:04 - 2007-05-31 07:38 - 00167936 _____ () C:\WINDOWS\SysWOW64\SerialXP.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00151552 _____ (REINER SCT) C:\WINDOWS\SysWOW64\OcfCopy.exe
2014-11-09 12:04 - 2007-05-31 07:38 - 00053248 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjtrm.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00041472 _____ (IBM Corporation) C:\WINDOWS\SysWOW64\ocfpcsc1.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00027648 _____ () C:\WINDOWS\SysWOW64\win32com.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00014949 _____ (franson.biz) C:\WINDOWS\SysWOW64\Drivers\bizVSerialNT.sys
2014-11-09 12:03 - 2014-11-09 12:04 - 00000000 ____D () C:\ProgramData\REINER SCT
2014-11-09 12:03 - 2014-11-09 12:03 - 11104520 _____ (Macrovision Corporation) C:\Users\Georgina\Downloads\bc_6_10_8.exe
2014-11-09 09:45 - 2014-11-09 09:46 - 00000000 ____D () C:\Users\Georgina\Documents\Rezepte
2014-11-07 15:37 - 2014-11-07 15:37 - 00000000 ____D () C:\Users\Georgina\Documents\Optimizer Pro
2014-11-07 15:36 - 2014-11-11 09:43 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-11-07 15:36 - 2014-11-07 18:49 - 00002114 _____ () C:\WINDOWS\patsearch.bin
2014-11-07 15:36 - 2014-11-07 15:36 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-11-07 15:36 - 2014-11-07 15:36 - 00000000 ____D () C:\Users\Georgina\AppData\Local\globalUpdate
2014-11-05 11:50 - 2014-11-05 11:50 - 00000000 ____D () C:\Users\Georgina\Vi8deos
2014-11-05 11:43 - 2014-11-05 11:43 - 01376768 _____ () C:\Users\Georgina\Downloads\7z920-x64 (1).msi
2014-11-04 18:08 - 2014-11-04 18:08 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Leader Technologies
2014-11-04 18:08 - 2014-11-04 18:08 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\Leadertech
2014-11-04 11:27 - 2014-11-04 11:28 - 83939323 _____ () C:\Users\Georgina\Downloads\mobile_3gp_word_2010.zip
2014-11-04 11:27 - 2014-11-04 11:28 - 228563305 _____ () C:\Users\Georgina\Downloads\mobile_mp4_word_2010.zip
2014-11-04 09:01 - 2014-11-04 09:03 - 311660472 _____ () C:\Users\Georgina\Downloads\rohmaterial_excel_2010_profiwissen.zip
2014-11-04 09:01 - 2014-11-04 09:03 - 158315668 _____ () C:\Users\Georgina\Downloads\mobile_mp4_excel_2010_profiwissen.zip
2014-11-04 09:01 - 2014-11-04 09:02 - 54760666 _____ () C:\Users\Georgina\Downloads\mobile_3gp_excel_2010_profiwissen.zip
2014-10-31 13:26 - 2014-11-05 14:55 - 00000000 ____D () C:\Users\Georgina\Downloads\projektdateien_visio_2013_grundlagen
2014-10-30 13:12 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-10-30 13:12 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-30 13:12 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-30 13:12 - 2014-09-07 23:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-30 13:12 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-10-30 13:12 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-10-30 13:12 - 2014-09-04 04:15 - 00561416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-10-30 13:12 - 2014-09-04 04:14 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-10-30 13:12 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-10-30 13:12 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-10-30 13:12 - 2014-09-04 02:19 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-10-30 13:12 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-10-30 13:12 - 2014-09-04 01:45 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-10-30 13:12 - 2014-09-04 01:41 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-10-30 13:12 - 2014-09-04 01:36 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-10-30 13:12 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-10-30 13:12 - 2014-09-04 01:15 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-10-30 13:12 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-10-30 13:12 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-30 13:12 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-30 13:12 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-10-30 13:12 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-10-30 13:12 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-10-30 13:12 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-10-30 13:12 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-10-30 13:12 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-10-30 13:12 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-10-30 13:12 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-10-30 13:12 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-10-30 13:12 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-10-30 13:12 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-10-30 13:12 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-10-30 13:12 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-10-30 07:13 - 2014-10-30 07:21 - 00027648 _____ () C:\Users\Georgina\Documents\Medikamentenplan.xls
2014-10-30 07:12 - 2014-10-30 07:12 - 00000000 ____D () C:\Users\Georgina\Documents\Medikamente
2014-10-30 07:00 - 2014-10-30 07:00 - 00011776 _____ () C:\Users\Georgina\Downloads\Medikamentenplan-leer-Internet-xls.xls
2014-10-30 06:54 - 2014-10-30 06:54 - 00022016 _____ () C:\Users\Georgina\Downloads\Medikamentenplan.xlt
2014-10-28 11:19 - 2014-11-04 11:29 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\HpUpdate
2014-10-28 11:19 - 2014-10-28 11:19 - 00003636 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet 4620 series
2014-10-28 11:19 - 2014-10-28 11:19 - 00002263 _____ () C:\Users\Public\Desktop\HP Officejet 4620 series.lnk
2014-10-28 11:19 - 2014-10-28 11:19 - 00001200 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 4620 series.lnk
2014-10-28 11:19 - 2014-10-28 11:19 - 00000984 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2014-10-28 11:19 - 2014-10-28 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-28 11:19 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM6412.dll
2014-10-28 11:18 - 2014-10-28 11:20 - 00000000 ____D () C:\Users\Georgina\AppData\Local\HP
2014-10-28 11:18 - 2014-10-28 11:20 - 00000000 ____D () C:\ProgramData\HP
2014-10-28 11:18 - 2014-10-28 11:19 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-28 11:18 - 2014-10-28 11:18 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-10-28 11:18 - 2014-10-28 11:18 - 00000000 ____D () C:\Program Files\HP
2014-10-28 11:12 - 2014-10-28 11:14 - 120112168 _____ () C:\Users\Georgina\Downloads\OJ4620_1315-1 (1).exe
2014-10-28 11:06 - 2014-10-28 11:06 - 02335368 _____ () C:\Users\Georgina\Downloads\OJ4620_R1424A.exe
2014-10-25 21:20 - 2014-10-25 21:20 - 00000218 _____ () C:\Users\Georgina\.recently-used.xbel
2014-10-24 19:16 - 2014-10-24 19:16 - 00638888 _____ (Oracle Corporation) C:\Users\Georgina\Downloads\chromeinstall-8u25.exe
2014-10-21 18:30 - 2014-11-11 07:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-21 18:30 - 2014-10-24 19:17 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-21 18:30 - 2014-10-24 19:17 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-21 18:30 - 2014-10-24 19:17 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-21 18:30 - 2014-10-24 19:17 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-21 15:50 - 2014-10-21 15:50 - 00424584 _____ () C:\WINDOWS\Minidump\102114-5796-01.dmp
2014-10-21 15:28 - 2014-10-21 15:28 - 00424584 _____ () C:\WINDOWS\Minidump\102114-7640-01.dmp
2014-10-17 13:17 - 2014-10-17 13:17 - 00000000 ____D () C:\Users\Georgina\Documents\Walleczek
2014-10-17 00:02 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-17 00:02 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-17 00:02 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-17 00:02 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-17 00:02 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-17 00:02 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-17 00:02 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-17 00:02 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-17 00:02 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-17 00:02 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-17 00:02 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-17 00:02 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-17 00:02 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-17 00:02 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-17 00:02 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-17 00:02 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-17 00:02 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-17 00:02 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-17 00:02 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-17 00:02 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-17 00:02 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-17 00:02 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-17 00:02 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-17 00:02 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-17 00:02 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-17 00:02 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-17 00:02 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-17 00:02 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-17 00:02 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-17 00:02 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-17 00:02 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-17 00:02 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-17 00:02 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-17 00:02 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-17 00:02 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-17 00:02 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-17 00:02 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-17 00:02 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-17 00:02 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-17 00:02 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-17 00:02 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-17 00:02 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-17 00:02 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-17 00:02 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-17 00:02 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-17 00:02 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-17 00:02 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-17 00:02 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-17 00:02 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-17 00:02 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-17 00:02 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-17 00:02 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-17 00:02 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-17 00:02 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-17 00:02 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-17 00:02 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-17 00:02 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 06:52 - 2014-10-15 06:52 - 00424472 _____ () C:\WINDOWS\Minidump\101514-6390-01.dmp
2014-10-14 16:16 - 2014-10-14 16:16 - 00424528 _____ () C:\WINDOWS\Minidump\101414-6187-01.dmp
2014-10-13 16:42 - 2014-10-13 16:42 - 00049768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SurfaceIntegrationDriver.sys
2014-10-12 09:23 - 2014-10-16 12:15 - 00000000 ____D () C:\Users\Georgina\Documents\Schaffrath

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 09:51 - 2014-09-17 09:50 - 00000000 ____D () C:\Users\Georgina
2014-11-11 09:49 - 2014-09-17 09:57 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3369756559-1339453816-443426222-1001
2014-11-11 09:49 - 2014-05-09 07:01 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-11 09:49 - 2014-05-09 07:01 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-11 09:49 - 2014-05-08 23:31 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-11 09:47 - 2014-09-17 09:50 - 01993826 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-11 09:45 - 2014-09-22 11:12 - 00000000 ____D () C:\Users\Georgina\AppData\Local\PasswordSafe
2014-11-11 09:45 - 2014-09-17 11:16 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 09:45 - 2014-09-17 10:58 - 00005160 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for GEORGINA-PC-Georgina Georgina-PC
2014-11-11 09:45 - 2014-08-29 19:43 - 00000000 ___DO () C:\Users\Georgina\OneDrive
2014-11-11 09:44 - 2014-05-08 23:22 - 00119498 _____ () C:\WINDOWS\PFRO.log
2014-11-11 09:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Globalization
2014-11-11 09:44 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-11 09:44 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-11 09:26 - 2014-09-17 11:16 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-11 08:50 - 2014-09-17 11:17 - 00002260 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-11 08:38 - 2014-08-29 19:41 - 00000000 ____D () C:\Users\Georgina\AppData\Local\Packages
2014-11-11 08:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-11 08:09 - 2014-09-17 09:51 - 00001457 _____ () C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-11 07:59 - 2014-09-17 20:04 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-11-11 07:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-11-11 07:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-11-11 07:55 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-11 07:53 - 2014-10-10 08:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-11 07:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-10 20:49 - 2014-09-17 16:29 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\.purple
2014-11-10 12:21 - 2014-09-17 09:52 - 00000000 ____D () C:\Users\Georgina\AppData\Local\PackageStaging
2014-11-10 10:40 - 2014-09-30 13:10 - 00000001 ____R () C:\Users\Georgina\serverport
2014-11-09 09:49 - 2014-08-30 15:42 - 00000000 ___SD () C:\Users\Georgina\Documents\Meine Shapes
2014-11-09 09:46 - 2014-09-29 15:04 - 00000000 ____D () C:\Users\Georgina\Documents\Versicherung
2014-11-07 15:36 - 2013-08-22 15:46 - 00049955 _____ () C:\WINDOWS\setupact.log
2014-11-06 21:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-11-06 21:13 - 2014-09-21 08:40 - 00393220 _____ () C:\WINDOWS\system32\Drivers\MrvlDebugStore.bin
2014-11-06 21:13 - 2014-09-21 08:40 - 00032772 _____ () C:\WINDOWS\system32\Drivers\MrvlLogEntry.bin
2014-11-05 11:44 - 2014-09-19 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-05 11:44 - 2014-09-19 10:49 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-05 11:24 - 2014-09-17 06:34 - 00000000 ____D () C:\Users\Georgina\Documents\Bedienungsanleitungen
2014-11-01 08:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-30 13:13 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-30 13:13 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-10-30 12:25 - 2014-09-18 20:12 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-29 01:24 - 2014-05-09 07:09 - 00000000 ____D () C:\WINDOWS\Firmware
2014-10-28 11:31 - 2014-08-30 00:12 - 00000000 ____D () C:\Users\Georgina\Documents\Bahn
2014-10-25 21:12 - 2014-10-08 16:33 - 00000000 ____D () C:\Users\Georgina\AppData\Local\gtk-2.0
2014-10-25 11:59 - 2014-09-10 05:25 - 00000000 ____D () C:\Users\Georgina\Documents\Familie
2014-10-25 11:15 - 2014-09-17 10:53 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-24 19:17 - 2014-10-10 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-21 16:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-21 15:50 - 2014-09-18 08:34 - 445972931 _____ () C:\WINDOWS\MEMORY.DMP
2014-10-21 15:50 - 2014-09-18 08:34 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-20 17:21 - 2014-09-17 11:16 - 00004114 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 17:21 - 2014-09-17 11:16 - 00003878 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 01:02 - 2013-08-22 15:44 - 00482928 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-18 01:01 - 2014-09-19 02:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-18 01:01 - 2014-09-18 20:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-18 01:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-18 01:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-18 01:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-18 00:59 - 2014-09-18 20:23 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-12 08:35 - 2014-09-25 14:46 - 00000000 ____D () C:\Users\Georgina\Documents\Dr. Oetker

Some content of TEMP:
====================
C:\Users\Georgina\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Georgina\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Georgina\AppData\Local\Temp\ms.exe
C:\Users\Georgina\AppData\Local\Temp\optprosetup.exe
C:\Users\Georgina\AppData\Local\Temp\setup_297.exe
C:\Users\Georgina\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 04:45

==================== End Of Log ============================

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Georgina at 2014-11-11 09:55:58
Running from C:\Users\Georgina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.8 - REINER SCT)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM-x32\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051F0}) (Version: 7.0.510 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JiveX DICOM Viewer Light 4.4.3 (HKLM-x32\...\JiveX DICOM Viewer Light 4.4.3) (Version:  - VISUS Technology Transfer GmbH)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 - de-de (HKLM\...\VisioProRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
MindGenius Business 5 (HKLM-x32\...\{C260229F-9B20-4479-9CB6-A79ED112484D}) (Version: 05.10 - MindGenius Ltd)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.012.05.00.382 - Huawei Technologies Co.,Ltd)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
Studie zur Verbesserung von HP Officejet 4620 series Produkten (HKLM\...\{ABBC6F00-E9C9-4B1E-B046-8FFD7BA3A456}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3369756559-1339453816-443426222-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Georgina\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

21-10-2014 17:30:21 Installed Java 7 Update 71
29-10-2014 00:23:39 Windows Update
07-11-2014 11:44:05 Geplanter Prüfpunkt
09-11-2014 11:04:48 Installiert cyberJack Base Components
11-11-2014 06:52:03 Installed Java 7 Update 51

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09840148-64EF-4DAF-A352-0847EC290A33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-17] (Google Inc.)
Task: {0AF1BBB1-0191-4B7D-B51C-26B6B403CD84} - System32\Tasks\ORQD => C:\Users\Georgina\AppData\Roaming\ORQD.exe <==== ATTENTION
Task: {0B942B2C-E42C-475E-86CB-AEEC66923A80} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0CF4C232-F5F0-4282-90EE-BCDF78845B76} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-25] (Microsoft Corporation)
Task: {26474FEB-9BF0-491F-A967-54CE2837891B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {28E779BC-6BDE-4D6E-B101-4DF6AA6D423A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {34F43A81-D6C3-489E-8309-B52F5A7F5995} - System32\Tasks\WLX => C:\Users\Georgina\AppData\Roaming\WLX.exe <==== ATTENTION
Task: {7286A56F-03B7-46EC-AF09-45DFB4C92297} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {77F6AE82-4160-43D0-BD32-6A1891E8E676} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {7960E039-5B3A-4D4A-8ACD-D825F78582C4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {84860194-2EBD-4092-A18B-C90E705C3FD3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-25] (Microsoft Corporation)
Task: {B60BCBA9-89AB-4369-9F6F-79B788C2B86E} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3369756559-1339453816-443426222-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {CB9DF3D2-F98F-4046-8709-A84098D700AB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-18] (Microsoft Corporation)
Task: {D31BF918-56FF-4AB2-A646-195B9262D34D} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {EF2BA186-9A22-49FA-BD19-C8060FA80DFC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-17] (Google Inc.)
Task: {FB0D7F83-CEBD-4A12-9E9B-BEA6AAAC2AE3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GEORGINA-PC-Georgina Georgina-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-10-25] (Microsoft Corporation)
Task: {FF5AA82E-735B-43BA-94F2-34B682FED247} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ORQD.job => C:\Users\Georgina\AppData\Roaming\ORQD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WLX.job => C:\Users\Georgina\AppData\Roaming\WLX.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-09-17 10:53 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-10 06:58 - 2013-04-10 06:58 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-09-18 08:08 - 2013-05-21 08:28 - 00656976 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-09-18 08:08 - 2009-01-10 19:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-09-18 08:08 - 2009-06-23 03:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-09-18 08:08 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-09-18 08:08 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-09-18 08:08 - 2013-05-21 08:20 - 00839680 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-09-18 08:08 - 2012-10-31 10:11 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2014-09-17 11:43 - 2014-10-25 05:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-09-17 11:42 - 2014-10-25 05:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-09-17 11:42 - 2014-10-25 05:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-07-07 16:21 - 2014-07-07 16:21 - 00410744 _____ () C:\WINDOWS\SYSTEM32\TrueColor5.2\LcProxy2.ax
2014-07-07 16:21 - 2014-07-07 16:21 - 00749168 _____ () C:\WINDOWS\SYSTEM32\TrueColor5.2\CAL2.dll
2014-10-28 18:27 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 18:27 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 18:27 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 18:27 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-28 18:27 - 2014-10-22 05:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Georgina\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3369756559-1339453816-443426222-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3369756559-1339453816-443426222-501 - Limited - Disabled)
Georgina (S-1-5-21-3369756559-1339453816-443426222-1001 - Administrator - Enabled) => C:\Users\Georgina
HomeGroupUser$ (S-1-5-21-3369756559-1339453816-443426222-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2014 08:02:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WajamInternetEnhancerService.exe, Version: 2.15.2.5, Zeitstempel: 0x54240939
Name des fehlerhaften Moduls: WajamInternetEnhancerService.exe, Version: 2.15.2.5, Zeitstempel: 0x54240939
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00021a20
ID des fehlerhaften Prozesses: 0x850
Startzeit der fehlerhaften Anwendung: 0xWajamInternetEnhancerService.exe0
Pfad der fehlerhaften Anwendung: WajamInternetEnhancerService.exe1
Pfad des fehlerhaften Moduls: WajamInternetEnhancerService.exe2
Berichtskennung: WajamInternetEnhancerService.exe3
Vollständiger Name des fehlerhaften Pakets: WajamInternetEnhancerService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WajamInternetEnhancerService.exe5

Error: (11/11/2014 07:58:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WajamInternetEnhancerService.exe, Version: 2.15.2.5, Zeitstempel: 0x54240939
Name des fehlerhaften Moduls: WajamInternetEnhancerService.exe, Version: 2.15.2.5, Zeitstempel: 0x54240939
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00021a20
ID des fehlerhaften Prozesses: 0xabc
Startzeit der fehlerhaften Anwendung: 0xWajamInternetEnhancerService.exe0
Pfad der fehlerhaften Anwendung: WajamInternetEnhancerService.exe1
Pfad des fehlerhaften Moduls: WajamInternetEnhancerService.exe2
Berichtskennung: WajamInternetEnhancerService.exe3
Vollständiger Name des fehlerhaften Pakets: WajamInternetEnhancerService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WajamInternetEnhancerService.exe5

Error: (11/11/2014 07:58:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WajamInternetEnhancerService.exe, Version: 2.15.2.5, Zeitstempel: 0x54240939
Name des fehlerhaften Moduls: WajamInternetEnhancerService.exe, Version: 2.15.2.5, Zeitstempel: 0x54240939
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00021a20
ID des fehlerhaften Prozesses: 0x868
Startzeit der fehlerhaften Anwendung: 0xWajamInternetEnhancerService.exe0
Pfad der fehlerhaften Anwendung: WajamInternetEnhancerService.exe1
Pfad des fehlerhaften Moduls: WajamInternetEnhancerService.exe2
Berichtskennung: WajamInternetEnhancerService.exe3
Vollständiger Name des fehlerhaften Pakets: WajamInternetEnhancerService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WajamInternetEnhancerService.exe5

Error: (11/11/2014 07:51:25 AM) (Source: MsiInstaller) (EventID: 11309) (User: GEORGINA-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (11/10/2014 04:20:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.3.9600.17031, Zeitstempel: 0x53085927
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 6.3.9600.17195, Zeitstempel: 0x53894a69
Ausnahmecode: 0xc000027b
Fehleroffset: 0x00000000000547ac
ID des fehlerhaften Prozesses: 0x13f8
Startzeit der fehlerhaften Anwendung: 0xwwahost.exe0
Pfad der fehlerhaften Anwendung: wwahost.exe1
Pfad des fehlerhaften Moduls: wwahost.exe2
Berichtskennung: wwahost.exe3
Vollständiger Name des fehlerhaften Pakets: wwahost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wwahost.exe5

Error: (11/10/2014 06:53:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Windows RE tools" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (11/09/2014 09:14:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.3.9600.17031, Zeitstempel: 0x53085927
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 6.3.9600.17195, Zeitstempel: 0x53894a69
Ausnahmecode: 0xc000027b
Fehleroffset: 0x00000000000547ac
ID des fehlerhaften Prozesses: 0x141c
Startzeit der fehlerhaften Anwendung: 0xwwahost.exe0
Pfad der fehlerhaften Anwendung: wwahost.exe1
Pfad des fehlerhaften Moduls: wwahost.exe2
Berichtskennung: wwahost.exe3
Vollständiger Name des fehlerhaften Pakets: wwahost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wwahost.exe5

Error: (11/09/2014 01:23:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.3.9600.17031, Zeitstempel: 0x53085927
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 6.3.9600.17195, Zeitstempel: 0x53894a69
Ausnahmecode: 0xc000027b
Fehleroffset: 0x00000000000547ac
ID des fehlerhaften Prozesses: 0x918
Startzeit der fehlerhaften Anwendung: 0xwwahost.exe0
Pfad der fehlerhaften Anwendung: wwahost.exe1
Pfad des fehlerhaften Moduls: wwahost.exe2
Berichtskennung: wwahost.exe3
Vollständiger Name des fehlerhaften Pakets: wwahost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wwahost.exe5

Error: (11/09/2014 08:54:46 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Windows RE tools" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (11/09/2014 08:53:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Windows RE tools" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)


System errors:
=============
Error: (11/11/2014 09:44:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/11/2014 09:44:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (11/11/2014 09:16:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/11/2014 09:16:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (11/11/2014 09:15:43 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (11/11/2014 08:51:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/11/2014 08:51:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (11/11/2014 08:11:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/11/2014 08:11:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (11/11/2014 08:02:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 
%%1


Microsoft Office Sessions:
=========================
Error: (11/11/2014 08:02:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WajamInternetEnhancerService.exe2.15.2.554240939WajamInternetEnhancerService.exe2.15.2.554240939c000000500021a2085001cffd7d7071ceadC:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exeC:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exeafabf135-6970-11e4-827a-6002925cc7b8

Error: (11/11/2014 07:58:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WajamInternetEnhancerService.exe2.15.2.554240939WajamInternetEnhancerService.exe2.15.2.554240939c000000500021a20abc01cffd7cd6e6fa96C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exeC:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe149ae842-6970-11e4-8279-6002925cc7b8

Error: (11/11/2014 07:58:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WajamInternetEnhancerService.exe2.15.2.554240939WajamInternetEnhancerService.exe2.15.2.554240939c000000500021a2086801cffd7cd4a4535fC:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exeC:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe12b297a8-6970-11e4-8279-6002925cc7b8

Error: (11/11/2014 07:51:25 AM) (Source: MsiInstaller) (EventID: 11309) (User: GEORGINA-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/10/2014 04:20:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085927twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac13f801cffcecd0b5ccd8C:\WINDOWS\system32\wwahost.exeC:\Windows\System32\twinapi.appcore.dll16e6ad2a-68ed-11e4-8278-6002925cc7b819789RossBor.ClassicHearts_1.0.0.0_neutral__bckpywbq9b7yjApp

Error: (11/10/2014 06:53:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsFalscher Parameter. (0x80070057)

Error: (11/09/2014 09:14:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085927twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac141c01cffc190665d6aaC:\WINDOWS\system32\wwahost.exeC:\Windows\System32\twinapi.appcore.dllf8a8d091-684c-11e4-8278-6002925cc7b819789RossBor.ClassicHearts_1.0.0.0_neutral__bckpywbq9b7yjApp

Error: (11/09/2014 01:23:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085927twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac91801cffc175701b003C:\WINDOWS\system32\wwahost.exeC:\Windows\System32\twinapi.appcore.dll46b65bcb-680b-11e4-8278-6002925cc7b819789RossBor.ClassicHearts_1.0.0.0_neutral__bckpywbq9b7yjApp

Error: (11/09/2014 08:54:46 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsFalscher Parameter. (0x80070057)

Error: (11/09/2014 08:53:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsFalscher Parameter. (0x80070057)


CodeIntegrity Errors:
===================================
  Date: 2014-11-11 07:56:01.890
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-11 07:56:01.750
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-11 07:56:01.422
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-11 07:56:01.297
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-11 07:54:47.393
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-11 07:54:47.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-11 07:54:47.268
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-11 07:54:47.190
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-11 07:54:47.065
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-05 05:03:25.560
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4650U CPU @ 1.70GHz
Percentage of memory in use: 33%
Total physical RAM: 8097.07 MB
Available physical RAM: 5407.17 MB
Total Pagefile: 16289.07 MB
Available Pagefile: 12773.53 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.72 GB) (Free:115.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: F1CDD41A)

Partition: GPT Partition Type.

==================== End Of Log ============================

GMER startete leider nicht.

Ich hoffe, dies ist erstmal eine Basis, mit der Ihr etwas anfangen könnt und bedanke mich schonmal vorab.

VG
Nightwish

Warlord711 · 11.11.2014, 11:19

Hast du das Malwarebytes Log noch ?

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Nightwish · 11.11.2014, 12:21

Vielen Dank für Deine prompte Hilfe!

Hier nun zuerst das Malwarebyte-Log. (Hatte ich vorhin leider vergessen)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 11.11.2014
Scan Time: 09:36:39
Logfile: Malwarebytes Log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.11.03
Rootkit Database: v2014.11.10.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Georgina

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347765
Time Elapsed: 4 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 5
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1296, Delete-on-Reboot, [512e201a66167db94a18b3ef986950b0]
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-6.exe, 3684, Delete-on-Reboot, [e09f7ac00a72c96d4222472d8a7b748c]
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\2a1718c1-62b6-4c24-91cd-b14e9446afec.exe, 3832, Delete-on-Reboot, [1e6182b85725d26497cd94e056af11ef]
PUP.Optional.VOPackage.A, C:\Users\Georgina\AppData\Roaming\VOPackage\VOsrv.exe, 1916, Delete-on-Reboot, [2956b189b7c54cea7446f044c53ed927]
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\89c6bc78-cdc5-491c-8953-85b87df0296a.exe, 3328, Delete-on-Reboot, [9be4201ae6965ed8608d52c5db28639d]

Modules: 1
PUP.Optional.Nova.A, C:\Program Files (x86)\HDtubeV1.6V11.11\a2620298-bc75-4a34-8aa9-19743147bd95.dll, Delete-on-Reboot, [a4dbe3579ede67cf39f83aa70001cb35], 

Registry Keys: 66
PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarantined, [512e201a66167db94a18b3ef986950b0], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, Quarantined, [512e201a66167db94a18b3ef986950b0], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611171168}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110611171168}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644174468}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655175568}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666176668}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655175568}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666176668}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644174468}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\CLASSES\c2eb4bc0f328013184de5118752c52d60061768.BHO.1, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611171168}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611171168}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\CLASSES\c2eb4bc0f328013184de5118752c52d60061768.BHO, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\c2eb4bc0f328013184de5118752c52d60061768.BHO, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\c2eb4bc0f328013184de5118752c52d60061768.BHO.1, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKU\S-1-5-21-3369756559-1339453816-443426222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611171168}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622172268}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\CLASSES\c2eb4bc0f328013184de5118752c52d60061768.Sandbox.1, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\CLASSES\c2eb4bc0f328013184de5118752c52d60061768.Sandbox, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\c2eb4bc0f328013184de5118752c52d60061768.Sandbox, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\c2eb4bc0f328013184de5118752c52d60061768.Sandbox.1, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622172268}, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611171168}\INPROCSERVER32, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.VOPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [2956b189b7c54cea7446f044c53ed927], 
PUP.Optional.VOPackage.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\servervo, Quarantined, [2956b189b7c54cea7446f044c53ed927], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [4f30ea50116bd95d3c266ff04fb4d42c], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [0877bf7b2f4df4427eee3657ae56f808], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [ef9044f6126a68ce768d9214e22222de], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [7e01a1995c207bbbff03446284806f91], 
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\HDtubeV1.6V11.11, Quarantined, [6a156fcb1f5d270f31de5aeefb08b64a], 
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\HDtubeV1.6V11.11-nv, Quarantined, [aed176c4a6d63600907f59eff40fd12f], 
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, Quarantined, [d1aec07a067683b34146d06db25129d7], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [186740fa532977bf0cc54e53d52f06fa], 
PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.2, Quarantined, [344b2614225a86b00506f042f310e61a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [cbb494a65a226dc9fa6eb094c53e2cd4], 
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [dba4dc5e4f2dbe7845cb78d3ef14b64a], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [5f20da60d4a870c6164c302f17ec8e72], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [cfb0bd7d215b3bfb52865c48ac589769], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [027d98a2c7b52f07e9f0d5cf7c88e020], 
PUP.Optional.WordProser.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpnfd_1_10_0_2, Quarantined, [96e9fe3c8fed83b31befe84a4cb723dd], 
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [126d50ea225aef4737ebb87946bddc24], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [601f2812710b44f25ac9b9780201867a], 
PUP.Optional.HDPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HDtubeV1.6V11.11, Quarantined, [16692119fd7f280e36dbbb8d1ee5c23e], 
PUP.Optional.HDVid.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheHDvid-Codec V10, Quarantined, [205fa99198e4a195fd675be82cd75ba5], 
PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-3369756559-1339453816-443426222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmileysWeLove, Quarantined, [d8a7a694f3892a0caa3f7bcf2cd724dc], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3369756559-1339453816-443426222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [750a47f3304c68ceb45ddcba9a6a23dd], 
PUP.Optional.HDPlus.A, HKU\S-1-5-21-3369756559-1339453816-443426222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HDtubeV1.6V11.11, Quarantined, [b2cddc5e6a12171f12ff92b6bb48f50b], 
PUP.Optional.SuperFish.A, HKU\S-1-5-21-3369756559-1339453816-443426222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [e897fb3f7c002f07250cb98fdf24718f], 
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HDtubeV1.6V11.11, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 

Registry Values: 3
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [cbb494a65a226dc9fa6eb094c53e2cd4]
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_241, Quarantined, [d7a8c674027aa6900383f04d9073a858], 
PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE|UninstallString, "C:\Users\Georgina\AppData\Roaming\VOPackage\uninstall.exe", Quarantined, [3946a19983f925117057cf747f84e31d]

Registry Data: 15
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851),Replaced,[750a60dab5c74cea1ad9cc6c61a4d030]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}),Replaced,[6d1238025626231320ca6bcddf26be42]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851),Replaced,[4a35ab8ff488b2848f59e6526f96a957]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851),Replaced,[6619310994e8320429c3cf69a85dd12f]
PUP.Optional.WebSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}),Replaced,[98e75ddd7606d1657ba4b4053fc218e8]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[5a2566d4fc8055e17d8fda693bcae818]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851),Replaced,[d0af8dad3c4038fe6a89a098c73e9967]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}),Replaced,[651a69d1d0aced499258ca6edb2ac43c]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851),Replaced,[d1ae34063646ef47ba2e8cacef1639c7]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851),Replaced,[a7d8eb4f037979bd3cb0c67293725aa6]
PUP.Optional.WebSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}),Replaced,[324dbc7eef8daa8cba654079b150857b]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[0b74a991b2ca55e17e8e32119b6a12ee]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3369756559-1339453816-443426222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M1D6D3646-5C50-4B6A-A7A8-646F7C0B1784&SearchSource=55&CUI=&UM=2&UP=SP6589DCDE-AA50-4D9F-806C-C75D6ABDFEB4&SSPV=, Good: (www.google.com), Bad: (hxxp://www.trovi.com/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M1D6D3646-5C50-4B6A-A7A8-646F7C0B1784&SearchSource=55&CUI=&UM=2&UP=SP6589DCDE-AA50-4D9F-806C-C75D6ABDFEB4&SSPV=),Replaced,[84fb2f0b7dff003669fc1f196c99649c]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3369756559-1339453816-443426222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851),Replaced,[aad5f446f488f73f1ccd4bedc73e718f]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3369756559-1339453816-443426222-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M1D6D3646-5C50-4B6A-A7A8-646F7C0B1784&SearchSource=55&CUI=&UM=2&UP=SP6589DCDE-AA50-4D9F-806C-C75D6ABDFEB4&SSPV=, Good: (www.google.com), Bad: (hxxp://www.trovi.com/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M1D6D3646-5C50-4B6A-A7A8-646F7C0B1784&SearchSource=55&CUI=&UM=2&UP=SP6589DCDE-AA50-4D9F-806C-C75D6ABDFEB4&SSPV=),Replaced,[0b74ab8fff7de94d6afb5ade2fd61fe1]

Folders: 32
PUP.Optional.VOPackage.A, C:\Users\Georgina\AppData\Roaming\VOPackage, Delete-on-Reboot, [2956b189b7c54cea7446f044c53ed927], 
PUP.Optional.VOPackage, C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage, Quarantined, [9de24eecdd9fa6903a8edf64a162ca36], 
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [354a0a3087f589ad03f41fd1ff035ca4], 
PUP.Optional.SmileysWeLove.A, C:\Users\Georgina\AppData\Local\Temp\swlfiles, Quarantined, [f887261425570e28e1bbc6508182649c], 
PUP.Optional.SmileysWeLove.A, C:\Users\Georgina\AppData\Local\Temp\swlfiles\x86, Quarantined, [f887261425570e28e1bbc6508182649c], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11, Delete-on-Reboot, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.Extutil.A, C:\Users\Georgina\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [91ee64d6e29a0d2914553ddb1fe45fa1], 
PUP.Optional.Managera.A, C:\Users\Georgina\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [ee9174c68defad891555051331d2cd33], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Delete-on-Reboot, [92ed4ded3c401521770250c80ef5847c], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, Quarantined, [92ed4ded3c401521770250c80ef5847c], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [92ed4ded3c401521770250c80ef5847c], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{88F4AB16-B95F-4719-977D-76D1133B6BDC}, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.122029, Quarantined, [522d2812700cc86eef788595ff04b14f], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.436829, Quarantined, [1c63b585b4c8c6703b2ca575a063c43c], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\userCode, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\icons, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\icons\actions, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\api, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\popupResource, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofaemmlijemfcopjandkcndefpnacabg, Quarantined, [b1ce46f4f5876fc723d0f22e9a6953ad], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ofaemmlijemfcopjandkcndefpnacabg_0, Quarantined, [93ec1c1efb81e84eda1a54ccb64d2ed2], 

Files: 225
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Delete-on-Reboot, [512e201a66167db94a18b3ef986950b0], 
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-6.exe, Delete-on-Reboot, [e09f7ac00a72c96d4222472d8a7b748c], 
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\2a1718c1-62b6-4c24-91cd-b14e9446afec.exe, Delete-on-Reboot, [1e6182b85725d26497cd94e056af11ef], 
PUP.Optional.Nova.A, C:\Program Files (x86)\HDtubeV1.6V11.11\a2620298-bc75-4a34-8aa9-19743147bd95.dll, Quarantined, [a4dbe3579ede67cf39f83aa70001cb35], 
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\HDtubeV1.6V11.11-bho64.dll, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\HDtubeV1.6V11.11-bho.dll, Quarantined, [413e58e2146876c04123de968e774ab6], 
PUP.Optional.HDVid.A, C:\Users\Georgina\AppData\Roaming\BRABQ.exe, Quarantined, [9ae5ac8e4a32e94deebdc0ed07fadc24], 
PUP.Optional.HDVid.A, C:\Users\Georgina\AppData\Roaming\OHWA.exe, Quarantined, [9de240fa89f393a36c3f9b1244bdbe42], 
PUP.Optional.HDTube.A, C:\Users\Georgina\AppData\Roaming\ORQD.exe, Quarantined, [82fd9d9d91eb221495cf9ed62ed7b947], 
PUP.Optional.HDTube.A, C:\Users\Georgina\AppData\Roaming\WLX.exe, Quarantined, [1669db5f611b330389dbd79dfc09ae52], 
PUP.Optional.Nova.A, C:\Program Files (x86)\4cfcc15e-0926-47e0-814b-27b70b64568b\e3efa897-e72b-4258-91dd-77ccbb56f7e5.dll, Quarantined, [b4cbb4869be16ec8b081637e738e9868], 
PUP.Optional.Nova.A, C:\Program Files (x86)\globalUpdate\c199a51e-751b-480d-877e-96b23f85b383.dll, Quarantined, [136cad8df18bba7c171a677a09f8ae52], 
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-2.exe, Quarantined, [bcc33406c7b5bd792440eb89c045eb15], 
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-5.exe, Quarantined, [0c73d3674e2e90a6a4c0cca81aeb718f], 
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-64.exe, Quarantined, [e6994eec1d5fb97d8ada95df709559a7], 
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-7.exe, Quarantined, [d0af96a4c5b72d0933311f559471dd23], 
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\HDtubeV1.6V11.11-bg.exe, Quarantined, [324d51e929539c9a5e06264ea263d32d], 
PUP.Optional.HDTube.A, C:\Program Files (x86)\HDtubeV1.6V11.11\HDtubeV1.6V11.11-codedownloader.exe, Quarantined, [a8d751e94f2d61d5d68ebabaa85dcf31], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HDtubeV1.6V11.11\utils.exe, Quarantined, [5827f149fd7f65d112fc63ddc43c09f7], 
PUP.Optional.RelevantKnowledge, C:\Windows\System32\rlls64.dll, Quarantined, [daa5fb3f7705d95dff0ecb8c0df8ba46], 
PUP.Optional.RelevantKnowledge, C:\Windows\SysWOW64\rlls.dll, Quarantined, [611ee555c5b750e6e22b58ff20e5b749], 
PUP.Optional.MyPCBackup.A, C:\Users\Georgina\AppData\Local\Temp\BackupSetup.exe, Quarantined, [146b2515fa822214d9b49d4032cf08f8], 
PUP.Optional.Conduit.A, C:\Users\Georgina\AppData\Local\Temp\verifier.exe, Quarantined, [b3cc62d80973a98ddb039da5d32da65a], 
PUP.Optional.LiMo, C:\Users\Georgina\AppData\Local\Temp\ET\pjr_webssearches.exe, Quarantined, [f28d6cce13693df9fb1d46ed020329d7], 
PUP.Optional.WordProser.A, C:\Users\Georgina\AppData\Local\Temp\ZOG\Setup.exe, Quarantined, [8ff026147dff35016d515186bc45916f], 
PUP.Optional.VOPackage.A, C:\Users\Georgina\AppData\Roaming\VOPackage\Uninstall.exe, Quarantined, [2956b189b7c54cea7446f044c53ed927], 
PUP.Optional.VOPackage.A, C:\Users\Georgina\AppData\Roaming\VOPackage\runasu.exe, Quarantined, [2956b189b7c54cea7446f044c53ed927], 
PUP.Optional.VOPackage.A, C:\Users\Georgina\AppData\Roaming\VOPackage\VOPackage.exe, Quarantined, [2956b189b7c54cea7446f044c53ed927], 
PUP.Optional.VOPackage.A, C:\Users\Georgina\AppData\Roaming\VOPackage\VOsrv.exe, Delete-on-Reboot, [2956b189b7c54cea7446f044c53ed927], 
PUP.Optional.VOPackage, C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk, Quarantined, [9de24eecdd9fa6903a8edf64a162ca36], 
PUP.Optional.WebSearchs.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, Quarantined, [bec1ec4e4f2de25456d1ef55c142a858], 
PUP.Optional.WebSearchs.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, Quarantined, [fd82bb7f097372c4a78088bca360966a], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-1, Quarantined, [81fed06aadcf50e65310182c857eb749], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-11, Quarantined, [e49b4eec5e1eaf87045f5aeaf90a5aa6], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-2, Quarantined, [156a2d0dfe7eea4c5c07a2a2f310a55b], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-3, Quarantined, [f9866ecc5b21ee480261ce7632d18f71], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-4, Quarantined, [dda2f1499ce04fe76df6f153b44f6a96], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-5, Quarantined, [710ebf7bbcc09e98d68de06425de31cf], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-5_user, Quarantined, [a7d8e55568141b1bca99e361c83b9868], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-6, Quarantined, [b2cd34066b114de9e47ffe465da6f907], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-7, Quarantined, [4d3293a78cf0f244e2814bf951b217e9], 
PUP.Optional.SelectNGo.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [5c23a49690ecba7c166f0a469b6813ed], 
PUP.Optional.SelectNGo.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Quarantined, [b0cf8fab3943013551341838778cb54b], 
PUP.Optional.LiveLyrics.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [7f002416bfbd21152ea5ce83c3409f61], 
PUP.Optional.LiveLyrics.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [dba44cee0d6f7abc23b099b83fc43dc3], 
PUP.Optional.Trovi.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage, Quarantined, [daa51f1be9932c0a5c49cf8350b38d73], 
PUP.Optional.Trovi.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage-journal, Quarantined, [403fef4b93e966d07233bd95f70cb947], 
Trojan.Agent, C:\Windows\SysWOW64\rlls.dll, Quarantined, [e09f78c2ef8d79bd1684bffeee15e917], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-1.job, Quarantined, [700f92a8ee8ec96d9bd3c3dfb05407f9], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-11.job, Quarantined, [770869d1e59779bdee808a1821e3d927], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-2.job, Quarantined, [e19e3703c1bb32049ad47032fc08a957], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-3.job, Quarantined, [f6898cae156759dd75f9871b9173f30d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-4.job, Quarantined, [ceb12119a9d35cdab5b9287a8a7ae719], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-5.job, Quarantined, [bdc272c8f48842f48be3960c53b1e020], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-5_user.job, Quarantined, [fc8308326b1176c0115dbfe31de70ff1], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-6.job, Quarantined, [9de2d46690ec989e214d465cce36cf31], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8cfb6d15-c92f-43f5-b424-993b4eefc8e7-7.job, Quarantined, [c9b60d2dcab22a0c9ad4c3df877df907], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [a5da2119b3c969cd166e01a1fa0a8779], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [aad59aa0b7c5c86edda8554d7391b749], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [d1ae3109215bbd795d29e4be45bf5fa1], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [a2ddf8428cf042f4a2e52c76f212aa56], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ofaemmlijemfcopjandkcndefpnacabg_0.localstorage, Quarantined, [dfa03406d3a9da5c4d785153bb49ec14], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ofaemmlijemfcopjandkcndefpnacabg_0.localstorage-journal, Quarantined, [d5aab288d8a4dd59ae17dacae0244cb4], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\2a1718c1-62b6-4c24-91cd-b14e9446afec.job, Quarantined, [156a12287dff56e0dafcedb772925ea2], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\89c6bc78-cdc5-491c-8953-85b87df0296a.job, Quarantined, [a8d7b48624581f1730a60d97b351dd23], 
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\2a1718c1-62b6-4c24-91cd-b14e9446afec, Quarantined, [344bc1798defe254f7e0891bdf25a759], 
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\89c6bc78-cdc5-491c-8953-85b87df0296a, Quarantined, [84fb9f9bd1ab46f0e0f7b6ee51b3fe02], 
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [453af743720a54e22ed802a464a0966a], 
PUP.Optional.ReMarkable.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [374805355d1f0f270be2b2f430d4c13f], 
PUP.Optional.ReMarkable.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [a3dce05ac9b379bddc11871f16ee8779], 
Rogue.Multiple, C:\ProgramData\374311380\BIT116E.tmp, Quarantined, [354a0a3087f589ad03f41fd1ff035ca4], 
PUP.Optional.SmileysWeLove.A, C:\Users\Georgina\AppData\Local\Temp\swlfiles\BrowserHelper.exe.config, Quarantined, [f887261425570e28e1bbc6508182649c], 
PUP.Optional.SmileysWeLove.A, C:\Users\Georgina\AppData\Local\Temp\swlfiles\BrowserHelper.pdb, Quarantined, [f887261425570e28e1bbc6508182649c], 
PUP.Optional.SmileysWeLove.A, C:\Users\Georgina\AppData\Local\Temp\swlfiles\browserhelperff.log, Quarantined, [f887261425570e28e1bbc6508182649c], 
PUP.Optional.SmileysWeLove.A, C:\Users\Georgina\AppData\Local\Temp\swlfiles\channel_generic.json.old, Quarantined, [f887261425570e28e1bbc6508182649c], 
PUP.Optional.SmileysWeLove.A, C:\Users\Georgina\AppData\Local\Temp\swlfiles\smileyswelove.xpi, Quarantined, [f887261425570e28e1bbc6508182649c], 
PUP.Optional.SmileysWeLove.A, C:\Users\Georgina\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx, Quarantined, [f887261425570e28e1bbc6508182649c], 
PUP.Optional.SmileysWeLove.A, C:\Users\Georgina\AppData\Local\Temp\swlfiles\x86\SQLite.Interop.dll, Quarantined, [f887261425570e28e1bbc6508182649c], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\1293297481.mxaddon, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\266ca2b0-43cf-4ba1-8d76-1aca05c6fb46.dll, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\6d781f7d-24fa-4986-86be-d2759274fc90.crx, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\89c6bc78-cdc5-491c-8953-85b87df0296a.exe, Delete-on-Reboot, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\8cfb6d15-c92f-43f5-b424-993b4eefc8e7.crx, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\8cfb6d15-c92f-43f5-b424-993b4eefc8e7.xpi, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\a2620298-bc75-4a34-8aa9-19743147bd95.crx, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\background.html, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\bgNova.html, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\HDtubeV1.6V11.11.ico, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\Newtonsoft.Json.dll, Delete-on-Reboot, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\SuperSocket.ClientEngine.Common.dll, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\SuperSocket.ClientEngine.Core.dll, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\SuperSocket.ClientEngine.Protocol.dll, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6V11.11\Uninstall.exe, Quarantined, [9be4201ae6965ed8608d52c5db28639d], 
PUP.Optional.Extutil.A, C:\Users\Georgina\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [91ee64d6e29a0d2914553ddb1fe45fa1], 
PUP.Optional.Extutil.A, C:\Users\Georgina\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [91ee64d6e29a0d2914553ddb1fe45fa1], 
PUP.Optional.Extutil.A, C:\Users\Georgina\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [91ee64d6e29a0d2914553ddb1fe45fa1], 
PUP.Optional.Managera.A, C:\Users\Georgina\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [ee9174c68defad891555051331d2cd33], 
PUP.Optional.Managera.A, C:\Users\Georgina\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [ee9174c68defad891555051331d2cd33], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-11-11[07-51-47-433].log, Quarantined, [92ed4ded3c401521770250c80ef5847c], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [92ed4ded3c401521770250c80ef5847c], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [3b44f8423b41e74f1734a47662a155ab], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.122029\GoogleCrashHandler.exe, Quarantined, [522d2812700cc86eef788595ff04b14f], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.122029\GoogleUpdate.exe, Quarantined, [522d2812700cc86eef788595ff04b14f], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.122029\GoogleUpdateBroker.exe, Quarantined, [522d2812700cc86eef788595ff04b14f], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.122029\GoogleUpdateHelper.msi, Quarantined, [522d2812700cc86eef788595ff04b14f], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.122029\GoogleUpdateOnDemand.exe, Quarantined, [522d2812700cc86eef788595ff04b14f], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.122029\goopdate.dll, Quarantined, [522d2812700cc86eef788595ff04b14f], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.122029\goopdateres_en.dll, Quarantined, [522d2812700cc86eef788595ff04b14f], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.122029\npGoogleUpdate4.dll, Quarantined, [522d2812700cc86eef788595ff04b14f], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.122029\psmachine.dll, Quarantined, [522d2812700cc86eef788595ff04b14f], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.122029\psuser.dll, Quarantined, [522d2812700cc86eef788595ff04b14f], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.436829\GoogleCrashHandler.exe, Quarantined, [1c63b585b4c8c6703b2ca575a063c43c], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.436829\GoogleUpdate.exe, Quarantined, [1c63b585b4c8c6703b2ca575a063c43c], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.436829\GoogleUpdateBroker.exe, Quarantined, [1c63b585b4c8c6703b2ca575a063c43c], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.436829\GoogleUpdateHelper.msi, Quarantined, [1c63b585b4c8c6703b2ca575a063c43c], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.436829\GoogleUpdateOnDemand.exe, Quarantined, [1c63b585b4c8c6703b2ca575a063c43c], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.436829\goopdate.dll, Quarantined, [1c63b585b4c8c6703b2ca575a063c43c], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.436829\goopdateres_en.dll, Quarantined, [1c63b585b4c8c6703b2ca575a063c43c], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.436829\npGoogleUpdate4.dll, Quarantined, [1c63b585b4c8c6703b2ca575a063c43c], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.436829\psmachine.dll, Quarantined, [1c63b585b4c8c6703b2ca575a063c43c], 
PUP.Optional.GlobalUpdate.A, C:\Users\Georgina\AppData\Local\Temp\comh.436829\psuser.dll, Quarantined, [1c63b585b4c8c6703b2ca575a063c43c], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\background.html, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\chromeCoreFilesIndex.txt, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\manifest.json, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\popup.html, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\Settings.json, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\manifest.xml, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins.json, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\102.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\104.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\119.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\123.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\13.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\14.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\17.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\178.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\179.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\180.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\184.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\19.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\195.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\220.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\221.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\223.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\226.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\231.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\232.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\242.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\246.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\260.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\262.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\263.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\267.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\273.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\275.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\281.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\286.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\288.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\289.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\292.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\300.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\302.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\315.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\4.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\47.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\64.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\7.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\78.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\80.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\9.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\91.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\93.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\plugins\97.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\userCode\background.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\extensionData\userCode\extension.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\icons\icon128.png, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\icons\icon16.png, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\icons\icon48.png, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\icons\actions\1.png, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\eb2b44dc8a1a703b0fae1c52e31c574c.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\fc8c51fc751ecd7c7d12ed02cec6c412.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\main.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\api\13a912b9e7b7db070d4bb788506a5440.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\api\7a09f2565cf4de5ee8889ef7d2448ae6.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\api\b0e1a5f00c58835493646cf6f740d305.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\api\c1a89d4152a46207ede88474bf23ef11.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\api\df6b215b2a0a883091e59c68bba6a860.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\api\pageAction.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\09d36f761c944da155c4ec15985e8ae4.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\208c409a3fb46d556360d10476da047d.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\2eff64deaa3aa35539f5363cf9478742.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\3659cec7d43ba670327fdb8231e0f9b8.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\3db0a06b1a40fe1cee0aef36c5226c95.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\6203d8c9f044e33608246aedf274f7bf.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\63fdb8c84c8a15cd08dc9c5a57620dd7.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\6aef5507d77152ba23875ef7b3f80f74.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\7a76959c2d2b1feb426c88cc2a7f9ca4.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\ab8476783cd73683f9e7dde9529ebcee.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\app_api.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\b806d0ce70a985839a4bbd567482db4a.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\f109caf6c767fe0426650bed12eab4b9.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\f1fe60f72060e4710bd3880ac2d3b548.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\ff6e65d6fc035bea5e985b3fdb067c9a.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\installer.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\popupResource\newPopup.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg\1.26.77_0\js\lib\popupResource\popup.js, Quarantined, [e996003a34487eb8b43e50d0ce35d927], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofaemmlijemfcopjandkcndefpnacabg\000005.ldb, Quarantined, [b1ce46f4f5876fc723d0f22e9a6953ad], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofaemmlijemfcopjandkcndefpnacabg\000012.log, Quarantined, [b1ce46f4f5876fc723d0f22e9a6953ad], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofaemmlijemfcopjandkcndefpnacabg\CURRENT, Quarantined, [b1ce46f4f5876fc723d0f22e9a6953ad], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofaemmlijemfcopjandkcndefpnacabg\LOCK, Quarantined, [b1ce46f4f5876fc723d0f22e9a6953ad], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofaemmlijemfcopjandkcndefpnacabg\LOG, Quarantined, [b1ce46f4f5876fc723d0f22e9a6953ad], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofaemmlijemfcopjandkcndefpnacabg\LOG.old, Quarantined, [b1ce46f4f5876fc723d0f22e9a6953ad], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofaemmlijemfcopjandkcndefpnacabg\MANIFEST-000010, Quarantined, [b1ce46f4f5876fc723d0f22e9a6953ad], 
PUP.Optional.CrossRider.A, C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ofaemmlijemfcopjandkcndefpnacabg_0\7, Quarantined, [93ec1c1efb81e84eda1a54ccb64d2ed2], 

Physical Sectors: 0
(No malicious items detected)


(end)

und nun adw cleaner:

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.101 - Bericht erstellt am 11/11/2014 um 11:44:55
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-10.9 [Live]
# Betriebssystem : Windows 8.1 Pro  (64 bits)
# Benutzername : Georgina - GEORGINA-PC
# Gestartet von : C:\Users\Georgina\Downloads\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Users\Georgina\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Georgina\AppData\Local\Temp\PCSpeedUp
Ordner Gelöscht : C:\Users\Georgina\AppData\Local\Temp\VuuPC
Ordner Gelöscht : C:\Users\Georgina\AppData\Roaming\Solvusoft
Ordner Gelöscht : C:\Users\Georgina\Documents\Optimizer Pro
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : Advanced System Protector

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\Popajar
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Google Chrome v38.0.2125.111

[C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M1D6D3646-5C50-4B6A-A7A8-646F7C0B1784&SearchSource=58&CUI=&UM=2&UP=SP6589DCDE-AA50-4D9F-806C-C75D6ABDFEB4&q={searchTerms}&SSPV=
[C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M1D6D3646-5C50-4B6A-A7A8-646F7C0B1784&SearchSource=58&CUI=&UM=2&UP=SP6589DCDE-AA50-4D9F-806C-C75D6ABDFEB4&q={searchTerms}&SSPV=
[C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}
[C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}
[C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}
[C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415688678&from=pjr&uid=SAMSUNGXMZMTE256HMHP-000MV_S1F1NYAF658851&q={searchTerms}

*************************

AdwCleaner[R0].txt - [8338 octets] - [11/11/2014 11:42:56]
AdwCleaner[S0].txt - [8095 octets] - [11/11/2014 11:44:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8155 octets] ##########

--- --- ---

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 8.1 Pro x64
Ran by Georgina on 11.11.2014 at 11:54:08,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.11.2014 at 11:55:50,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRT folgt separat

Vielen Dank!

Nightwish · 11.11.2014, 12:24

und nun FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Georgina (administrator) on GEORGINA-PC on 11-11-2014 11:57:08
Running from C:\Users\Georgina\Downloads
Loaded Profile: Georgina (Available profiles: Georgina & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\MountPoints2: {23bece2b-5524-11e4-8269-6002925cc7b8} - "D:\AutoRun.exe" 
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\MountPoints2: {b492acc6-3c04-11e4-8264-6002925cc7b8} - "D:\AutoRun.exe" 
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\MountPoints2: {b492ad27-3c04-11e4-8264-6002925cc7b8} - "D:\AutoRun.exe" 
Startup: C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D39183B5-C067-45BF-8EA5-F1028F1E7316}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{D715548C-5CDD-4160-9314-5EA93FDA1A53}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://www.faz.de/", "hxxp://www.google.de/", "hxxp://www.sueddeutsche.de/", "hxxp://www.bundesliga.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (YouTube) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Adblock Plus) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-11]
CHR Extension: (Google-Suche) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Google Tabellen) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (jobehlihkogkaopjdeomandehpjiljjn) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobehlihkogkaopjdeomandehpjiljjn [2014-11-11]
CHR Extension: (Google Wallet) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-11-11]
CHR Extension: (Google Mail) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-04-10] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-24] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [656976 2013-05-21] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-09] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 SPOCJS; C:\WINDOWS\SysWOW64\SPOCJS64.DLL [21664 2014-06-03] (Microsoft)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-11] (Emsisoft GmbH)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-09] (Microsoft Corporation)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-11] (Emsisoft GmbH)
S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [121728 2013-08-22] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [375040 2013-08-22] (Huawei Technologies Co., Ltd.)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-01-31] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [990720 2014-09-18] (Marvell Semiconductors Inc.)
S3 msu30x64w8; C:\Windows\system32\DRIVERS\msu30x64w8.sys [100864 2014-07-11] (Microsoft)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [43152 2014-03-14] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49768 2014-10-13] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [63592 2014-09-26] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-04-14] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-03-19] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
S3 usbaud; C:\Windows\system32\DRIVERS\usbaud64.sys [1809056 2014-06-03] (Microsoft)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411136 2014-08-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 11:56 - 2014-11-11 11:56 - 00000621 _____ () C:\Users\Georgina\Desktop\JRT1.txt
2014-11-11 11:54 - 2014-11-11 11:54 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-11 11:53 - 2014-11-11 11:53 - 01706808 _____ (Thisisu) C:\Users\Georgina\Downloads\JRT.exe
2014-11-11 11:51 - 2014-11-11 11:56 - 00000000 ____D () C:\Users\Georgina\Desktop\Trojaner board hilfe
2014-11-11 11:42 - 2014-11-11 11:49 - 00000000 ____D () C:\AdwCleaner
2014-11-11 11:41 - 2014-11-11 11:41 - 02140160 _____ () C:\Users\Georgina\Downloads\AdwCleaner_4.101.exe
2014-11-11 10:02 - 2014-11-11 10:02 - 00380416 _____ () C:\Users\Georgina\Downloads\Gmer-19357.exe
2014-11-11 09:57 - 2014-11-11 09:57 - 00048646 _____ () C:\Users\Georgina\Desktop\FRST.txt
2014-11-11 09:57 - 2014-11-11 09:57 - 00028470 _____ () C:\Users\Georgina\Desktop\Addition.txt
2014-11-11 09:55 - 2014-11-11 11:57 - 00015866 _____ () C:\Users\Georgina\Downloads\FRST.txt
2014-11-11 09:55 - 2014-11-11 11:57 - 00000000 ____D () C:\FRST
2014-11-11 09:55 - 2014-11-11 09:56 - 00028470 _____ () C:\Users\Georgina\Downloads\Addition.txt
2014-11-11 09:54 - 2014-11-11 09:54 - 02116096 _____ (Farbar) C:\Users\Georgina\Downloads\FRST64.exe
2014-11-11 09:51 - 2014-11-11 09:51 - 00050477 _____ () C:\Users\Georgina\Downloads\Defogger.exe
2014-11-11 09:51 - 2014-11-11 09:51 - 00000478 _____ () C:\Users\Georgina\Downloads\defogger_disable.log
2014-11-11 09:51 - 2014-11-11 09:51 - 00000000 _____ () C:\Users\Georgina\defogger_reenable
2014-11-11 09:36 - 2014-11-11 11:50 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 09:36 - 2014-11-11 09:36 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-11 09:36 - 2014-11-11 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-11 09:36 - 2014-11-11 09:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-11 09:36 - 2014-11-11 09:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-11 09:36 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-11 09:36 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-11 09:36 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-11 09:35 - 2014-11-11 09:35 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Georgina\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-11 08:51 - 2014-11-11 09:16 - 00006404 _____ () C:\EamClean.log
2014-11-11 08:46 - 2014-11-11 10:37 - 00000000 ____D () C:\EEK
2014-11-11 08:46 - 2014-11-11 08:46 - 00000762 _____ () C:\Users\Georgina\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-11 08:43 - 2014-11-11 08:45 - 156367280 _____ () C:\Users\Georgina\Downloads\EmsisoftEmergencyKit.exe
2014-11-11 08:16 - 2014-11-11 11:28 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\QuickScan
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files\MSBuild
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-11-11 07:54 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-11-11 07:54 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-11-11 07:51 - 2014-11-11 11:50 - 00001370 _____ () C:\WINDOWS\Tasks\ORQD.job
2014-11-11 07:51 - 2014-11-11 11:50 - 00001368 _____ () C:\WINDOWS\Tasks\WLX.job
2014-11-11 07:51 - 2014-11-11 09:43 - 00000000 ____D () C:\Program Files (x86)\4cfcc15e-0926-47e0-814b-27b70b64568b
2014-11-11 07:51 - 2014-11-11 07:56 - 00000000 ____D () C:\Users\Georgina\Documents\Add-in Express
2014-11-11 07:51 - 2014-11-11 07:56 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\smileyswelove
2014-11-11 07:51 - 2014-11-11 07:51 - 00004390 _____ () C:\WINDOWS\System32\Tasks\ORQD
2014-11-11 07:51 - 2014-11-11 07:51 - 00004386 _____ () C:\WINDOWS\System32\Tasks\WLX
2014-11-11 07:50 - 2014-11-11 07:51 - 00000000 ____D () C:\Users\Georgina\Documents\Java
2014-11-11 07:49 - 2014-11-11 07:49 - 00633504 _____ () C:\Users\Georgina\Downloads\setup (3).exe
2014-11-10 10:01 - 2014-11-10 10:10 - 454667877 _____ () C:\Users\Georgina\Downloads\video2brain_excel_bereiche_und_namen.7z
2014-11-10 10:01 - 2014-11-10 10:05 - 168384089 _____ () C:\Users\Georgina\Downloads\video2brain_excel_2010_formulare.7z
2014-11-10 10:01 - 2014-11-10 10:02 - 00244816 _____ () C:\Users\Georgina\Downloads\projektdateien_excel_2010_formulare.7z
2014-11-10 10:01 - 2014-11-10 10:01 - 00177908 _____ () C:\Users\Georgina\Downloads\projektdateien_excel_bereiche_und_namen.7z
2014-11-09 12:29 - 2014-11-09 12:29 - 00021276 _____ () C:\Users\Georgina\Downloads\S_20141109_122955_Neue_Nachrichten.zip
2014-11-09 12:05 - 2014-11-09 13:43 - 00001158 _____ () C:\Users\Public\Desktop\cyberJack Gerätemanager,  Funktionstest.lnk
2014-11-09 12:05 - 2014-11-09 12:21 - 00009358 _____ () C:\WINDOWS\DPINST.LOG
2014-11-09 12:05 - 2014-11-09 12:05 - 00000396 _____ () C:\WINDOWS\hbcikrnl.ini
2014-11-09 12:05 - 2012-09-04 13:15 - 00035192 _____ (REINER SCT) C:\WINDOWS\system32\Drivers\cjusb.sys
2014-11-09 12:05 - 2009-11-09 09:48 - 00061952 _____ ( REINER SCT) C:\WINDOWS\SysWOW64\cjtpl.cpl
2014-11-09 12:04 - 2014-11-09 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REINER SCT cyberJack
2014-11-09 12:04 - 2014-11-09 12:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-09 12:04 - 2014-11-09 12:04 - 00000000 ____D () C:\Program Files (x86)\REINER SCT
2014-11-09 12:04 - 2014-01-27 17:08 - 00518192 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcsc.exe
2014-11-09 12:04 - 2013-05-17 14:17 - 00227672 _____ (Reiner Kartengeräte GmbH & Co.KG 1999-2012) C:\WINDOWS\SysWOW64\cjeca32.dll
2014-11-09 12:04 - 2012-10-19 15:42 - 00787576 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcsc32.dll
2014-11-09 12:04 - 2012-09-04 17:58 - 00058442 _____ () C:\WINDOWS\SysWOW64\cjbc_en.lan
2014-11-09 12:04 - 2012-02-22 15:48 - 00063069 _____ () C:\WINDOWS\SysWOW64\cjbc_de.lan
2014-11-09 12:04 - 2012-02-19 19:32 - 00713648 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcscui.exe
2014-11-09 12:04 - 2012-02-14 11:48 - 00432560 _____ (REINER SCT) C:\WINDOWS\SysWOW64\ctrsct64.dll
2014-11-09 12:04 - 2012-02-14 11:48 - 00352688 _____ (REINER SCT) C:\WINDOWS\SysWOW64\ctrsct32.dll
2014-11-09 12:04 - 2012-02-14 11:48 - 00208816 _____ (Reiner Kartengeräte GmbH) C:\WINDOWS\SysWOW64\cjppa32.dll
2014-11-09 12:04 - 2012-02-14 11:48 - 00053680 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjKbBase.dll
2014-11-09 12:04 - 2012-02-14 11:47 - 00063408 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcscli.exe
2014-11-09 12:04 - 2011-07-22 07:50 - 00359856 _____ (REINER SCT) C:\WINDOWS\SysWOW64\zkasigct.dll
2014-11-09 12:04 - 2010-02-10 19:39 - 00269824 _____ (REINER SCT) C:\WINDOWS\SysWOW64\rsct_pnp.dll
2014-11-09 12:04 - 2009-03-09 17:17 - 00274224 _____ (REINER SCT) C:\WINDOWS\SysWOW64\gkapi.dll
2014-11-09 12:04 - 2008-03-25 09:24 - 00060702 _____ () C:\WINDOWS\SysWOW64\rsct_pv_start.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00060702 _____ () C:\WINDOWS\SysWOW64\rsct_mv_start.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00013084 _____ () C:\WINDOWS\SysWOW64\rsct_key_clear.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00013026 _____ () C:\WINDOWS\SysWOW64\rsct_key_err.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00004636 _____ () C:\WINDOWS\SysWOW64\rsct_key_1.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00000656 _____ () C:\WINDOWS\SysWOW64\rsct_key.wav
2014-11-09 12:04 - 2008-03-19 13:48 - 00033136 _____ () C:\WINDOWS\SysWOW64\rsct_pv_stop.wav
2014-11-09 12:04 - 2008-03-19 13:48 - 00033136 _____ () C:\WINDOWS\SysWOW64\rsct_mv_stop.wav
2014-11-09 12:04 - 2007-11-07 12:20 - 00344064 _____ (REINER SCT) C:\WINDOWS\SysWOW64\SetupHBCI.exe
2014-11-09 12:04 - 2007-11-07 12:20 - 00196608 _____ (REINER SCT) C:\WINDOWS\SysWOW64\rsct_pnp.exe
2014-11-09 12:04 - 2007-05-31 07:38 - 00434252 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCRTD.DLL
2014-11-09 12:04 - 2007-05-31 07:38 - 00167936 _____ () C:\WINDOWS\SysWOW64\SerialXP.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00151552 _____ (REINER SCT) C:\WINDOWS\SysWOW64\OcfCopy.exe
2014-11-09 12:04 - 2007-05-31 07:38 - 00053248 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjtrm.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00041472 _____ (IBM Corporation) C:\WINDOWS\SysWOW64\ocfpcsc1.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00027648 _____ () C:\WINDOWS\SysWOW64\win32com.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00014949 _____ (franson.biz) C:\WINDOWS\SysWOW64\Drivers\bizVSerialNT.sys
2014-11-09 12:03 - 2014-11-09 12:04 - 00000000 ____D () C:\ProgramData\REINER SCT
2014-11-09 12:03 - 2014-11-09 12:03 - 11104520 _____ (Macrovision Corporation) C:\Users\Georgina\Downloads\bc_6_10_8.exe
2014-11-09 09:45 - 2014-11-09 09:46 - 00000000 ____D () C:\Users\Georgina\Documents\Rezepte
2014-11-07 15:36 - 2014-11-07 18:49 - 00002114 _____ () C:\WINDOWS\patsearch.bin
2014-11-07 15:36 - 2014-11-07 15:36 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-11-05 11:50 - 2014-11-05 11:50 - 00000000 ____D () C:\Users\Georgina\Vi8deos
2014-11-05 11:43 - 2014-11-05 11:43 - 01376768 _____ () C:\Users\Georgina\Downloads\7z920-x64 (1).msi
2014-11-04 18:08 - 2014-11-04 18:08 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Leader Technologies
2014-11-04 18:08 - 2014-11-04 18:08 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\Leadertech
2014-11-04 11:27 - 2014-11-04 11:28 - 83939323 _____ () C:\Users\Georgina\Downloads\mobile_3gp_word_2010.zip
2014-11-04 11:27 - 2014-11-04 11:28 - 228563305 _____ () C:\Users\Georgina\Downloads\mobile_mp4_word_2010.zip
2014-11-04 09:01 - 2014-11-04 09:03 - 311660472 _____ () C:\Users\Georgina\Downloads\rohmaterial_excel_2010_profiwissen.zip
2014-11-04 09:01 - 2014-11-04 09:03 - 158315668 _____ () C:\Users\Georgina\Downloads\mobile_mp4_excel_2010_profiwissen.zip
2014-11-04 09:01 - 2014-11-04 09:02 - 54760666 _____ () C:\Users\Georgina\Downloads\mobile_3gp_excel_2010_profiwissen.zip
2014-10-31 13:26 - 2014-11-05 14:55 - 00000000 ____D () C:\Users\Georgina\Downloads\projektdateien_visio_2013_grundlagen
2014-10-30 13:12 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-10-30 13:12 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-30 13:12 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-30 13:12 - 2014-09-07 23:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-30 13:12 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-10-30 13:12 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-10-30 13:12 - 2014-09-04 04:15 - 00561416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-10-30 13:12 - 2014-09-04 04:14 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-10-30 13:12 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-10-30 13:12 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-10-30 13:12 - 2014-09-04 02:19 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-10-30 13:12 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-10-30 13:12 - 2014-09-04 01:45 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-10-30 13:12 - 2014-09-04 01:41 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-10-30 13:12 - 2014-09-04 01:36 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-10-30 13:12 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-10-30 13:12 - 2014-09-04 01:15 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-10-30 13:12 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-10-30 13:12 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-30 13:12 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-30 13:12 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-10-30 13:12 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-10-30 13:12 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-10-30 13:12 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-10-30 13:12 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-10-30 13:12 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-10-30 13:12 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-10-30 13:12 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-10-30 13:12 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-10-30 13:12 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-10-30 13:12 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-10-30 13:12 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-10-30 13:12 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-10-30 07:13 - 2014-10-30 07:21 - 00027648 _____ () C:\Users\Georgina\Documents\Medikamentenplan.xls
2014-10-30 07:12 - 2014-10-30 07:12 - 00000000 ____D () C:\Users\Georgina\Documents\Medikamente
2014-10-30 07:00 - 2014-10-30 07:00 - 00011776 _____ () C:\Users\Georgina\Downloads\Medikamentenplan-leer-Internet-xls.xls
2014-10-30 06:54 - 2014-10-30 06:54 - 00022016 _____ () C:\Users\Georgina\Downloads\Medikamentenplan.xlt
2014-10-28 11:19 - 2014-11-04 11:29 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\HpUpdate
2014-10-28 11:19 - 2014-10-28 11:19 - 00003636 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet 4620 series
2014-10-28 11:19 - 2014-10-28 11:19 - 00002263 _____ () C:\Users\Public\Desktop\HP Officejet 4620 series.lnk
2014-10-28 11:19 - 2014-10-28 11:19 - 00001200 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 4620 series.lnk
2014-10-28 11:19 - 2014-10-28 11:19 - 00000984 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2014-10-28 11:19 - 2014-10-28 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-28 11:19 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM6412.dll
2014-10-28 11:18 - 2014-10-28 11:20 - 00000000 ____D () C:\Users\Georgina\AppData\Local\HP
2014-10-28 11:18 - 2014-10-28 11:20 - 00000000 ____D () C:\ProgramData\HP
2014-10-28 11:18 - 2014-10-28 11:19 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-28 11:18 - 2014-10-28 11:18 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-10-28 11:18 - 2014-10-28 11:18 - 00000000 ____D () C:\Program Files\HP
2014-10-28 11:12 - 2014-10-28 11:14 - 120112168 _____ () C:\Users\Georgina\Downloads\OJ4620_1315-1 (1).exe
2014-10-28 11:06 - 2014-10-28 11:06 - 02335368 _____ () C:\Users\Georgina\Downloads\OJ4620_R1424A.exe
2014-10-25 21:20 - 2014-10-25 21:20 - 00000218 _____ () C:\Users\Georgina\.recently-used.xbel
2014-10-24 19:16 - 2014-10-24 19:16 - 00638888 _____ (Oracle Corporation) C:\Users\Georgina\Downloads\chromeinstall-8u25.exe
2014-10-21 18:30 - 2014-11-11 07:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-21 18:30 - 2014-10-24 19:17 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-21 18:30 - 2014-10-24 19:17 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-21 18:30 - 2014-10-24 19:17 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-21 18:30 - 2014-10-24 19:17 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-21 15:50 - 2014-10-21 15:50 - 00424584 _____ () C:\WINDOWS\Minidump\102114-5796-01.dmp
2014-10-21 15:28 - 2014-10-21 15:28 - 00424584 _____ () C:\WINDOWS\Minidump\102114-7640-01.dmp
2014-10-17 13:17 - 2014-10-17 13:17 - 00000000 ____D () C:\Users\Georgina\Documents\Walleczek
2014-10-17 00:02 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-17 00:02 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-17 00:02 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-17 00:02 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-17 00:02 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-17 00:02 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-17 00:02 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-17 00:02 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-17 00:02 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-17 00:02 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-17 00:02 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-17 00:02 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-17 00:02 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-17 00:02 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-17 00:02 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-17 00:02 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-17 00:02 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-17 00:02 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-17 00:02 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-17 00:02 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-17 00:02 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-17 00:02 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-17 00:02 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-17 00:02 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-17 00:02 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-17 00:02 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-17 00:02 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-17 00:02 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-17 00:02 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-17 00:02 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-17 00:02 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-17 00:02 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-17 00:02 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-17 00:02 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-17 00:02 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-17 00:02 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-17 00:02 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-17 00:02 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-17 00:02 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-17 00:02 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-17 00:02 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-17 00:02 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-17 00:02 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-17 00:02 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-17 00:02 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-17 00:02 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-17 00:02 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-17 00:02 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-17 00:02 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-17 00:02 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-17 00:02 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-17 00:02 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-17 00:02 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-17 00:02 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-17 00:02 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-17 00:02 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-17 00:02 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 06:52 - 2014-10-15 06:52 - 00424472 _____ () C:\WINDOWS\Minidump\101514-6390-01.dmp
2014-10-14 16:16 - 2014-10-14 16:16 - 00424528 _____ () C:\WINDOWS\Minidump\101414-6187-01.dmp
2014-10-13 16:42 - 2014-10-13 16:42 - 00049768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SurfaceIntegrationDriver.sys
2014-10-12 09:23 - 2014-10-16 12:15 - 00000000 ____D () C:\Users\Georgina\Documents\Schaffrath

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 11:56 - 2014-05-09 07:01 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-11 11:56 - 2014-05-09 07:01 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-11 11:56 - 2014-05-08 23:31 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-11 11:52 - 2014-09-17 10:58 - 00005160 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for GEORGINA-PC-Georgina Georgina-PC
2014-11-11 11:52 - 2014-08-29 19:43 - 00000000 ___DO () C:\Users\Georgina\OneDrive
2014-11-11 11:50 - 2014-09-22 11:12 - 00000000 ____D () C:\Users\Georgina\AppData\Local\PasswordSafe
2014-11-11 11:50 - 2014-09-17 11:16 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 11:50 - 2014-05-08 23:22 - 00120488 _____ () C:\WINDOWS\PFRO.log
2014-11-11 11:50 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-11 11:49 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-11 11:26 - 2014-09-17 11:16 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-11 10:17 - 2014-09-17 09:57 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3369756559-1339453816-443426222-1001
2014-11-11 09:57 - 2014-09-17 09:50 - 01994940 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-11 09:51 - 2014-09-17 09:50 - 00000000 ____D () C:\Users\Georgina
2014-11-11 09:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Globalization
2014-11-11 08:50 - 2014-09-17 11:17 - 00002260 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-11 08:38 - 2014-08-29 19:41 - 00000000 ____D () C:\Users\Georgina\AppData\Local\Packages
2014-11-11 08:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-11 08:09 - 2014-09-17 09:51 - 00001457 _____ () C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-11 07:59 - 2014-09-17 20:04 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-11-11 07:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-11-11 07:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-11-11 07:55 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-11 07:53 - 2014-10-10 08:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-11 07:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-10 20:49 - 2014-09-17 16:29 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\.purple
2014-11-10 12:21 - 2014-09-17 09:52 - 00000000 ____D () C:\Users\Georgina\AppData\Local\PackageStaging
2014-11-10 10:40 - 2014-09-30 13:10 - 00000001 ____R () C:\Users\Georgina\serverport
2014-11-09 09:49 - 2014-08-30 15:42 - 00000000 ___SD () C:\Users\Georgina\Documents\Meine Shapes
2014-11-09 09:46 - 2014-09-29 15:04 - 00000000 ____D () C:\Users\Georgina\Documents\Versicherung
2014-11-07 15:36 - 2013-08-22 15:46 - 00049955 _____ () C:\WINDOWS\setupact.log
2014-11-06 21:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-11-06 21:13 - 2014-09-21 08:40 - 00393220 _____ () C:\WINDOWS\system32\Drivers\MrvlDebugStore.bin
2014-11-06 21:13 - 2014-09-21 08:40 - 00032772 _____ () C:\WINDOWS\system32\Drivers\MrvlLogEntry.bin
2014-11-05 11:44 - 2014-09-19 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-05 11:44 - 2014-09-19 10:49 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-05 11:24 - 2014-09-17 06:34 - 00000000 ____D () C:\Users\Georgina\Documents\Bedienungsanleitungen
2014-11-01 08:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-30 13:13 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-30 13:13 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-10-30 12:25 - 2014-09-18 20:12 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-29 01:24 - 2014-05-09 07:09 - 00000000 ____D () C:\WINDOWS\Firmware
2014-10-28 11:31 - 2014-08-30 00:12 - 00000000 ____D () C:\Users\Georgina\Documents\Bahn
2014-10-25 21:12 - 2014-10-08 16:33 - 00000000 ____D () C:\Users\Georgina\AppData\Local\gtk-2.0
2014-10-25 11:59 - 2014-09-10 05:25 - 00000000 ____D () C:\Users\Georgina\Documents\Familie
2014-10-25 11:15 - 2014-09-17 10:53 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-24 19:17 - 2014-10-10 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-21 16:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-21 15:50 - 2014-09-18 08:34 - 445972931 _____ () C:\WINDOWS\MEMORY.DMP
2014-10-21 15:50 - 2014-09-18 08:34 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-20 17:21 - 2014-09-17 11:16 - 00004114 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 17:21 - 2014-09-17 11:16 - 00003878 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 01:02 - 2013-08-22 15:44 - 00482928 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-18 01:01 - 2014-09-19 02:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-18 01:01 - 2014-09-18 20:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-18 01:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-18 01:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-18 01:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-18 00:59 - 2014-09-18 20:23 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-12 08:35 - 2014-09-25 14:46 - 00000000 ____D () C:\Users\Georgina\Documents\Dr. Oetker

Some content of TEMP:
====================
C:\Users\Georgina\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Georgina\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Georgina\AppData\Local\Temp\ms.exe
C:\Users\Georgina\AppData\Local\Temp\optprosetup.exe
C:\Users\Georgina\AppData\Local\Temp\Quarantine.exe
C:\Users\Georgina\AppData\Local\Temp\setup_297.exe
C:\Users\Georgina\AppData\Local\Temp\sqlite3.dll
C:\Users\Georgina\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 04:45

==================== End Of Log ============================

--- --- ---

--- --- ---

Warlord711 · 11.11.2014, 12:41

OK, sieht schon schön aus.

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Der Fix löscht temporäre Dateien und erfordert i.d.R. einen Neustart.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ESET Online Scanner, dauert länger !

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Nightwish · 11.11.2014, 16:02

So, und nun das Security Check log checkup.txt

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.89  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
 Java 7 Update 51  
 Java 8 Update 25  
 Java version out of Date! 
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Mobile Partner OnlineUpdate ouc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST 64 Bit:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Georgina (administrator) on GEORGINA-PC on 11-11-2014 12:50:06
Running from C:\Users\Georgina\Downloads
Loaded Profile: Georgina (Available profiles: Georgina & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Georgina\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\MountPoints2: {23bece2b-5524-11e4-8269-6002925cc7b8} - "D:\AutoRun.exe" 
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\MountPoints2: {b492acc6-3c04-11e4-8264-6002925cc7b8} - "D:\AutoRun.exe" 
HKU\S-1-5-21-3369756559-1339453816-443426222-1001\...\MountPoints2: {b492ad27-3c04-11e4-8264-6002925cc7b8} - "D:\AutoRun.exe" 
Startup: C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D39183B5-C067-45BF-8EA5-F1028F1E7316}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{D715548C-5CDD-4160-9314-5EA93FDA1A53}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://www.faz.de/", "hxxp://www.google.de/", "hxxp://www.sueddeutsche.de/", "hxxp://www.bundesliga.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (YouTube) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Adblock Plus) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-11]
CHR Extension: (Google-Suche) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Google Tabellen) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (jobehlihkogkaopjdeomandehpjiljjn) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobehlihkogkaopjdeomandehpjiljjn [2014-11-11]
CHR Extension: (Google Wallet) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-11-11]
CHR Extension: (Google Mail) - C:\Users\Georgina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-04-10] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-24] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [656976 2013-05-21] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-09] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 SPOCJS; C:\WINDOWS\SysWOW64\SPOCJS64.DLL [21664 2014-06-03] (Microsoft)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-11] (Emsisoft GmbH)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-09] (Microsoft Corporation)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-11] (Emsisoft GmbH)
S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [121728 2013-08-22] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [375040 2013-08-22] (Huawei Technologies Co., Ltd.)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-01-31] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [990720 2014-09-18] (Marvell Semiconductors Inc.)
S3 msu30x64w8; C:\Windows\system32\DRIVERS\msu30x64w8.sys [100864 2014-07-11] (Microsoft)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [43152 2014-03-14] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49768 2014-10-13] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [63592 2014-09-26] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-04-14] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-03-19] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
S3 usbaud; C:\Windows\system32\DRIVERS\usbaud64.sys [1809056 2014-06-03] (Microsoft)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411136 2014-08-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 12:49 - 2014-11-11 12:49 - 02116096 _____ (Farbar) C:\Users\Georgina\Downloads\FRST64 (1).exe
2014-11-11 12:48 - 2014-11-11 12:48 - 00000000 ____D () C:\Users\Georgina\Desktop\Troj-2
2014-11-11 12:47 - 2014-11-11 12:47 - 00854448 _____ () C:\Users\Georgina\Downloads\SecurityCheck.exe
2014-11-11 11:56 - 2014-11-11 11:56 - 00000621 _____ () C:\Users\Georgina\Desktop\JRT1.txt
2014-11-11 11:54 - 2014-11-11 11:54 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-11 11:53 - 2014-11-11 11:53 - 01706808 _____ (Thisisu) C:\Users\Georgina\Downloads\JRT.exe
2014-11-11 11:51 - 2014-11-11 11:58 - 00000000 ____D () C:\Users\Georgina\Desktop\Trojaner board hilfe
2014-11-11 11:42 - 2014-11-11 11:49 - 00000000 ____D () C:\AdwCleaner
2014-11-11 11:41 - 2014-11-11 11:41 - 02140160 _____ () C:\Users\Georgina\Downloads\AdwCleaner_4.101.exe
2014-11-11 10:02 - 2014-11-11 10:02 - 00380416 _____ () C:\Users\Georgina\Downloads\Gmer-19357.exe
2014-11-11 09:57 - 2014-11-11 09:57 - 00048646 _____ () C:\Users\Georgina\Desktop\FRST.txt
2014-11-11 09:57 - 2014-11-11 09:57 - 00028470 _____ () C:\Users\Georgina\Desktop\Addition.txt
2014-11-11 09:55 - 2014-11-11 12:50 - 00016922 _____ () C:\Users\Georgina\Downloads\FRST.txt
2014-11-11 09:55 - 2014-11-11 12:50 - 00000000 ____D () C:\FRST
2014-11-11 09:55 - 2014-11-11 09:56 - 00028470 _____ () C:\Users\Georgina\Downloads\Addition.txt
2014-11-11 09:54 - 2014-11-11 09:54 - 02116096 _____ (Farbar) C:\Users\Georgina\Downloads\FRST64.exe
2014-11-11 09:51 - 2014-11-11 09:51 - 00050477 _____ () C:\Users\Georgina\Downloads\Defogger.exe
2014-11-11 09:51 - 2014-11-11 09:51 - 00000478 _____ () C:\Users\Georgina\Downloads\defogger_disable.log
2014-11-11 09:51 - 2014-11-11 09:51 - 00000000 _____ () C:\Users\Georgina\defogger_reenable
2014-11-11 09:36 - 2014-11-11 12:30 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 09:36 - 2014-11-11 09:36 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-11 09:36 - 2014-11-11 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-11 09:36 - 2014-11-11 09:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-11 09:36 - 2014-11-11 09:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-11 09:36 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-11 09:36 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-11 09:36 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-11 09:35 - 2014-11-11 09:35 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Georgina\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-11 08:51 - 2014-11-11 09:16 - 00006404 _____ () C:\EamClean.log
2014-11-11 08:46 - 2014-11-11 10:37 - 00000000 ____D () C:\EEK
2014-11-11 08:46 - 2014-11-11 08:46 - 00000762 _____ () C:\Users\Georgina\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-11 08:43 - 2014-11-11 08:45 - 156367280 _____ () C:\Users\Georgina\Downloads\EmsisoftEmergencyKit.exe
2014-11-11 08:16 - 2014-11-11 11:28 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\QuickScan
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files\MSBuild
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-11-11 07:55 - 2014-11-11 07:55 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-11-11 07:54 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-11-11 07:54 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-11-11 07:54 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-11-11 07:51 - 2014-11-11 12:30 - 00001370 _____ () C:\WINDOWS\Tasks\ORQD.job
2014-11-11 07:51 - 2014-11-11 12:30 - 00001368 _____ () C:\WINDOWS\Tasks\WLX.job
2014-11-11 07:51 - 2014-11-11 09:43 - 00000000 ____D () C:\Program Files (x86)\4cfcc15e-0926-47e0-814b-27b70b64568b
2014-11-11 07:51 - 2014-11-11 07:56 - 00000000 ____D () C:\Users\Georgina\Documents\Add-in Express
2014-11-11 07:51 - 2014-11-11 07:56 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\smileyswelove
2014-11-11 07:51 - 2014-11-11 07:51 - 00004390 _____ () C:\WINDOWS\System32\Tasks\ORQD
2014-11-11 07:51 - 2014-11-11 07:51 - 00004386 _____ () C:\WINDOWS\System32\Tasks\WLX
2014-11-11 07:50 - 2014-11-11 07:51 - 00000000 ____D () C:\Users\Georgina\Documents\Java
2014-11-11 07:49 - 2014-11-11 07:49 - 00633504 _____ () C:\Users\Georgina\Downloads\setup (3).exe
2014-11-10 10:01 - 2014-11-10 10:10 - 454667877 _____ () C:\Users\Georgina\Downloads\video2brain_excel_bereiche_und_namen.7z
2014-11-10 10:01 - 2014-11-10 10:05 - 168384089 _____ () C:\Users\Georgina\Downloads\video2brain_excel_2010_formulare.7z
2014-11-10 10:01 - 2014-11-10 10:02 - 00244816 _____ () C:\Users\Georgina\Downloads\projektdateien_excel_2010_formulare.7z
2014-11-10 10:01 - 2014-11-10 10:01 - 00177908 _____ () C:\Users\Georgina\Downloads\projektdateien_excel_bereiche_und_namen.7z
2014-11-09 12:29 - 2014-11-09 12:29 - 00021276 _____ () C:\Users\Georgina\Downloads\S_20141109_122955_Neue_Nachrichten.zip
2014-11-09 12:05 - 2014-11-09 13:43 - 00001158 _____ () C:\Users\Public\Desktop\cyberJack Gerätemanager,  Funktionstest.lnk
2014-11-09 12:05 - 2014-11-09 12:21 - 00009358 _____ () C:\WINDOWS\DPINST.LOG
2014-11-09 12:05 - 2014-11-09 12:05 - 00000396 _____ () C:\WINDOWS\hbcikrnl.ini
2014-11-09 12:05 - 2012-09-04 13:15 - 00035192 _____ (REINER SCT) C:\WINDOWS\system32\Drivers\cjusb.sys
2014-11-09 12:05 - 2009-11-09 09:48 - 00061952 _____ ( REINER SCT) C:\WINDOWS\SysWOW64\cjtpl.cpl
2014-11-09 12:04 - 2014-11-09 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REINER SCT cyberJack
2014-11-09 12:04 - 2014-11-09 12:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-09 12:04 - 2014-11-09 12:04 - 00000000 ____D () C:\Program Files (x86)\REINER SCT
2014-11-09 12:04 - 2014-01-27 17:08 - 00518192 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcsc.exe
2014-11-09 12:04 - 2013-05-17 14:17 - 00227672 _____ (Reiner Kartengeräte GmbH & Co.KG 1999-2012) C:\WINDOWS\SysWOW64\cjeca32.dll
2014-11-09 12:04 - 2012-10-19 15:42 - 00787576 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcsc32.dll
2014-11-09 12:04 - 2012-09-04 17:58 - 00058442 _____ () C:\WINDOWS\SysWOW64\cjbc_en.lan
2014-11-09 12:04 - 2012-02-22 15:48 - 00063069 _____ () C:\WINDOWS\SysWOW64\cjbc_de.lan
2014-11-09 12:04 - 2012-02-19 19:32 - 00713648 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcscui.exe
2014-11-09 12:04 - 2012-02-14 11:48 - 00432560 _____ (REINER SCT) C:\WINDOWS\SysWOW64\ctrsct64.dll
2014-11-09 12:04 - 2012-02-14 11:48 - 00352688 _____ (REINER SCT) C:\WINDOWS\SysWOW64\ctrsct32.dll
2014-11-09 12:04 - 2012-02-14 11:48 - 00208816 _____ (Reiner Kartengeräte GmbH) C:\WINDOWS\SysWOW64\cjppa32.dll
2014-11-09 12:04 - 2012-02-14 11:48 - 00053680 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjKbBase.dll
2014-11-09 12:04 - 2012-02-14 11:47 - 00063408 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjpcscli.exe
2014-11-09 12:04 - 2011-07-22 07:50 - 00359856 _____ (REINER SCT) C:\WINDOWS\SysWOW64\zkasigct.dll
2014-11-09 12:04 - 2010-02-10 19:39 - 00269824 _____ (REINER SCT) C:\WINDOWS\SysWOW64\rsct_pnp.dll
2014-11-09 12:04 - 2009-03-09 17:17 - 00274224 _____ (REINER SCT) C:\WINDOWS\SysWOW64\gkapi.dll
2014-11-09 12:04 - 2008-03-25 09:24 - 00060702 _____ () C:\WINDOWS\SysWOW64\rsct_pv_start.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00060702 _____ () C:\WINDOWS\SysWOW64\rsct_mv_start.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00013084 _____ () C:\WINDOWS\SysWOW64\rsct_key_clear.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00013026 _____ () C:\WINDOWS\SysWOW64\rsct_key_err.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00004636 _____ () C:\WINDOWS\SysWOW64\rsct_key_1.wav
2014-11-09 12:04 - 2008-03-25 09:24 - 00000656 _____ () C:\WINDOWS\SysWOW64\rsct_key.wav
2014-11-09 12:04 - 2008-03-19 13:48 - 00033136 _____ () C:\WINDOWS\SysWOW64\rsct_pv_stop.wav
2014-11-09 12:04 - 2008-03-19 13:48 - 00033136 _____ () C:\WINDOWS\SysWOW64\rsct_mv_stop.wav
2014-11-09 12:04 - 2007-11-07 12:20 - 00344064 _____ (REINER SCT) C:\WINDOWS\SysWOW64\SetupHBCI.exe
2014-11-09 12:04 - 2007-11-07 12:20 - 00196608 _____ (REINER SCT) C:\WINDOWS\SysWOW64\rsct_pnp.exe
2014-11-09 12:04 - 2007-05-31 07:38 - 00434252 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCRTD.DLL
2014-11-09 12:04 - 2007-05-31 07:38 - 00167936 _____ () C:\WINDOWS\SysWOW64\SerialXP.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00151552 _____ (REINER SCT) C:\WINDOWS\SysWOW64\OcfCopy.exe
2014-11-09 12:04 - 2007-05-31 07:38 - 00053248 _____ (REINER SCT) C:\WINDOWS\SysWOW64\cjtrm.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00041472 _____ (IBM Corporation) C:\WINDOWS\SysWOW64\ocfpcsc1.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00027648 _____ () C:\WINDOWS\SysWOW64\win32com.dll
2014-11-09 12:04 - 2007-05-31 07:38 - 00014949 _____ (franson.biz) C:\WINDOWS\SysWOW64\Drivers\bizVSerialNT.sys
2014-11-09 12:03 - 2014-11-09 12:04 - 00000000 ____D () C:\ProgramData\REINER SCT
2014-11-09 12:03 - 2014-11-09 12:03 - 11104520 _____ (Macrovision Corporation) C:\Users\Georgina\Downloads\bc_6_10_8.exe
2014-11-09 09:45 - 2014-11-09 09:46 - 00000000 ____D () C:\Users\Georgina\Documents\Rezepte
2014-11-07 15:36 - 2014-11-07 18:49 - 00002114 _____ () C:\WINDOWS\patsearch.bin
2014-11-07 15:36 - 2014-11-07 15:36 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-11-05 11:50 - 2014-11-05 11:50 - 00000000 ____D () C:\Users\Georgina\Vi8deos
2014-11-05 11:43 - 2014-11-05 11:43 - 01376768 _____ () C:\Users\Georgina\Downloads\7z920-x64 (1).msi
2014-11-04 18:08 - 2014-11-04 18:08 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Leader Technologies
2014-11-04 18:08 - 2014-11-04 18:08 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\Leadertech
2014-11-04 11:27 - 2014-11-04 11:28 - 83939323 _____ () C:\Users\Georgina\Downloads\mobile_3gp_word_2010.zip
2014-11-04 11:27 - 2014-11-04 11:28 - 228563305 _____ () C:\Users\Georgina\Downloads\mobile_mp4_word_2010.zip
2014-11-04 09:01 - 2014-11-04 09:03 - 311660472 _____ () C:\Users\Georgina\Downloads\rohmaterial_excel_2010_profiwissen.zip
2014-11-04 09:01 - 2014-11-04 09:03 - 158315668 _____ () C:\Users\Georgina\Downloads\mobile_mp4_excel_2010_profiwissen.zip
2014-11-04 09:01 - 2014-11-04 09:02 - 54760666 _____ () C:\Users\Georgina\Downloads\mobile_3gp_excel_2010_profiwissen.zip
2014-10-31 13:26 - 2014-11-05 14:55 - 00000000 ____D () C:\Users\Georgina\Downloads\projektdateien_visio_2013_grundlagen
2014-10-30 13:12 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-10-30 13:12 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-30 13:12 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-30 13:12 - 2014-09-07 23:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-30 13:12 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-10-30 13:12 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-10-30 13:12 - 2014-09-04 04:15 - 00561416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-10-30 13:12 - 2014-09-04 04:14 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-10-30 13:12 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-10-30 13:12 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-10-30 13:12 - 2014-09-04 02:19 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-10-30 13:12 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-10-30 13:12 - 2014-09-04 01:45 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-10-30 13:12 - 2014-09-04 01:41 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-10-30 13:12 - 2014-09-04 01:36 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-10-30 13:12 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-10-30 13:12 - 2014-09-04 01:15 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-10-30 13:12 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-10-30 13:12 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-30 13:12 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-30 13:12 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-10-30 13:12 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-10-30 13:12 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-10-30 13:12 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-10-30 13:12 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-10-30 13:12 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-10-30 13:12 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-10-30 13:12 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-10-30 13:12 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-10-30 13:12 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-10-30 13:12 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-10-30 13:12 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-10-30 13:12 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-10-30 07:13 - 2014-10-30 07:21 - 00027648 _____ () C:\Users\Georgina\Documents\Medikamentenplan.xls
2014-10-30 07:12 - 2014-10-30 07:12 - 00000000 ____D () C:\Users\Georgina\Documents\Medikamente
2014-10-30 07:00 - 2014-10-30 07:00 - 00011776 _____ () C:\Users\Georgina\Downloads\Medikamentenplan-leer-Internet-xls.xls
2014-10-30 06:54 - 2014-10-30 06:54 - 00022016 _____ () C:\Users\Georgina\Downloads\Medikamentenplan.xlt
2014-10-28 11:19 - 2014-11-04 11:29 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\HpUpdate
2014-10-28 11:19 - 2014-10-28 11:19 - 00003636 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet 4620 series
2014-10-28 11:19 - 2014-10-28 11:19 - 00002263 _____ () C:\Users\Public\Desktop\HP Officejet 4620 series.lnk
2014-10-28 11:19 - 2014-10-28 11:19 - 00001200 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 4620 series.lnk
2014-10-28 11:19 - 2014-10-28 11:19 - 00000984 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2014-10-28 11:19 - 2014-10-28 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-28 11:19 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM6412.dll
2014-10-28 11:18 - 2014-10-28 11:20 - 00000000 ____D () C:\Users\Georgina\AppData\Local\HP
2014-10-28 11:18 - 2014-10-28 11:20 - 00000000 ____D () C:\ProgramData\HP
2014-10-28 11:18 - 2014-10-28 11:19 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-28 11:18 - 2014-10-28 11:18 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-10-28 11:18 - 2014-10-28 11:18 - 00000000 ____D () C:\Program Files\HP
2014-10-28 11:12 - 2014-10-28 11:14 - 120112168 _____ () C:\Users\Georgina\Downloads\OJ4620_1315-1 (1).exe
2014-10-28 11:06 - 2014-10-28 11:06 - 02335368 _____ () C:\Users\Georgina\Downloads\OJ4620_R1424A.exe
2014-10-25 21:20 - 2014-10-25 21:20 - 00000218 _____ () C:\Users\Georgina\.recently-used.xbel
2014-10-24 19:16 - 2014-10-24 19:16 - 00638888 _____ (Oracle Corporation) C:\Users\Georgina\Downloads\chromeinstall-8u25.exe
2014-10-21 18:30 - 2014-11-11 07:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-21 18:30 - 2014-10-24 19:17 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-21 18:30 - 2014-10-24 19:17 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-21 18:30 - 2014-10-24 19:17 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-21 18:30 - 2014-10-24 19:17 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-21 15:50 - 2014-10-21 15:50 - 00424584 _____ () C:\WINDOWS\Minidump\102114-5796-01.dmp
2014-10-21 15:28 - 2014-10-21 15:28 - 00424584 _____ () C:\WINDOWS\Minidump\102114-7640-01.dmp
2014-10-17 13:17 - 2014-10-17 13:17 - 00000000 ____D () C:\Users\Georgina\Documents\Walleczek
2014-10-17 00:02 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-17 00:02 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-17 00:02 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-17 00:02 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-17 00:02 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-17 00:02 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-17 00:02 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-17 00:02 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-17 00:02 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-17 00:02 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-17 00:02 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-17 00:02 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-17 00:02 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-17 00:02 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-17 00:02 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-17 00:02 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-17 00:02 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-17 00:02 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-17 00:02 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-17 00:02 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-17 00:02 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-17 00:02 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-17 00:02 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-17 00:02 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-17 00:02 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-17 00:02 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-17 00:02 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-17 00:02 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-17 00:02 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-17 00:02 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-17 00:02 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-17 00:02 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-17 00:02 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-17 00:02 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-17 00:02 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-17 00:02 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-17 00:02 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-17 00:02 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-17 00:02 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-17 00:02 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-17 00:02 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-17 00:02 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-17 00:02 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-17 00:02 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-17 00:02 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-17 00:02 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-17 00:02 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-17 00:02 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-17 00:02 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-17 00:02 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-17 00:02 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-17 00:02 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-17 00:02 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-17 00:02 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-17 00:02 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-17 00:02 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-17 00:02 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 06:52 - 2014-10-15 06:52 - 00424472 _____ () C:\WINDOWS\Minidump\101514-6390-01.dmp
2014-10-14 16:16 - 2014-10-14 16:16 - 00424528 _____ () C:\WINDOWS\Minidump\101414-6187-01.dmp
2014-10-13 16:42 - 2014-10-13 16:42 - 00049768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SurfaceIntegrationDriver.sys
2014-10-12 09:23 - 2014-10-16 12:15 - 00000000 ____D () C:\Users\Georgina\Documents\Schaffrath

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 12:41 - 2014-09-17 10:58 - 00005160 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for GEORGINA-PC-Georgina Georgina-PC
2014-11-11 12:41 - 2014-08-29 19:43 - 00000000 __RDO () C:\Users\Georgina\OneDrive
2014-11-11 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-11 12:35 - 2014-09-17 09:57 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3369756559-1339453816-443426222-1001
2014-11-11 12:35 - 2014-05-09 07:01 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-11 12:35 - 2014-05-09 07:01 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-11 12:35 - 2014-05-08 23:31 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-11 12:31 - 2014-09-22 11:12 - 00000000 ____D () C:\Users\Georgina\AppData\Local\PasswordSafe
2014-11-11 12:31 - 2014-09-17 11:16 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 12:30 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-11 12:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-11 12:26 - 2014-09-17 11:16 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-11 11:50 - 2014-05-08 23:22 - 00120488 _____ () C:\WINDOWS\PFRO.log
2014-11-11 09:57 - 2014-09-17 09:50 - 01994940 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-11 09:51 - 2014-09-17 09:50 - 00000000 ____D () C:\Users\Georgina
2014-11-11 09:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Globalization
2014-11-11 08:50 - 2014-09-17 11:17 - 00002260 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-11 08:38 - 2014-08-29 19:41 - 00000000 ____D () C:\Users\Georgina\AppData\Local\Packages
2014-11-11 08:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-11 08:09 - 2014-09-17 09:51 - 00001457 _____ () C:\Users\Georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-11 07:59 - 2014-09-17 20:04 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-11-11 07:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-11-11 07:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-11-11 07:55 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-11 07:53 - 2014-10-10 08:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-11 07:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-10 20:49 - 2014-09-17 16:29 - 00000000 ____D () C:\Users\Georgina\AppData\Roaming\.purple
2014-11-10 12:21 - 2014-09-17 09:52 - 00000000 ____D () C:\Users\Georgina\AppData\Local\PackageStaging
2014-11-10 10:40 - 2014-09-30 13:10 - 00000001 ____R () C:\Users\Georgina\serverport
2014-11-09 09:49 - 2014-08-30 15:42 - 00000000 ___SD () C:\Users\Georgina\Documents\Meine Shapes
2014-11-09 09:46 - 2014-09-29 15:04 - 00000000 ____D () C:\Users\Georgina\Documents\Versicherung
2014-11-07 15:36 - 2013-08-22 15:46 - 00049955 _____ () C:\WINDOWS\setupact.log
2014-11-06 21:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-11-06 21:13 - 2014-09-21 08:40 - 00393220 _____ () C:\WINDOWS\system32\Drivers\MrvlDebugStore.bin
2014-11-06 21:13 - 2014-09-21 08:40 - 00032772 _____ () C:\WINDOWS\system32\Drivers\MrvlLogEntry.bin
2014-11-05 11:44 - 2014-09-19 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-05 11:44 - 2014-09-19 10:49 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-05 11:24 - 2014-09-17 06:34 - 00000000 ____D () C:\Users\Georgina\Documents\Bedienungsanleitungen
2014-11-01 08:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-30 13:13 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-30 13:13 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-10-30 12:25 - 2014-09-18 20:12 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-29 01:24 - 2014-05-09 07:09 - 00000000 ____D () C:\WINDOWS\Firmware
2014-10-28 11:31 - 2014-08-30 00:12 - 00000000 ____D () C:\Users\Georgina\Documents\Bahn
2014-10-25 21:12 - 2014-10-08 16:33 - 00000000 ____D () C:\Users\Georgina\AppData\Local\gtk-2.0
2014-10-25 11:59 - 2014-09-10 05:25 - 00000000 ____D () C:\Users\Georgina\Documents\Familie
2014-10-25 11:15 - 2014-09-17 10:53 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-24 19:17 - 2014-10-10 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-21 15:50 - 2014-09-18 08:34 - 445972931 _____ () C:\WINDOWS\MEMORY.DMP
2014-10-21 15:50 - 2014-09-18 08:34 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-20 17:21 - 2014-09-17 11:16 - 00004114 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 17:21 - 2014-09-17 11:16 - 00003878 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 01:02 - 2013-08-22 15:44 - 00482928 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-18 01:01 - 2014-09-19 02:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-18 01:01 - 2014-09-18 20:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-18 01:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-18 01:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-18 01:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-18 00:59 - 2014-09-18 20:23 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-12 08:35 - 2014-09-25 14:46 - 00000000 ____D () C:\Users\Georgina\Documents\Dr. Oetker

Some content of TEMP:
====================
C:\Users\Georgina\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Georgina\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Georgina\AppData\Local\Temp\ms.exe
C:\Users\Georgina\AppData\Local\Temp\optprosetup.exe
C:\Users\Georgina\AppData\Local\Temp\Quarantine.exe
C:\Users\Georgina\AppData\Local\Temp\setup_297.exe
C:\Users\Georgina\AppData\Local\Temp\sqlite3.dll
C:\Users\Georgina\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 04:45

==================== End Of Log ============================

--- --- ---

--- --- ---

und Eset log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f41a0d25266c234d84ea0ba7c81b6783
# engine=21038
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-11 01:45:31
# local_time=2014-11-11 02:45:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 13191 20097052 0 0
# scanned=116468
# found=34
# cleaned=0
# scan_time=2447
sh=E70B930FFD63018B28776CEAE97A078C443F6C01 ft=1 fh=3415e4f29e7cab16 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\4cfcc15e-0926-47e0-814b-27b70b64568b.dll.vir"
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=E70B930FFD63018B28776CEAE97A078C443F6C01 ft=1 fh=3415e4f29e7cab16 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\4cfcc15e-0926-47e0-814b-27b70b64568b\9806add7-6420-4088-8d69-f96b15f23c60.dll"
sh=9765AC2A08B281F9E701D2E0CFE987D313F1E8B4 ft=1 fh=631c7d4a6c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\30U0D53Q\Setup[1].exe"
sh=C16C68A1F6934C08F84E8C1763FB6364450B6A3E ft=1 fh=b397ae226c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\6S1MYXRY\Setup[1].exe"
sh=D66E40CD2A5C8CBC9BACF4FFE1AB43FC81382B5E ft=1 fh=811cd7539b8fe095 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\AKI6KGRJ\pcspeedup[1].exe"
sh=FABBC480331C6B28B4A8D5BE913C00C1A969AFEC ft=1 fh=8d84b3c3abb7c0aa vn="Variante von Win32/LiMo.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\AKI6KGRJ\pjr_webssearches[1].exe"
sh=699DF63CC56AFC84002E1A67AF3243510EC2DFC2 ft=1 fh=e85854d944aa0e53 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\AKI6KGRJ\setup_mbot_de[1].exe"
sh=29531FF34ED520FDEF40B88D1C27B77D4064C1B7 ft=1 fh=6f280fcdcbb1a73e vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\MHDGA74W\OrbiterInstaller[1].exe"
sh=1D19015D19FDF082E15EE8352575B94D1A4FF098 ft=1 fh=34aba99a93447947 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\MHDGA74W\setup[1].exe"
sh=A01CAE4A9C48BEB8A490C3E88CB03F9B95C31671 ft=1 fh=5c1219a5576ddaa1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\MHDGA74W\sp-downloader[1].exe"
sh=FB24FEA961DF1EC689422F05A8D80349A05F2857 ft=1 fh=bbfe88937d20f9ad vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\MHDGA74W\SPSetup[1].exe"
sh=834507A888BC83583741864D1468250190EDF32D ft=1 fh=de8d6ebfd8748736 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\MHDGA74W\wordproser-setup-1.10.0.2[1].exe"
sh=0A12774E4D19A9867069C8D3CD3E380D7CB2F59C ft=1 fh=c950eacd9b1cc265 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\OQ138LNY\WajamChecker[1].exe"
sh=2180076D265D159646377C5ACF8A5A7B0A353959 ft=1 fh=3385f39d098838ce vn="Win32/Adware.1ClickDownload.AX Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\OWYRCHC4\HDVidCodec_injection_fs_large[1].exe"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\OWYRCHC4\spstub[1].exe"
sh=C16C68A1F6934C08F84E8C1763FB6364450B6A3E ft=1 fh=b397ae226c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\ICReinstall_nsh70A7.tmp"
sh=9765AC2A08B281F9E701D2E0CFE987D313F1E8B4 ft=1 fh=631c7d4a6c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\ICReinstall_nsxB76C.tmp"
sh=C16C68A1F6934C08F84E8C1763FB6364450B6A3E ft=1 fh=b397ae226c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\nsh70A7.tmp"
sh=9765AC2A08B281F9E701D2E0CFE987D313F1E8B4 ft=1 fh=631c7d4a6c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\nsxB76C.tmp"
sh=569CE655DC1727F52F8A0B4D54203BF9FB23036A ft=1 fh=86d78e18fef712a4 vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\optprosetup.exe"
sh=5D46B63F9CFB1649824DBBBFEB4FED6FFAE381AE ft=1 fh=0ebba39a71904d70 vn="Win32/VOPackage.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\is45637729\1017374_stp\Generic_vo.exe"
sh=5D46B63F9CFB1649824DBBBFEB4FED6FFAE381AE ft=1 fh=0ebba39a71904d70 vn="Win32/VOPackage.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\is45637729\52391_stp\Generic_vo.exe"
sh=699DF63CC56AFC84002E1A67AF3243510EC2DFC2 ft=1 fh=e85854d944aa0e53 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\OneSoftPerDay\setup_mbot_de.exe"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Roaming\ORQD"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Roaming\WLX"
sh=2ADD9D44FF035AEE69D9A45EDD0CD13F6B26D436 ft=1 fh=3c97e21ffa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Nexus_Import\Download\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe"
sh=9D89606748D7064445F2EF5F21FB823C479D6A15 ft=1 fh=0699ac2efa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Nexus_Import\Download\Kreuzwortrtsel-Generator-lnstall.exe"
sh=4641697CF1BC9B654734202531140444A402FC21 ft=1 fh=c71c001110b3f691 vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD-Download-Manager_fuer_FreeYouTubeDownload.exe"
sh=D1DBA737EE6AC9FCCFCF238559982E3B040FCFC8 ft=1 fh=a9f64093cb33f487 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD_Download_Manager_fuer_pdf24-creator.exe"
sh=B5E8A60D91421967047F31FF48BFBCBDE0A7A4B9 ft=1 fh=792c817da4d319b0 vn="Variante von Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD_Download_Manager_fuer_samsung-kies.exe"
sh=2ADD9D44FF035AEE69D9A45EDD0CD13F6B26D436 ft=1 fh=3c97e21ffa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Sony\Downloads\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe"
sh=719208405BA3C847E33B6AE4C50A132A8F616AD1 ft=1 fh=84c9a0040fd0790b vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Sony\Downloads\Flyer Vorlagen - CHIP-Downloader.exe"
sh=2050863448BECCD5EFD33903112CD4DF5598D669 ft=1 fh=3191142475b4b060 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\c-ordner\_Georgina\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f41a0d25266c234d84ea0ba7c81b6783
# engine=21038
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-11 02:50:35
# local_time=2014-11-11 03:50:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 20695 20100956 0 0
# scanned=245160
# found=42
# cleaned=0
# scan_time=3635
sh=E70B930FFD63018B28776CEAE97A078C443F6C01 ft=1 fh=3415e4f29e7cab16 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\4cfcc15e-0926-47e0-814b-27b70b64568b.dll.vir"
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=E70B930FFD63018B28776CEAE97A078C443F6C01 ft=1 fh=3415e4f29e7cab16 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\4cfcc15e-0926-47e0-814b-27b70b64568b\9806add7-6420-4088-8d69-f96b15f23c60.dll"
sh=9765AC2A08B281F9E701D2E0CFE987D313F1E8B4 ft=1 fh=631c7d4a6c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\30U0D53Q\Setup[1].exe"
sh=C16C68A1F6934C08F84E8C1763FB6364450B6A3E ft=1 fh=b397ae226c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\6S1MYXRY\Setup[1].exe"
sh=D66E40CD2A5C8CBC9BACF4FFE1AB43FC81382B5E ft=1 fh=811cd7539b8fe095 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\AKI6KGRJ\pcspeedup[1].exe"
sh=FABBC480331C6B28B4A8D5BE913C00C1A969AFEC ft=1 fh=8d84b3c3abb7c0aa vn="Variante von Win32/LiMo.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\AKI6KGRJ\pjr_webssearches[1].exe"
sh=699DF63CC56AFC84002E1A67AF3243510EC2DFC2 ft=1 fh=e85854d944aa0e53 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\AKI6KGRJ\setup_mbot_de[1].exe"
sh=29531FF34ED520FDEF40B88D1C27B77D4064C1B7 ft=1 fh=6f280fcdcbb1a73e vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\MHDGA74W\OrbiterInstaller[1].exe"
sh=1D19015D19FDF082E15EE8352575B94D1A4FF098 ft=1 fh=34aba99a93447947 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\MHDGA74W\setup[1].exe"
sh=A01CAE4A9C48BEB8A490C3E88CB03F9B95C31671 ft=1 fh=5c1219a5576ddaa1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\MHDGA74W\sp-downloader[1].exe"
sh=FB24FEA961DF1EC689422F05A8D80349A05F2857 ft=1 fh=bbfe88937d20f9ad vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\MHDGA74W\SPSetup[1].exe"
sh=834507A888BC83583741864D1468250190EDF32D ft=1 fh=de8d6ebfd8748736 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\MHDGA74W\wordproser-setup-1.10.0.2[1].exe"
sh=0A12774E4D19A9867069C8D3CD3E380D7CB2F59C ft=1 fh=c950eacd9b1cc265 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\OQ138LNY\WajamChecker[1].exe"
sh=2180076D265D159646377C5ACF8A5A7B0A353959 ft=1 fh=3385f39d098838ce vn="Win32/Adware.1ClickDownload.AX Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\OWYRCHC4\HDVidCodec_injection_fs_large[1].exe"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Microsoft\Windows\INetCache\IE\OWYRCHC4\spstub[1].exe"
sh=C16C68A1F6934C08F84E8C1763FB6364450B6A3E ft=1 fh=b397ae226c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\ICReinstall_nsh70A7.tmp"
sh=9765AC2A08B281F9E701D2E0CFE987D313F1E8B4 ft=1 fh=631c7d4a6c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\ICReinstall_nsxB76C.tmp"
sh=C16C68A1F6934C08F84E8C1763FB6364450B6A3E ft=1 fh=b397ae226c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\nsh70A7.tmp"
sh=9765AC2A08B281F9E701D2E0CFE987D313F1E8B4 ft=1 fh=631c7d4a6c2f4ed2 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\nsxB76C.tmp"
sh=569CE655DC1727F52F8A0B4D54203BF9FB23036A ft=1 fh=86d78e18fef712a4 vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\optprosetup.exe"
sh=5D46B63F9CFB1649824DBBBFEB4FED6FFAE381AE ft=1 fh=0ebba39a71904d70 vn="Win32/VOPackage.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\is45637729\1017374_stp\Generic_vo.exe"
sh=5D46B63F9CFB1649824DBBBFEB4FED6FFAE381AE ft=1 fh=0ebba39a71904d70 vn="Win32/VOPackage.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\is45637729\52391_stp\Generic_vo.exe"
sh=699DF63CC56AFC84002E1A67AF3243510EC2DFC2 ft=1 fh=e85854d944aa0e53 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Georgina\AppData\Local\Temp\OneSoftPerDay\setup_mbot_de.exe"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Roaming\ORQD"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\AppData\Roaming\WLX"
sh=2ADD9D44FF035AEE69D9A45EDD0CD13F6B26D436 ft=1 fh=3c97e21ffa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Nexus_Import\Download\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe"
sh=9D89606748D7064445F2EF5F21FB823C479D6A15 ft=1 fh=0699ac2efa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Nexus_Import\Download\Kreuzwortrtsel-Generator-lnstall.exe"
sh=4641697CF1BC9B654734202531140444A402FC21 ft=1 fh=c71c001110b3f691 vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD-Download-Manager_fuer_FreeYouTubeDownload.exe"
sh=D1DBA737EE6AC9FCCFCF238559982E3B040FCFC8 ft=1 fh=a9f64093cb33f487 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD_Download_Manager_fuer_pdf24-creator.exe"
sh=B5E8A60D91421967047F31FF48BFBCBDE0A7A4B9 ft=1 fh=792c817da4d319b0 vn="Variante von Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD_Download_Manager_fuer_samsung-kies.exe"
sh=2ADD9D44FF035AEE69D9A45EDD0CD13F6B26D436 ft=1 fh=3c97e21ffa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Sony\Downloads\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe"
sh=719208405BA3C847E33B6AE4C50A132A8F616AD1 ft=1 fh=84c9a0040fd0790b vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\backup\Sony\Downloads\Flyer Vorlagen - CHIP-Downloader.exe"
sh=2050863448BECCD5EFD33903112CD4DF5598D669 ft=1 fh=3191142475b4b060 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\c-ordner\_Georgina\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
sh=2860D062EC1AE1D58870818B4459F01E67541BFB ft=1 fh=1424bb462488f869 vn="Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\c-ordner\_Georgina\AppData\Local\Temp\sweetpage294wld_n2.exe"
sh=2860D062EC1AE1D58870818B4459F01E67541BFB ft=1 fh=1424bb462488f869 vn="Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\c-ordner\_Georgina\AppData\Local\Temp\29c2217fff8359d2c648e0ce94c6c82b\sweetpage294wld_n2.exe"
sh=98FCF260C8C676E33DA77173AB222BA6B0142116 ft=1 fh=e0b1efaf129489ac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\c-ordner\_Georgina\AppData\Roaming\OpenCandy\AF4807DAD37145B993627CE1E5CC49E6\zafwSetupWeb_131_211_000.exe"
sh=6B9A2769566377009556776CD3DC0E85FE4282FE ft=1 fh=10a60443453f832d vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\DAEMONToolsPro550-0388.exe"
sh=38365390B4F61558A279A807CCBE5BC8997421C7 ft=1 fh=372c9768de15e714 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\DAEMONToolsUltra240-0280.exe"
sh=2050863448BECCD5EFD33903112CD4DF5598D669 ft=1 fh=3191142475b4b060 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\SAMSUNG_downloader-I28qa9SuE.exe"
sh=C0E28878041F7708BC82DD28153719E88A91C1BA ft=1 fh=0e746c2d3c3fdba6 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Downloads\Appvisvsubsystems32.dll-Reparaturprogramm-WinThruster.exe"
sh=0FB502FCD890E446F53C72F14AE1DB8580AB1800 ft=1 fh=a575fbda196496f6 vn="Variante von Win32/AdGazelle.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Georgina\Downloads\setup (3).exe"

Nochmal Danke fürs Drüberschauen

Warlord711 · 11.11.2014, 16:34

Ein Fix ist mir vorhin schief gegangen, aber nicht tragisch.

Das Java 7 Update 51 kannst du löschen.

Dann löschen wir noch Reste und dann ist das Log sauber:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Program Files (x86)\4cfcc15e-0926-47e0-814b-27b70b64568b\9806add7-6420-4088-8d69-f96b15f23c60.dll
C:\Users\Georgina\AppData\Roaming\ORQD
C:\Users\Georgina\AppData\Roaming\WLX
"C:\Users\Georgina\Desktop\backup\Nexus_Import\Download\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe"
"C:\Users\Georgina\Desktop\backup\Nexus_Import\Download\Kreuzwortrtsel-Generator-lnstall.exe"
"C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD-Download-Manager_fuer_FreeYouTubeDownload.exe"
"C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD_Download_Manager_fuer_pdf24-creator.exe"
"C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD_Download_Manager_fuer_samsung-kies.exe"
"C:\Users\Georgina\Desktop\backup\Sony\Downloads\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe"
"C:\Users\Georgina\Desktop\backup\Sony\Downloads\Flyer Vorlagen - CHIP-Downloader.exe"
"C:\Users\Georgina\Desktop\c-ordner\_Georgina\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
"C:\Users\Georgina\Desktop\c-ordner\_Georgina\AppData\Roaming\OpenCandy\AF4807DAD37145B993627CE1E5CC49E6\zafwSetupWeb_131_211_000.exe"
"C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\DAEMONToolsPro550-0388.exe"
"C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\DAEMONToolsUltra240-0280.exe"
"C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\SAMSUNG_downloader-I28qa9SuE.exe"
"C:\Users\Georgina\Downloads\Appvisvsubsystems32.dll-Reparaturprogramm-WinThruster.exe"
"C:\Users\Georgina\Downloads\setup (3).exe"
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür

verwende für jede Anwendung und jeden Account ein anderes Passwort
ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
SpywareBlaster
Eine kurze Einführung findest du Hier
WOT (Web of trust)
Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Nightwish · 11.11.2014, 17:13

hier nun das letzte fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Georgina at 2014-11-11 16:57:47 Run:1
Running from C:\Users\Georgina\Desktop
Loaded Profile: Georgina (Available profiles: Georgina & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\4cfcc15e-0926-47e0-814b-27b70b64568b\9806add7-6420-4088-8d69-f96b15f23c60.dll
C:\Users\Georgina\AppData\Roaming\ORQD
C:\Users\Georgina\AppData\Roaming\WLX
"C:\Users\Georgina\Desktop\backup\Nexus_Import\Download\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe"
"C:\Users\Georgina\Desktop\backup\Nexus_Import\Download\Kreuzwortrtsel-Generator-lnstall.exe"
"C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD-Download-Manager_fuer_FreeYouTubeDownload.exe"
"C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD_Download_Manager_fuer_pdf24-creator.exe"
"C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD_Download_Manager_fuer_samsung-kies.exe"
"C:\Users\Georgina\Desktop\backup\Sony\Downloads\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe"
"C:\Users\Georgina\Desktop\backup\Sony\Downloads\Flyer Vorlagen - CHIP-Downloader.exe"
"C:\Users\Georgina\Desktop\c-ordner\_Georgina\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
"C:\Users\Georgina\Desktop\c-ordner\_Georgina\AppData\Roaming\OpenCandy\AF4807DAD37145B993627CE1E5CC49E6\zafwSetupWeb_131_211_000.exe"
"C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\DAEMONToolsPro550-0388.exe"
"C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\DAEMONToolsUltra240-0280.exe"
"C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\SAMSUNG_downloader-I28qa9SuE.exe"
"C:\Users\Georgina\Downloads\Appvisvsubsystems32.dll-Reparaturprogramm-WinThruster.exe"
"C:\Users\Georgina\Downloads\setup (3).exe"
emptytemp:
         
*****************

C:\Program Files (x86)\4cfcc15e-0926-47e0-814b-27b70b64568b\9806add7-6420-4088-8d69-f96b15f23c60.dll => Moved successfully.
C:\Users\Georgina\AppData\Roaming\ORQD => Moved successfully.
C:\Users\Georgina\AppData\Roaming\WLX => Moved successfully.
C:\Users\Georgina\Desktop\backup\Nexus_Import\Download\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe => Moved successfully.
C:\Users\Georgina\Desktop\backup\Nexus_Import\Download\Kreuzwortrtsel-Generator-lnstall.exe => Moved successfully.
C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD-Download-Manager_fuer_FreeYouTubeDownload.exe => Moved successfully.
C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD_Download_Manager_fuer_pdf24-creator.exe => Moved successfully.
C:\Users\Georgina\Desktop\backup\Sony\Downloads\COMPUTER_BILD_Download_Manager_fuer_samsung-kies.exe => Moved successfully.
C:\Users\Georgina\Desktop\backup\Sony\Downloads\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe => Moved successfully.
C:\Users\Georgina\Desktop\backup\Sony\Downloads\Flyer Vorlagen - CHIP-Downloader.exe => Moved successfully.
C:\Users\Georgina\Desktop\c-ordner\_Georgina\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 => Moved successfully.
C:\Users\Georgina\Desktop\c-ordner\_Georgina\AppData\Roaming\OpenCandy\AF4807DAD37145B993627CE1E5CC49E6\zafwSetupWeb_131_211_000.exe => Moved successfully.
C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\DAEMONToolsPro550-0388.exe => Moved successfully.
C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\DAEMONToolsUltra240-0280.exe => Moved successfully.
C:\Users\Georgina\Desktop\c-ordner\_Georgina\Downloads\SAMSUNG_downloader-I28qa9SuE.exe => Moved successfully.
C:\Users\Georgina\Downloads\Appvisvsubsystems32.dll-Reparaturprogramm-WinThruster.exe => Moved successfully.
C:\Users\Georgina\Downloads\setup (3).exe => Moved successfully.
EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Es scheint wirklich alles wieder "gesund" zu sein. Vielen, vielen Dank für Deine Unterstützung!!!! Toller Support - Respekt!

Nach App-Instalationen extrem viel Werbung

Log-Analyse und Auswertung: Nach App-Instalationen extrem viel Werbung