menge pop ups und musik im hintergrund
 

ich habe FRST runtergeladen habe auch schon den scan durchgefürt und nu?

FRST Editor
FRST Logfile:

FRST Logfile:
--- --- ---

--- --- ---

FRST Additions Logfile:
--- --- ---

Adware & Co. deinstallieren

• Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
• Installiere und starte das Programm.
• Suche im Uninstallerfeld nach den Programmen, die unter:
  http://deeprybka.trojaner-board.de/b.../revo/add1.png
  diesen Zusatz haben:
  http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
• Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
• Wähle anschließend den Modus "Moderat" aus.
  http://deeprybka.trojaner-board.de/b.../uninstall.PNGhttp://deeprybka.trojaner-board.de/b...o/moderat2.PNG
• Reste löschen:
  Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Combofix.txt finde ich nicht.. combo-fix.sys


MZ�   ÿÿ ¸ @ ° º ´ Í!¸
LÍ!Duh!Don't be silly. This isn't malware.

$ i
Û-zcˆ-zcˆ-zcˆ+Yiˆ,zcˆRich-zcˆ PE L
 @òcF à 

 €   @
   À  ²
     *  @ T .text    h.rdata T @ ` @ @ H.reloc  * * @ B3ÀÂ @òcF  
À @òcF   Ð @òcF  à 

o\i386\d.sys    NB10 @òcF
T:\o\i386\d.pdb

Frisches FRST log bitte.

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by Ya-Hü (administrator) on YA-HÜ-VAIO on 18-09-2014 13:46:25
Running from C:\Users\Ya-Hü\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Aladdin Knowledge Systems, Ltd.) C:\Program Files\Aladdin\eToken\PKIClient\x64\eTSrv.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
() C:\Program Files (x86)\OfferBoulevard\OfferBoulevard.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe
() C:\monitor.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
() C:\Windows\score.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Term Tutor) C:\Program Files (x86)\TermTutor\Service\ttsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(CinemaHQ01Video Plus) C:\Program Files (x86)\CinPlusHQ01-2.5cV15.09\fa50a323-b173-42a7-ad68-a45d88bc41ec.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Aladdin Knowledge Systems, Ltd.) C:\Program Files\Aladdin\eToken\PKIClient\x64\PKIMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Ya-Hü\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
() C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(CinemaHQ01Video Plus) C:\Program Files (x86)\CinPlusHQ01-2.5cV15.09\98ed4270-7785-4165-abad-58c3f4f52fee-6.exe
(smart-saverplus) C:\Program Files (x86)\ss8\bf1a449c-8356-402e-9ecc-44015185bae6-6.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [eTMonitor] => C:\Program Files\Aladdin\eToken\PKIClient\x64\PKIMonitor.exe [192000 2008-11-03] (Aladdin Knowledge Systems, Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [SHTtray.exe] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-06-20] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-06-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [SearchProtectAll] => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-21] (Sophos Limited)
HKLM-x32\...\Run: [OfferBoulevard] => C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe [378888 2014-09-09] ()
HKU\S-1-5-21-2343719655-606922816-1584496895-1000\...\Run: [Elbserver] => C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [81264 2010-06-22] (Sony Corporation)
HKU\S-1-5-21-2343719655-606922816-1584496895-1000\...\Run: [VRLPHelper] => C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe [183152 2010-06-22] (Sony Corporation)
HKU\S-1-5-21-2343719655-606922816-1584496895-1000\...\Run: [Facebook Update] => C:\Users\Ya-Hü\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-2343719655-606922816-1584496895-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-07] (Google Inc.)
HKU\S-1-5-21-2343719655-606922816-1584496895-1000\...\MountPoints2: {a2bb5f40-7701-11e0-8347-18f46af09ee2} - D:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-21] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-21] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Ya-Hü\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ya-Hü\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ya-Hü\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:50542;https=127.0.0.1:50542
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=4a462bdd-4c3a-402c-8ce3-d37e0174272f&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iStartSurf
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iStartSurf
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=4a462bdd-4c3a-402c-8ce3-d37e0174272f&searchtype=ds&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iStartSurf
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iStartSurf
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = iStartSurf
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = iStartSurf
URLSearchHook: HKLM-x32 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
URLSearchHook: HKLM-x32 - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
URLSearchHook: HKLM-x32 - (No Name) - {8686b6b5-4734-4d4a-a246-5efbd9ebb200} - No File
URLSearchHook: HKLM-x32 - (No Name) - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} - No File
URLSearchHook: HKCU - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File
URLSearchHook: HKCU - (No Name) - {8686b6b5-4734-4d4a-a246-5efbd9ebb200} - No File
URLSearchHook: HKCU - (No Name) - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} - No File
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410289207&from=tugs&uid=HitachiXHTS545050B9SA00_101011PBN475B70JY7BLX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410289207&from=tugs&uid=HitachiXHTS545050B9SA00_101011PBN475B70JY7BLX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410289207&from=tugs&uid=HitachiXHTS545050B9SA00_101011PBN475B70JY7BLX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410289207&from=tugs&uid=HitachiXHTS545050B9SA00_101011PBN475B70JY7BLX&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410289207&from=tugs&uid=HitachiXHTS545050B9SA00_101011PBN475B70JY7BLX&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=4a462bdd-4c3a-402c-8ce3-d37e0174272f&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410289207&from=tugs&uid=HitachiXHTS545050B9SA00_101011PBN475B70JY7BLX&q={searchTerms}
SearchScopes: HKCU - {3BD798E4-1794-4D89-A407-2B4E9370A089} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {81C5F3D0-96DD-41A1-9AB0-34D3393ECD63} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=e830c422-06f7-4e86-bc8f-fdb5c9fb2577&apn_sauid=C7E5C00C-17D3-4B99-8C1B-0890731C94C7
SearchScopes: HKCU - {880A4506-D686-4F9D-99E6-AF7031E4954A} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297265&CUI=UN35227522264557148&UM=2
SearchScopes: HKCU - {9ADADC8D-74CC-4107-8BFD-ED99FF1E596A} URL = Shopping.com Deutschland - der große Produkt- und Preisvergleich
SearchScopes: HKCU - {A37CD782-4560-4428-9464-96A78BBF90BF} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://eu.ask.com/web?l=dis&o=APN10234&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A8B&apn_uid=4305474234194320&p2=^A8B^YYYYYY^YY^DE&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/mb59/?search={searchTerms}&loc=search_box&u=92540554715559353
BHO: CinPlusHQ01-2.5c -> {11111111-1111-1111-1111-110611411141} -> C:\Program Files (x86)\CinPlusHQ01-2.5cV15.09\CinPlusHQ01-2.5cV15.09-bho64.dll (CinemaHQ01Video Plus)
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files\TermTutor\IE\TermTutorClientIE.dll (Term Tutor)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CinPlusHQ01-2.5c -> {11111111-1111-1111-1111-110611411141} -> C:\Program Files (x86)\CinPlusHQ01-2.5cV15.09\CinPlusHQ01-2.5cV15.09-bho.dll (CinemaHQ01Video Plus)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO-x32: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: No Name -> {51a86bb3-6602-4c85-92a5-130ee4864f13} -> No File
BHO-x32: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files (x86)\TermTutor\IE\TermTutorClientIE.dll (Term Tutor)
BHO-x32: No Name -> {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {8686b6b5-4734-4d4a-a246-5efbd9ebb200} -> No File
BHO-x32: No Name -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Toolbar: HKCU - No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 09 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 10 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 11 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 12 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 24 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 25 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9-x64 01 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 02 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 03 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 04 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 09 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 10 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 11 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 12 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 24 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 25 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7F946169-BE2F-4A43-9CE3-A47B900F6482}: [NameServer] 193.175.112.3,195.37.168.3

FireFox:
========
FF ProfilePath: C:\Users\Ya-Hü\AppData\Roaming\Mozilla\Firefox\Profiles\19p6x7ry.default
FF NewTab: about:newtab
FF DefaultSearchEngine: istartsurf
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4M6Qi_XIb0P66FqniX_Zq-6GipubqDxVb8ws_AAPfM5cEqwcaEJF_T1ra5Aco7y49tktdZe898sD4-0E0SCeZ1M_SaCuRUzTtnpeZWYE2Po_wsooij46HGJszt16fPom-49cTkr0aEIb7DmDY1vzwC-g,,
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4M6Qi_XIb0P66FqniX_Zq-6GipubqDxVb8ws_AAPfM5cEqwcaEJF_T1ra5Aco7y49tktdZe898sD4-0E0SCeZ5C3ow-P9wo8CdwOqKsM9c6ZJaGCmwttKkJ7K6Aspxa3d195XFsWhTHSFRHuADcyYNYA,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ya-Hü\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\YA-H~1\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Ya-Hü\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\Ya-Hü\AppData\Roaming\Mozilla\Firefox\Profiles\19p6x7ry.default\searchplugins\Web Search.xml
FF Extension: CinPlusHQ01-2.5cV15.09 - C:\Users\Ya-Hü\AppData\Roaming\Mozilla\Firefox\Profiles\19p6x7ry.default\Extensions\BGKGT66124770@ZYFBNPM50498512.com [2014-09-16]
FF Extension: ss8 - C:\Users\Ya-Hü\AppData\Roaming\Mozilla\Firefox\Profiles\19p6x7ry.default\Extensions\KUKDSXGS67213349@EDCBUFV5900769.com [2014-09-09]
FF Extension: IncrediMail MediaBar 4 - C:\Users\Ya-Hü\AppData\Roaming\Mozilla\Firefox\Profiles\19p6x7ry.default\Extensions\{90eee664-34b1-422a-a782-779af65cdf6d} [2014-07-06]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Ya-Hü\AppData\Roaming\Mozilla\Firefox\Profiles\19p6x7ry.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-26]
FF Extension: Term Tutor - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [2014-09-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011-05-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011-09-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012-01-26]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-15]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1410289207&from=tugs&uid=HitachiXHTS545050B9SA00_101011PBN475B70JY7BLX
CHR StartupUrls: Default -> "hxxp://www.google.com/webhp?nord=1"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestA PIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Flatcast Viewer Plugin 5.2.2.454) - C:\Program Files (x86)\Mozilla Firefox\plugins\NpFv522.dll (1 mal 1 Software GmbH)
CHR Plugin: (Flatcast Viewer Plugin 5.3.0.784) - C:\Program Files (x86)\Mozilla Firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX OVS Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Ya-H?\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Snap.Do ) - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-08-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (View GPU Info) - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonfagbdfepfbhjgolfalmgldfbgjodi [2014-09-15]
CHR Extension: (Google-Suche) - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (RealDownloader) - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-15]
CHR Extension: (Google Wallet) - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Quick start) - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-09-09]
CHR Extension: (Google Mail) - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR Extension: (CinPlusHQ01-2.5cV15.09) - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldeppocfnbnopadlkalkhefdhglkijd [2014-09-16]
CHR Extension: (ss8) - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin [2014-09-15]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Ya-Hü\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-09-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 eTSrv; C:\Program Files\Aladdin\eToken\PKIClient\x64\eTSrv.exe [8192 2008-11-03] (Aladdin Knowledge Systems, Ltd.) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-16] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-16] (globalUpdate) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
R2 OfferBoulevard; C:\Program Files (x86)\OfferBoulevard\OfferBoulevard.exe [23040 2014-09-09] () [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-21] (Sophos Limited)
R2 scores; C:\Windows\score.exe [4823040 2014-09-09] () [File not signed]
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-21] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-21] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-21] (Sophos Limited)
R2 ttsvc; C:\Program Files (x86)\TermTutor\Service\ttsvc.exe [276048 2014-09-04] (Term Tutor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-21] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-21] (Sophos Limited)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-21] (Sophos Limited)
R1 ttnfd; C:\Windows\System32\drivers\ttnfd.sys [58232 2014-09-04] (Term Tutor)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 13:46 - 2014-09-18 13:49 - 00042897 _____ () C:\Users\Ya-Hü\Desktop\FRST.txt
2014-09-18 10:06 - 2014-09-18 10:06 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\ICSharpCode.net
2014-09-17 14:50 - 2014-09-18 13:33 - 00000294 _____ () C:\Windows\Tasks\PennyBee.job
2014-09-17 14:50 - 2014-09-17 14:50 - 00003238 _____ () C:\Windows\System32\Tasks\PennyBee
2014-09-17 14:50 - 2014-09-17 14:50 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\PennyBee
2014-09-17 14:50 - 2014-09-17 14:50 - 00000000 ____D () C:\Program Files (x86)\OfferBoulevard
2014-09-16 15:15 - 2014-09-16 15:15 - 00000000 ___SD () C:\ComboFix
2014-09-16 15:01 - 2014-09-16 15:01 - 00000000 ____D () C:\ProgramData\374311380
2014-09-16 14:57 - 2014-09-16 14:57 - 00000000 ____D () C:\Users\Ya-Hü\Documents\Optimizer Pro
2014-09-16 14:55 - 2014-09-18 10:07 - 00002448 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-5.job
2014-09-16 14:55 - 2014-09-18 10:06 - 00002790 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-1.job
2014-09-16 14:55 - 2014-09-18 10:06 - 00002112 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-2.job
2014-09-16 14:55 - 2014-09-18 10:06 - 00001486 _____ () C:\Windows\Tasks\fa50a323-b173-42a7-ad68-a45d88bc41ec.job
2014-09-16 14:55 - 2014-09-16 14:55 - 01484664 _____ (CinemaHQ01Video Plus) C:\Users\Ya-Hü\AppData\Roaming\TCHMVBY.exe
2014-09-16 14:55 - 2014-09-16 14:55 - 00005820 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-1
2014-09-16 14:55 - 2014-09-16 14:55 - 00005478 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-5
2014-09-16 14:55 - 2014-09-16 14:55 - 00005142 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-2
2014-09-16 14:55 - 2014-09-16 14:55 - 00004516 _____ () C:\Windows\System32\Tasks\fa50a323-b173-42a7-ad68-a45d88bc41ec
2014-09-16 14:55 - 2014-09-16 14:55 - 00002448 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-5_user.job
2014-09-16 14:55 - 2014-09-16 14:55 - 00001340 _____ () C:\Windows\Tasks\TCHMVBY.job
2014-09-16 14:54 - 2014-09-18 13:32 - 00003472 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-6.job
2014-09-16 14:54 - 2014-09-18 10:06 - 00003816 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-4.job
2014-09-16 14:54 - 2014-09-18 10:06 - 00003472 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-7.job
2014-09-16 14:54 - 2014-09-18 10:06 - 00000364 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-09-16 14:54 - 2014-09-16 14:54 - 00006846 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-4
2014-09-16 14:54 - 2014-09-16 14:54 - 00006502 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-7
2014-09-16 14:54 - 2014-09-16 14:54 - 00006500 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-6
2014-09-16 14:54 - 2014-09-16 14:54 - 00004144 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-09-16 14:54 - 2014-09-16 14:54 - 00003406 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-09-16 14:54 - 2014-09-16 14:54 - 00000652 _____ () C:\Windows\Tasks\59acbb01-4eb7-481b-b3f6-a4eec89c18c5.job
2014-09-16 14:54 - 2014-09-16 14:54 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\2698
2014-09-16 14:53 - 2014-09-18 10:06 - 00004498 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-11.job
2014-09-16 14:53 - 2014-09-16 20:58 - 00001028 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-16 14:53 - 2014-09-16 14:54 - 00007528 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-11
2014-09-16 14:53 - 2014-09-16 14:54 - 00000000 ____D () C:\Program Files (x86)\RocketTab
2014-09-16 14:53 - 2014-09-16 14:53 - 01929080 _____ (CinemaHQ01Video Plus) C:\Users\Ya-Hü\AppData\Roaming\YJGWRXDI.exe
2014-09-16 14:53 - 2014-09-16 14:53 - 00004026 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-09-16 14:53 - 2014-09-16 14:53 - 00003358 _____ () C:\Windows\System32\Tasks\RocketTab
2014-09-16 14:53 - 2014-09-16 14:53 - 00001686 _____ () C:\Windows\Tasks\YJGWRXDI.job
2014-09-16 14:52 - 2014-09-18 10:06 - 00003816 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-3.job
2014-09-16 14:52 - 2014-09-16 14:55 - 00000000 ____D () C:\Program Files (x86)\CinPlusHQ01-2.5cV15.09
2014-09-16 14:52 - 2014-09-16 14:53 - 00006846 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-3
2014-09-15 23:49 - 2014-09-17 14:32 - 00000000 ____D () C:\Users\Ya-Hü\Desktop\Berwerbungen
2014-09-15 22:07 - 2014-09-18 13:43 - 00001128 _____ () C:\Users\Ya-Hü\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-15 21:51 - 2014-09-15 21:51 - 00000047 _____ () C:\Users\Ya-Hü\AppData\Roaming\WB.CFG
2014-09-15 21:18 - 2014-09-16 15:15 - 00000000 ____D () C:\Qoobox
2014-09-15 21:16 - 2014-09-15 21:16 - 00000000 ____D () C:\Windows\erdnt
2014-09-15 21:15 - 2014-09-15 21:15 - 05579386 ____R (Swearware) C:\Users\Ya-Hü\Desktop\ComboFix.exe
2014-09-15 20:51 - 2014-09-18 13:32 - 00000290 _____ () C:\Windows\Tasks\FoxTab.job
2014-09-15 20:51 - 2014-09-15 21:33 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\Gameo
2014-09-15 20:51 - 2014-09-15 20:51 - 00003234 _____ () C:\Windows\System32\Tasks\FoxTab
2014-09-15 20:51 - 2014-09-15 20:51 - 00000171 _____ () C:\Users\Ya-Hü\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-15 20:51 - 2014-09-15 20:51 - 00000000 ___HD () C:\Users\Ya-Hü\AppData\Roaming\GoldenGate
2014-09-15 20:50 - 2014-09-15 20:57 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\Systweak
2014-09-15 20:50 - 2014-09-15 20:50 - 00003306 _____ () C:\Windows\System32\Tasks\ASP
2014-09-15 20:50 - 2014-09-15 20:50 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\ASP
2014-09-15 20:50 - 2014-09-15 20:50 - 00000000 ____D () C:\Program Files\TermTutor
2014-09-15 20:50 - 2014-09-15 20:50 - 00000000 ____D () C:\Program Files (x86)\TermTutor
2014-09-15 16:43 - 2014-09-15 16:43 - 00003266 _____ () C:\Windows\System32\Tasks\{1B816FFC-80F0-4780-A674-5B4756611473}
2014-09-15 16:13 - 2014-09-15 16:13 - 00001264 _____ () C:\Users\Ya-Hü\Desktop\Revo Uninstaller.lnk
2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-13 01:17 - 2014-08-15 17:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 01:17 - 2014-08-15 17:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 01:17 - 2014-08-15 17:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 01:17 - 2014-08-15 17:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 01:17 - 2014-08-15 17:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 01:17 - 2014-08-15 17:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 01:17 - 2014-08-15 17:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-13 01:17 - 2014-08-15 17:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 01:17 - 2014-08-15 17:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 01:17 - 2014-08-15 17:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 01:17 - 2014-08-15 17:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 01:17 - 2014-08-15 17:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 01:17 - 2014-08-15 17:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-13 01:17 - 2014-08-15 17:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 01:17 - 2014-08-15 17:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 01:17 - 2014-08-15 17:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 01:17 - 2014-08-15 17:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-13 01:17 - 2014-08-15 17:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 01:17 - 2014-08-15 17:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 01:17 - 2014-08-15 17:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-13 01:17 - 2014-08-15 17:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-13 01:17 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 01:17 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 01:17 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 01:17 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 01:17 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 01:17 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 01:17 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 01:17 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-13 01:17 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 01:17 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 01:17 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 01:17 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-13 01:17 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 01:17 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 01:17 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 01:17 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-13 01:17 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 01:17 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 01:17 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 01:17 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-13 01:17 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-13 00:23 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-13 00:23 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-13 00:22 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-13 00:22 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-13 00:22 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-13 00:22 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-13 00:22 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-13 00:22 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-13 00:22 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 22:26 - 2014-09-18 13:47 - 00000000 ____D () C:\FRST
2014-09-10 22:26 - 2014-09-10 22:26 - 02105856 _____ (Farbar) C:\Users\Ya-Hü\Desktop\FRST64.exe
2014-09-10 22:14 - 2014-09-10 22:14 - 25092156 _____ () C:\Users\Ya-Hü\Desktop\mse46.zip
2014-09-10 22:09 - 2014-09-10 22:09 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 21:45 - 2014-09-10 21:45 - 00754752 _____ () C:\Windows\Minidump\091014-19484-01.dmp
2014-09-09 22:33 - 2014-09-15 20:43 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\InetStat
2014-09-09 22:33 - 2014-09-09 22:33 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-09 22:33 - 2014-09-09 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-09 21:19 - 2014-09-18 13:43 - 00002066 _____ () C:\Users\Ya-Hü\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-09 21:18 - 2014-09-18 10:06 - 00002714 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-1.job
2014-09-09 21:18 - 2014-09-18 10:06 - 00002410 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-5.job
2014-09-09 21:18 - 2014-09-09 21:18 - 01536928 _____ (smart-saverplus) C:\Users\Ya-Hü\AppData\Roaming\UQH.exe
2014-09-09 21:18 - 2014-09-09 21:18 - 01484704 _____ (enter) C:\Users\Ya-Hü\AppData\Roaming\DYISTEC.exe
2014-09-09 21:18 - 2014-09-09 21:18 - 00005744 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-1
2014-09-09 21:18 - 2014-09-09 21:18 - 00005440 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-5
2014-09-09 21:18 - 2014-09-09 21:18 - 00002410 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-5_user.job
2014-09-09 21:18 - 2014-09-09 21:18 - 00001340 _____ () C:\Windows\Tasks\DYISTEC.job
2014-09-09 21:18 - 2014-09-09 21:18 - 00001332 _____ () C:\Windows\Tasks\UQH.job
2014-09-09 21:17 - 2014-09-18 13:32 - 00003434 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-6.job
2014-09-09 21:17 - 2014-09-18 10:06 - 00004460 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-11.job
2014-09-09 21:17 - 2014-09-18 10:06 - 00003778 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-4.job
2014-09-09 21:17 - 2014-09-18 10:06 - 00003098 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-7.job
2014-09-09 21:17 - 2014-09-18 10:06 - 00002754 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-3.job
2014-09-09 21:17 - 2014-09-18 10:06 - 00001024 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-09 21:17 - 2014-09-16 14:53 - 00003772 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-09-09 21:17 - 2014-09-09 21:17 - 01984928 _____ (smart-saverplus) C:\Users\Ya-Hü\AppData\Roaming\ICLHS.exe
2014-09-09 21:17 - 2014-09-09 21:17 - 01927072 _____ (enter) C:\Users\Ya-Hü\AppData\Roaming\EVIBZ.exe
2014-09-09 21:17 - 2014-09-09 21:17 - 00007490 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-11
2014-09-09 21:17 - 2014-09-09 21:17 - 00006808 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-4
2014-09-09 21:17 - 2014-09-09 21:17 - 00006462 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-6
2014-09-09 21:17 - 2014-09-09 21:17 - 00006128 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-7
2014-09-09 21:17 - 2014-09-09 21:17 - 00005784 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-3
2014-09-09 21:17 - 2014-09-09 21:17 - 00001336 _____ () C:\Windows\Tasks\ICLHS.job
2014-09-09 21:17 - 2014-09-09 21:17 - 00001336 _____ () C:\Windows\Tasks\EVIBZ.job
2014-09-09 21:16 - 2014-09-15 20:42 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\Activeris
2014-09-09 21:16 - 2014-09-09 21:18 - 00000000 ____D () C:\Program Files (x86)\ss8
2014-09-09 21:16 - 2014-09-09 21:17 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-09 21:16 - 2014-09-09 21:16 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\globalUpdate
2014-09-09 21:16 - 2014-08-05 19:14 - 00020328 _____ () C:\Windows\system32\roboot64.exe
2014-09-09 21:10 - 2014-09-09 21:10 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\com
2014-09-09 21:05 - 2014-09-09 21:05 - 00004432 _____ () C:\Windows\SysWOW64\MyOSProtect.ini
2014-09-09 21:05 - 2014-09-09 21:05 - 00002384 _____ () C:\Windows\SysWOW64\MyOSProtectOff.ini
2014-09-09 21:05 - 2014-09-09 21:05 - 00002384 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-09-09 21:04 - 2014-09-01 20:28 - 00350768 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect64.dll
2014-09-09 21:04 - 2014-09-01 20:28 - 00304776 _____ (MyOSCompany) C:\Windows\SysWOW64\MyOSProtect.dll
2014-09-09 21:02 - 2014-09-17 14:50 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-09 21:01 - 2014-09-15 21:01 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-09 21:01 - 2014-09-09 21:01 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-09 21:01 - 2014-09-09 21:01 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-09 21:00 - 2014-09-09 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-09 21:00 - 2014-09-09 13:41 - 04823040 _____ () C:\Windows\score.exe
2014-09-09 20:59 - 2014-09-18 10:04 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-09 20:59 - 2014-09-16 14:52 - 00000000 ____D () C:\Program Files (x86)\PCTRunner
2014-09-09 20:59 - 2014-09-15 20:43 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\Genesis_09091859
2014-09-04 19:22 - 2014-09-04 19:22 - 00058232 _____ (Term Tutor) C:\Windows\system32\Drivers\ttnfd.sys
2014-09-02 21:55 - 2014-09-02 21:55 - 00487483 _____ () C:\monitor.exe
2014-09-02 21:55 - 2014-09-02 21:55 - 00034244 _____ () C:\monitorsvc.exe
2014-09-02 20:16 - 2014-09-02 20:16 - 00634880 _____ () C:\DirectControl.exe
2014-09-02 13:03 - 2014-09-02 13:04 - 00000000 ____D () C:\Users\Ya-Hü\.tfo4
2014-09-02 13:03 - 2014-09-02 13:03 - 00000000 ____D () C:\Users\Ya-Hü\4.0
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\Program Files\plugins
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\Program Files\lib
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\Program Files\ext
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\Program Files\doc
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\Program Files\bin
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Ya-Hü\AppData\Roaming\UQH
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Ya-Hü\AppData\Roaming\TCHMVBY
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Ya-Hü\AppData\Roaming\DYISTEC
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Ya-Hü\AppData\Roaming\YJGWRXDI
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Ya-Hü\AppData\Roaming\ICLHS
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Ya-Hü\AppData\Roaming\EVIBZ
2014-08-28 16:01 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 16:01 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 16:01 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 19:31 - 2014-08-21 19:31 - 00000000 ____D () C:\Users\Ya-Hü\Documents\Fax
2014-08-21 16:09 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 16:09 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 16:09 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 16:09 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 16:09 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 16:09 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 16:09 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 16:09 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 16:09 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 16:09 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 16:08 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 16:08 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 16:08 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 16:08 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 13:49 - 2014-09-18 13:46 - 00042897 _____ () C:\Users\Ya-Hü\Desktop\FRST.txt
2014-09-18 13:47 - 2014-09-10 22:26 - 00000000 ____D () C:\FRST
2014-09-18 13:43 - 2014-09-15 22:07 - 00001128 _____ () C:\Users\Ya-Hü\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-18 13:43 - 2014-09-09 21:19 - 00002066 _____ () C:\Users\Ya-Hü\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-18 13:43 - 2011-03-26 10:52 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-18 13:43 - 2011-03-26 10:52 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-18 13:34 - 2011-01-04 22:27 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2AFB6A0C-FBFD-44D8-A38B-EF01CE6CE147}
2014-09-18 13:33 - 2014-09-17 14:50 - 00000294 _____ () C:\Windows\Tasks\PennyBee.job
2014-09-18 13:33 - 2013-03-01 23:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 13:33 - 2011-10-14 23:43 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343719655-606922816-1584496895-1000UA.job
2014-09-18 13:32 - 2014-09-16 14:54 - 00003472 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-6.job
2014-09-18 13:32 - 2014-09-15 20:51 - 00000290 _____ () C:\Windows\Tasks\FoxTab.job
2014-09-18 13:32 - 2014-09-09 21:17 - 00003434 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-6.job
2014-09-18 13:32 - 2010-11-07 23:28 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 13:32 - 2010-11-07 23:20 - 01485196 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 10:14 - 2009-07-14 06:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 10:14 - 2009-07-14 06:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 10:07 - 2014-09-16 14:55 - 00002448 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-5.job
2014-09-18 10:06 - 2014-09-18 10:06 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\ICSharpCode.net
2014-09-18 10:06 - 2014-09-16 14:55 - 00002790 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-1.job
2014-09-18 10:06 - 2014-09-16 14:55 - 00002112 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-2.job
2014-09-18 10:06 - 2014-09-16 14:55 - 00001486 _____ () C:\Windows\Tasks\fa50a323-b173-42a7-ad68-a45d88bc41ec.job
2014-09-18 10:06 - 2014-09-16 14:54 - 00003816 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-4.job
2014-09-18 10:06 - 2014-09-16 14:54 - 00003472 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-7.job
2014-09-18 10:06 - 2014-09-16 14:54 - 00000364 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-09-18 10:06 - 2014-09-16 14:53 - 00004498 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-11.job
2014-09-18 10:06 - 2014-09-16 14:52 - 00003816 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-3.job
2014-09-18 10:06 - 2014-09-09 21:18 - 00002714 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-1.job
2014-09-18 10:06 - 2014-09-09 21:18 - 00002410 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-5.job
2014-09-18 10:06 - 2014-09-09 21:17 - 00004460 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-11.job
2014-09-18 10:06 - 2014-09-09 21:17 - 00003778 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-4.job
2014-09-18 10:06 - 2014-09-09 21:17 - 00003098 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-7.job
2014-09-18 10:06 - 2014-09-09 21:17 - 00002754 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-3.job
2014-09-18 10:06 - 2014-09-09 21:17 - 00001024 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-18 10:06 - 2010-11-07 23:28 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 10:04 - 2014-09-09 20:59 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-18 10:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 10:03 - 2009-07-14 06:51 - 00194462 _____ () C:\Windows\setupact.log
2014-09-17 14:55 - 2011-01-07 12:34 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\SoftGrid Client
2014-09-17 14:50 - 2014-09-17 14:50 - 00003238 _____ () C:\Windows\System32\Tasks\PennyBee
2014-09-17 14:50 - 2014-09-17 14:50 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\PennyBee
2014-09-17 14:50 - 2014-09-17 14:50 - 00000000 ____D () C:\Program Files (x86)\OfferBoulevard
2014-09-17 14:50 - 2014-09-09 21:02 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-17 14:32 - 2014-09-15 23:49 - 00000000 ____D () C:\Users\Ya-Hü\Desktop\Berwerbungen
2014-09-17 12:06 - 2010-10-11 22:06 - 00241650 _____ () C:\Windows\PFRO.log
2014-09-16 23:58 - 2011-10-14 23:43 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343719655-606922816-1584496895-1000Core.job
2014-09-16 20:58 - 2014-09-16 14:53 - 00001028 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-16 16:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-16 15:15 - 2014-09-16 15:15 - 00000000 ___SD () C:\ComboFix
2014-09-16 15:15 - 2014-09-15 21:18 - 00000000 ____D () C:\Qoobox
2014-09-16 15:01 - 2014-09-16 15:01 - 00000000 ____D () C:\ProgramData\374311380
2014-09-16 14:57 - 2014-09-16 14:57 - 00000000 ____D () C:\Users\Ya-Hü\Documents\Optimizer Pro
2014-09-16 14:55 - 2014-09-16 14:55 - 01484664 _____ (CinemaHQ01Video Plus) C:\Users\Ya-Hü\AppData\Roaming\TCHMVBY.exe
2014-09-16 14:55 - 2014-09-16 14:55 - 00005820 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-1
2014-09-16 14:55 - 2014-09-16 14:55 - 00005478 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-5
2014-09-16 14:55 - 2014-09-16 14:55 - 00005142 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-2
2014-09-16 14:55 - 2014-09-16 14:55 - 00004516 _____ () C:\Windows\System32\Tasks\fa50a323-b173-42a7-ad68-a45d88bc41ec
2014-09-16 14:55 - 2014-09-16 14:55 - 00002448 _____ () C:\Windows\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-5_user.job
2014-09-16 14:55 - 2014-09-16 14:55 - 00001340 _____ () C:\Windows\Tasks\TCHMVBY.job
2014-09-16 14:55 - 2014-09-16 14:52 - 00000000 ____D () C:\Program Files (x86)\CinPlusHQ01-2.5cV15.09
2014-09-16 14:54 - 2014-09-16 14:54 - 00006846 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-4
2014-09-16 14:54 - 2014-09-16 14:54 - 00006502 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-7
2014-09-16 14:54 - 2014-09-16 14:54 - 00006500 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-6
2014-09-16 14:54 - 2014-09-16 14:54 - 00004144 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-09-16 14:54 - 2014-09-16 14:54 - 00003406 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-09-16 14:54 - 2014-09-16 14:54 - 00000652 _____ () C:\Windows\Tasks\59acbb01-4eb7-481b-b3f6-a4eec89c18c5.job
2014-09-16 14:54 - 2014-09-16 14:54 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\2698
2014-09-16 14:54 - 2014-09-16 14:53 - 00007528 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-11
2014-09-16 14:54 - 2014-09-16 14:53 - 00000000 ____D () C:\Program Files (x86)\RocketTab
2014-09-16 14:53 - 2014-09-16 14:53 - 01929080 _____ (CinemaHQ01Video Plus) C:\Users\Ya-Hü\AppData\Roaming\YJGWRXDI.exe
2014-09-16 14:53 - 2014-09-16 14:53 - 00004026 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-09-16 14:53 - 2014-09-16 14:53 - 00003358 _____ () C:\Windows\System32\Tasks\RocketTab
2014-09-16 14:53 - 2014-09-16 14:53 - 00001686 _____ () C:\Windows\Tasks\YJGWRXDI.job
2014-09-16 14:53 - 2014-09-16 14:52 - 00006846 _____ () C:\Windows\System32\Tasks\98ed4270-7785-4165-abad-58c3f4f52fee-3
2014-09-16 14:53 - 2014-09-09 21:17 - 00003772 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-09-16 14:52 - 2014-09-09 20:59 - 00000000 ____D () C:\Program Files (x86)\PCTRunner
2014-09-16 14:42 - 2012-01-04 19:41 - 00000000 ___RD () C:\Users\Ya-Hü\Dropbox
2014-09-16 14:41 - 2012-01-04 19:39 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\Dropbox
2014-09-15 23:52 - 2013-10-14 00:22 - 00000000 ____D () C:\Users\Ya-Hü\Desktop\LAST Semester insa'ALLAH
2014-09-15 23:27 - 2010-11-07 23:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-15 21:51 - 2014-09-15 21:51 - 00000047 _____ () C:\Users\Ya-Hü\AppData\Roaming\WB.CFG
2014-09-15 21:33 - 2014-09-15 20:51 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\Gameo
2014-09-15 21:25 - 2013-07-16 23:07 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-09-15 21:16 - 2014-09-15 21:16 - 00000000 ____D () C:\Windows\erdnt
2014-09-15 21:15 - 2014-09-15 21:15 - 05579386 ____R (Swearware) C:\Users\Ya-Hü\Desktop\ComboFix.exe
2014-09-15 21:01 - 2014-09-09 21:01 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-15 20:57 - 2014-09-15 20:50 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\Systweak
2014-09-15 20:51 - 2014-09-15 20:51 - 00003234 _____ () C:\Windows\System32\Tasks\FoxTab
2014-09-15 20:51 - 2014-09-15 20:51 - 00000171 _____ () C:\Users\Ya-Hü\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-15 20:51 - 2014-09-15 20:51 - 00000000 ___HD () C:\Users\Ya-Hü\AppData\Roaming\GoldenGate
2014-09-15 20:50 - 2014-09-15 20:50 - 00003306 _____ () C:\Windows\System32\Tasks\ASP
2014-09-15 20:50 - 2014-09-15 20:50 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\ASP
2014-09-15 20:50 - 2014-09-15 20:50 - 00000000 ____D () C:\Program Files\TermTutor
2014-09-15 20:50 - 2014-09-15 20:50 - 00000000 ____D () C:\Program Files (x86)\TermTutor
2014-09-15 20:50 - 2011-03-26 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 20:43 - 2014-09-09 22:33 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\InetStat
2014-09-15 20:43 - 2014-09-09 20:59 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\Genesis_09091859
2014-09-15 20:42 - 2014-09-09 21:16 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\Activeris
2014-09-15 16:43 - 2014-09-15 16:43 - 00003266 _____ () C:\Windows\System32\Tasks\{1B816FFC-80F0-4780-A674-5B4756611473}
2014-09-15 16:13 - 2014-09-15 16:13 - 00001264 _____ () C:\Users\Ya-Hü\Desktop\Revo Uninstaller.lnk
2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-14 01:26 - 2013-01-02 16:19 - 01710080 ___SH () C:\Users\Ya-Hü\Desktop\Thumbs.db
2014-09-13 01:17 - 2011-04-12 20:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-13 01:15 - 2011-01-07 12:33 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 01:15 - 2010-11-08 08:15 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-09-13 01:15 - 2010-11-08 08:15 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-09-13 01:15 - 2009-07-14 07:13 - 01596516 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 01:14 - 2013-08-16 16:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 01:01 - 2011-02-27 01:08 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 01:00 - 2014-05-07 02:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 22:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-10 22:26 - 2014-09-10 22:26 - 02105856 _____ (Farbar) C:\Users\Ya-Hü\Desktop\FRST64.exe
2014-09-10 22:14 - 2014-09-10 22:14 - 25092156 _____ () C:\Users\Ya-Hü\Desktop\mse46.zip
2014-09-10 22:09 - 2014-09-10 22:09 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 22:09 - 2013-03-01 23:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 22:09 - 2013-03-01 23:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 22:09 - 2013-03-01 23:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 21:45 - 2014-09-10 21:45 - 00754752 _____ () C:\Windows\Minidump\091014-19484-01.dmp
2014-09-10 21:45 - 2011-06-07 13:13 - 530712586 _____ () C:\Windows\MEMORY.DMP
2014-09-10 21:45 - 2011-06-07 13:13 - 00000000 ____D () C:\Windows\Minidump
2014-09-09 22:33 - 2014-09-09 22:33 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-09 22:33 - 2014-09-09 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-09 21:18 - 2014-09-09 21:18 - 01536928 _____ (smart-saverplus) C:\Users\Ya-Hü\AppData\Roaming\UQH.exe
2014-09-09 21:18 - 2014-09-09 21:18 - 01484704 _____ (enter) C:\Users\Ya-Hü\AppData\Roaming\DYISTEC.exe
2014-09-09 21:18 - 2014-09-09 21:18 - 00005744 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-1
2014-09-09 21:18 - 2014-09-09 21:18 - 00005440 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-5
2014-09-09 21:18 - 2014-09-09 21:18 - 00002410 _____ () C:\Windows\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-5_user.job
2014-09-09 21:18 - 2014-09-09 21:18 - 00001340 _____ () C:\Windows\Tasks\DYISTEC.job
2014-09-09 21:18 - 2014-09-09 21:18 - 00001332 _____ () C:\Windows\Tasks\UQH.job
2014-09-09 21:18 - 2014-09-09 21:16 - 00000000 ____D () C:\Program Files (x86)\ss8
2014-09-09 21:18 - 2011-03-13 00:26 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\Conduit
2014-09-09 21:17 - 2014-09-09 21:17 - 01984928 _____ (smart-saverplus) C:\Users\Ya-Hü\AppData\Roaming\ICLHS.exe
2014-09-09 21:17 - 2014-09-09 21:17 - 01927072 _____ (enter) C:\Users\Ya-Hü\AppData\Roaming\EVIBZ.exe
2014-09-09 21:17 - 2014-09-09 21:17 - 00007490 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-11
2014-09-09 21:17 - 2014-09-09 21:17 - 00006808 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-4
2014-09-09 21:17 - 2014-09-09 21:17 - 00006462 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-6
2014-09-09 21:17 - 2014-09-09 21:17 - 00006128 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-7
2014-09-09 21:17 - 2014-09-09 21:17 - 00005784 _____ () C:\Windows\System32\Tasks\bf1a449c-8356-402e-9ecc-44015185bae6-3
2014-09-09 21:17 - 2014-09-09 21:17 - 00001336 _____ () C:\Windows\Tasks\ICLHS.job
2014-09-09 21:17 - 2014-09-09 21:17 - 00001336 _____ () C:\Windows\Tasks\EVIBZ.job
2014-09-09 21:17 - 2014-09-09 21:16 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-09 21:16 - 2014-09-09 21:16 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\globalUpdate
2014-09-09 21:10 - 2014-09-09 21:10 - 00000000 ____D () C:\Users\Ya-Hü\AppData\Local\com
2014-09-09 21:05 - 2014-09-09 21:05 - 00004432 _____ () C:\Windows\SysWOW64\MyOSProtect.ini
2014-09-09 21:05 - 2014-09-09 21:05 - 00002384 _____ () C:\Windows\SysWOW64\MyOSProtectOff.ini
2014-09-09 21:05 - 2014-09-09 21:05 - 00002384 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-09-09 21:01 - 2014-09-09 21:01 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-09 21:01 - 2014-09-09 21:01 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-09 21:00 - 2014-09-09 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-09 20:59 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-09 20:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-09 13:41 - 2014-09-09 21:00 - 04823040 _____ () C:\Windows\score.exe
2014-09-05 04:10 - 2014-09-13 00:22 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-13 00:22 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 19:22 - 2014-09-04 19:22 - 00058232 _____ (Term Tutor) C:\Windows\system32\Drivers\ttnfd.sys
2014-09-04 00:35 - 2013-04-15 14:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-03 16:21 - 2011-01-08 14:28 - 00000000 ____D () C:\ProgramData\Norton
2014-09-03 16:21 - 2010-11-07 23:33 - 00000000 ____D () C:\ProgramData\Symantec
2014-09-02 21:55 - 2014-09-02 21:55 - 00487483 _____ () C:\monitor.exe
2014-09-02 21:55 - 2014-09-02 21:55 - 00034244 _____ () C:\monitorsvc.exe
2014-09-02 20:16 - 2014-09-02 20:16 - 00634880 _____ () C:\DirectControl.exe
2014-09-02 13:04 - 2014-09-02 13:03 - 00000000 ____D () C:\Users\Ya-Hü\.tfo4
2014-09-02 13:03 - 2014-09-02 13:03 - 00000000 ____D () C:\Users\Ya-Hü\4.0
2014-09-02 13:03 - 2011-01-04 22:22 - 00000000 ____D () C:\Users\Ya-Hü
2014-09-01 20:28 - 2014-09-09 21:04 - 00350768 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect64.dll
2014-09-01 20:28 - 2014-09-09 21:04 - 00304776 _____ (MyOSCompany) C:\Windows\SysWOW64\MyOSProtect.dll
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\Program Files\plugins
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\Program Files\lib
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\Program Files\ext
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\Program Files\doc
2014-09-01 19:07 - 2014-09-01 19:07 - 00000000 ____D () C:\Program Files\bin
2014-09-01 19:07 - 2014-06-25 09:52 - 00000653 _____ () C:\Program Files\pdfsam-config.xml
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Ya-Hü\AppData\Roaming\UQH
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Ya-Hü\AppData\Roaming\TCHMVBY
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Ya-Hü\AppData\Roaming\DYISTEC
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Ya-Hü\AppData\Roaming\YJGWRXDI
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Ya-Hü\AppData\Roaming\ICLHS
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Ya-Hü\AppData\Roaming\EVIBZ
2014-08-29 03:21 - 2009-07-14 06:45 - 00778352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 00:38 - 2013-12-01 22:55 - 00000000 ____D () C:\Users\Ya-Hü\Desktop\camii
2014-08-26 23:31 - 2014-03-19 15:43 - 00000000 ____D () C:\Users\Ya-Hü\Desktop\Bachelorarbeit
2014-08-26 23:31 - 2013-02-03 21:37 - 00000000 ____D () C:\Users\Ya-Hü\Desktop\Diverse Schreiben bzw. Briefe
2014-08-26 23:31 - 2012-06-07 13:35 - 00000000 ____D () C:\Users\Ya-Hü\Desktop\Karsik
2014-08-25 06:53 - 2011-03-13 11:52 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 16:01 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 16:01 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 16:01 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 21:50 - 2011-07-29 22:45 - 00142848 ___SH () C:\Users\Ya-Hü\Documents\Thumbs.db
2014-08-21 19:31 - 2014-08-21 19:31 - 00000000 ____D () C:\Users\Ya-Hü\Documents\Fax
2014-08-19 19:39 - 2013-01-02 00:28 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk

Some content of TEMP:
====================
C:\Users\Ya-Hü\AppData\Local\Temp\AskSLib.dll
C:\Users\Ya-Hü\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ya-Hü\AppData\Local\Temp\cm-u804d.dll
C:\Users\Ya-Hü\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnvlw8j.dll
C:\Users\Ya-Hü\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Ya-Hü\AppData\Local\Temp\FileSystemView.dll
C:\Users\Ya-Hü\AppData\Local\Temp\Launcher.exe
C:\Users\Ya-Hü\AppData\Local\Temp\mufpxfvp.dll
C:\Users\Ya-Hü\AppData\Local\Temp\nsaE836.exe
C:\Users\Ya-Hü\AppData\Local\Temp\nsf135B.exe
C:\Users\Ya-Hü\AppData\Local\Temp\nsfD7DE.exe
C:\Users\Ya-Hü\AppData\Local\Temp\nsk5113.exe
C:\Users\Ya-Hü\AppData\Local\Temp\nsk87F.exe
C:\Users\Ya-Hü\AppData\Local\Temp\nsu8AEA.exe
C:\Users\Ya-Hü\AppData\Local\Temp\post1.exe
C:\Users\Ya-Hü\AppData\Local\Temp\post2.dll
C:\Users\Ya-Hü\AppData\Local\Temp\post2.exe
C:\Users\Ya-Hü\AppData\Local\Temp\setup_337.exe
C:\Users\Ya-Hü\AppData\Local\Temp\SHelp2.exe
C:\Users\Ya-Hü\AppData\Local\Temp\SpOrder.dll
C:\Users\Ya-Hü\AppData\Local\Temp\SPStub.exe
C:\Users\Ya-Hü\AppData\Local\Temp\stubhelper.dll
C:\Users\Ya-Hü\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Ya-Hü\AppData\Local\Temp\System.Data.SQLite21907.dll
C:\Users\Ya-Hü\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Ya-Hü\AppData\Local\Temp\wmdjug6e.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 16:31

==================== End Of Log ============================

Hast Du die Programme mit ATTENTION deinstalliert?

Combofix löschen und neu laden, Sophos beenden und Combofix nochmal laufen lassen.

Ich konnte 2 der Programme nicht deinstallieren ..

ASK Toolbar updater und snap.do.engine...

Ok COmbofix nochmal versuchen. Egal ob es klappt oder nicht, hiermit weiter:

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

mbam:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 22.09.2014
Suchlauf-Zeit: 12:05:04
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.02.20.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ya-Hü

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 283168
Verstrichene Zeit: 44 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 22
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [1633d52ab7c31f17365c7ef5e022748c],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, In Quarantäne, [1633d52ab7c31f17365c7ef5e022748c],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [1633d52ab7c31f17365c7ef5e022748c],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [1633d52ab7c31f17365c7ef5e022748c],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, In Quarantäne, [1633d52ab7c31f17365c7ef5e022748c],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [1633d52ab7c31f17365c7ef5e022748c],
PUP.Optional.VGrabber.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D26631E0-DE8C-42FB-B12C-098665BDD65A}, In Quarantäne, [dc6dc33cbbbf5cdac291b6bf43bf7d83],
PUP.Optional.VGrabber.A, HKLM\SOFTWARE\CLASSES\Toolbar.CT3286379, In Quarantäne, [dc6dc33cbbbf5cdac291b6bf43bf7d83],
PUP.Optional.VGrabber.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3286379, In Quarantäne, [dc6dc33cbbbf5cdac291b6bf43bf7d83],
PUP.Optional.VGrabber.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D26631E0-DE8C-42FB-B12C-098665BDD65A}, In Quarantäne, [dc6dc33cbbbf5cdac291b6bf43bf7d83],
PUP.Optional.VGrabber.A, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8686b6b5-4734-4d4a-a246-5efbd9ebb200}, In Quarantäne, [0c3d4db2a7d3bb7b262cadc807fb11ef],
PUP.Optional.VGrabber.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8686B6B5-4734-4D4A-A246-5EFBD9EBB200}, In Quarantäne, [0c3d4db2a7d3bb7b262cadc807fb11ef],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [292030cf49310b2bd9cd02b4fd06946c],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [86c37f80abcf8bab16908036c0430ef2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [a7a2e31c730747ef78fedde27f842dd3],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [8bbe4db2db9f3501efb2d7b71ce659a7],
PUP.Optional.ValueApps.A, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, In Quarantäne, [c18820df5a20171fe30d52420ff340c0],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [5beeda25de9cb97d1761197b54ae867a],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [391040bf17639f97eae4ebbf6a99a35d],
PUP.Optional.SmartSaver.A, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\smart-saverplus, In Quarantäne, [3f0a2fd0403a78be55dec6c825ddde22],
PUP.Optional.Qone8, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [2227cf3088f21422d0d5fcba9172817f],
PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RocketTab, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],

Registrierungswerte: 6
PUP.Optional.VGrabber.A, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{8686B6B5-4734-4D4A-A246-5EFBD9EBB200}, In Quarantäne, [0c3d4db2a7d3bb7b262cadc807fb11ef],
PUP.Optional.VGrabber.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{8686B6B5-4734-4D4A-A246-5EFBD9EBB200}, In Quarantäne, [0c3d4db2a7d3bb7b262cadc807fb11ef],
PUP.Optional.VGrabber.A, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{8686b6b5-4734-4d4a-a246-5efbd9ebb200}, In Quarantäne, [76d350af7604af8781d1cda825dda858],
PUP.Optional.VGrabber.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{8686b6b5-4734-4d4a-a246-5efbd9ebb200}, In Quarantäne, [3d0c36c97307d46222306d0861a16a96],
PUP.Optional.ConduitSearchProtect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtectAll, C:\Program Files (x86)\SearchProtect\bin\cltmng.exe, In Quarantäne, [0a3ffe01fb7f7bbb992b396ec043ba46]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1N1M, In Quarantäne, [391040bf17639f97eae4ebbf6a99a35d]

Registrierungsdaten: 6
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[82c749b648321323f15271be768ec13f]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[98b14fb087f36ec8ee55b17e1aead729]
PUP.Optional.Snapdo, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=4a462bdd-4c3a-402c-8ce3-d37e0174272f&searchtype=ds&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=4a462bdd-4c3a-402c-8ce3-d37e0174272f&searchtype=ds&q={searchTerms}),Ersetzt,[1138d728750525117f3db07eba4a9b65]
PUP.Optional.Snapdo, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=4a462bdd-4c3a-402c-8ce3-d37e0174272f&searchtype=ds&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=4a462bdd-4c3a-402c-8ce3-d37e0174272f&searchtype=ds&q={searchTerms}),Ersetzt,[c584ac534d2d5fd76457c46afa0a936d]
PUP.Optional.Snapdo, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=4a462bdd-4c3a-402c-8ce3-d37e0174272f&searchtype=ds&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=4a462bdd-4c3a-402c-8ce3-d37e0174272f&searchtype=ds&q={searchTerms}),Ersetzt,[1b2eee11f9815bdb1da11816db299868]
PUP.Optional.Snapdo, HKU\S-1-5-21-2343719655-606922816-1584496895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=4a462bdd-4c3a-402c-8ce3-d37e0174272f&searchtype=ds&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=4a462bdd-4c3a-402c-8ce3-d37e0174272f&searchtype=ds&q={searchTerms}),Ersetzt,[ad9c05faf2883ef88639c26c986c7090]

Ordner: 22
Rogue.Multiple, C:\ProgramData\374311380, In Quarantäne, [3019aa559edcfa3cc11bacca6c96fe02],
PUP.Optional.OpenCandy, C:\Users\Ya-Hü\AppData\Roaming\OpenCandy, In Quarantäne, [0b3e5da2fe7cd066612a15718a78ca36],
PUP.Optional.OpenCandy, C:\Users\Ya-Hü\AppData\Roaming\OpenCandy\0CAFBC467D9B4043A447693162224D1A, In Quarantäne, [0b3e5da2fe7cd066612a15718a78ca36],
PUP.Optional.OpenCandy, C:\Users\Ya-Hü\AppData\Roaming\OpenCandy\D20187A6DDE9446C84D17F58A548E301, In Quarantäne, [0b3e5da2fe7cd066612a15718a78ca36],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\CT3241949, In Quarantäne, [aa9f9669c1b948ee7490e7a08082847c],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3286379, In Quarantäne, [ac9da05fdf9bd95d33d187008a785da3],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3286379\xpi, In Quarantäne, [ac9da05fdf9bd95d33d187008a785da3],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3286379\xpi\defaults, In Quarantäne, [ac9da05fdf9bd95d33d187008a785da3],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3286379\xpi\defaults\preferences, In Quarantäne, [ac9da05fdf9bd95d33d187008a785da3],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3288691, In Quarantäne, [ff4a7c83f387c57132d260278f737987],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\xpi, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\xpi\defaults, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\xpi\defaults\preferences, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297861, In Quarantäne, [ed5cf40b4436c76f06fe780f8d75a65a],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct2269050, In Quarantäne, [53f6817e7ffbed49758fb5d28f7313ed],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct2269050\xpi, In Quarantäne, [53f6817e7ffbed49758fb5d28f7313ed],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, In Quarantäne, [cd7c8f70eb8f112590897f089270a060],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3297265, In Quarantäne, [cd7c8f70eb8f112590897f089270a060],
PUP.Optional.Conduit, C:\Users\Ya-Hü\AppData\Local\TBHostSupport, In Quarantäne, [af9afe01057591a51deddcaca2601fe1],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],

Dateien: 71
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\SPStub.exe, In Quarantäne, [fe4b3cc323575fd7c0bc075780817789],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\nsu8AEA.exe, In Quarantäne, [dc6dfb041f5bd066b18f3e224ab716ea],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\nsk5113.exe, In Quarantäne, [3d0c28d7a0da1d19c47cadb39e6317e9],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\nsk87F.exe, In Quarantäne, [2a1f6b94a5d5be78f34d7ee212ef7d83],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\nsaE836.exe, In Quarantäne, [56f3c9360377d16563dd82de47ba05fb],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\nsf135B.exe, In Quarantäne, [e1681ee180fa6ec8a69aed73c93815eb],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\nsfD7DE.exe, In Quarantäne, [b495a45bafcb2610a997d789a25ff20e],
PUP.Optional.SmartBar.A, C:\Users\Ya-Hü\AppData\Local\Temp\c2499d23-c3fb-4a3e-8a6e-8e76cc23414f\LinkuryInstaller.msi, In Quarantäne, [0841d22d9edc5bdbe0dec1b4f20e30d0],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3286379\ffLogic.exe, In Quarantäne, [67e2a15eb6c4ae88f7855905eb1652ae],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3286379\ieLogic.exe, In Quarantäne, [c2871ee1186294a2a8d4c29c0001926e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\chLogic.exe, In Quarantäne, [55f49e61d1a9ad893745a3bbf80954ac],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\ctbe.exe, In Quarantäne, [cd7cf30c245626102a3a71fb887801ff],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\ffLogic.exe, In Quarantäne, [2a1f0bf4e6948da9b2e9a1dd78889769],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\ieLogic.exe, In Quarantäne, [2a1f08f7d5a58da982fa213d09f837c9],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\spch.exe, In Quarantäne, [d079b8477cfe48ee0379fd61bc45946c],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\spff.exe, In Quarantäne, [e76211eed4a6dc5ad9a35905b44dfb05],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\statisticsStub.exe, In Quarantäne, [ac9dcd32067434029d6354f53cc501ff],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\stub.exe, In Quarantäne, [66e32ed19cdeab8b7e85e4970ef28977],
PUP.Optional.SpeedUpMyPC, C:\Users\Ya-Hü\AppData\Local\Temp\is-3ATJ3.tmp\SpeedUpMyPC-standalone-setup.exe, In Quarantäne, [0a3fd32c7604f046edfa703049b811ef],
PUP.Optional.SmartBar, C:\Users\Ya-Hü\AppData\Local\Temp\MSIE805.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [5dec6a954535a78f906f3e3da35d5ba5],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\AU\SPUpdater.exe, In Quarantäne, [df6a3dc25c1eca6c50f073ed22df966a],
PUP.Optional.SpeedUpMyPC, C:\Users\Ya-Hü\AppData\Local\Temp\693Btmp\speedupmypc.exe, In Quarantäne, [cd7ccf302753cc6ae9fea6fabd440000],
PUP.Optional.Softonic.A, C:\Users\Ya-Hü\Downloads\SoftonicDownloader_fuer_fifa-07.exe, In Quarantäne, [b792e41b9fdb3402ca394022e8197888],
PUP.Optional.Softonic.A, C:\Users\Ya-Hü\Downloads\SoftonicDownloader_fuer_fussball-manager-10.exe, In Quarantäne, [5deca758d4a61125a75c6bf7649da957],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [d376ce31572356e062b47717ae54b749],
Rogue.Multiple, C:\ProgramData\374311380\BIT36EB.tmp, In Quarantäne, [3019aa559edcfa3cc11bacca6c96fe02],
PUP.Optional.OpenCandy, C:\Users\Ya-Hü\AppData\Roaming\OpenCandy\0CAFBC467D9B4043A447693162224D1A\3708.ico, In Quarantäne, [0b3e5da2fe7cd066612a15718a78ca36],
PUP.Optional.OpenCandy, C:\Users\Ya-Hü\AppData\Roaming\OpenCandy\0CAFBC467D9B4043A447693162224D1A\EBB77268-338F-4C6A-8590-AD88FED26F4A, In Quarantäne, [0b3e5da2fe7cd066612a15718a78ca36],
PUP.Optional.OpenCandy, C:\Users\Ya-Hü\AppData\Roaming\OpenCandy\0CAFBC467D9B4043A447693162224D1A\OCBrowserHelper_1.0.3.85.dll, In Quarantäne, [0b3e5da2fe7cd066612a15718a78ca36],
PUP.Optional.OpenCandy, C:\Users\Ya-Hü\AppData\Roaming\OpenCandy\0CAFBC467D9B4043A447693162224D1A\SnapDo.exe, In Quarantäne, [0b3e5da2fe7cd066612a15718a78ca36],
PUP.Optional.OpenCandy, C:\Users\Ya-Hü\AppData\Roaming\OpenCandy\0CAFBC467D9B4043A447693162224D1A\SnapDo_ALL_p1v4.exe, In Quarantäne, [0b3e5da2fe7cd066612a15718a78ca36],
PUP.Optional.OpenCandy, C:\Users\Ya-Hü\AppData\Roaming\OpenCandy\D20187A6DDE9446C84D17F58A548E301\TuneUpUtilities2013_2200218_de-DE.exe, In Quarantäne, [0b3e5da2fe7cd066612a15718a78ca36],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\CT3241949\CT3241949.txt, In Quarantäne, [aa9f9669c1b948ee7490e7a08082847c],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\CT3241949\dtime.csf, In Quarantäne, [aa9f9669c1b948ee7490e7a08082847c],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\CT3241949\initData.json, In Quarantäne, [aa9f9669c1b948ee7490e7a08082847c],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\CT3241949\manifest.json, In Quarantäne, [aa9f9669c1b948ee7490e7a08082847c],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3286379\conduit.xml, In Quarantäne, [ac9da05fdf9bd95d33d187008a785da3],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3286379\CT3286379.xpi, In Quarantäne, [ac9da05fdf9bd95d33d187008a785da3],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3286379\version.txt, In Quarantäne, [ac9da05fdf9bd95d33d187008a785da3],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3286379\xpi\install.rdf, In Quarantäne, [ac9da05fdf9bd95d33d187008a785da3],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3286379\xpi\defaults\preferences\defaults.js, In Quarantäne, [ac9da05fdf9bd95d33d187008a785da3],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3288691\chromeid.txt, In Quarantäne, [ff4a7c83f387c57132d260278f737987],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3288691\setup.ini.txt, In Quarantäne, [ff4a7c83f387c57132d260278f737987],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\chromeid.txt, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\conduit.xml, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\CT3297265.txt, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\CT3297265.xpi, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\initdata.json, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\ism.exe, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\manifest.json, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\setup.ini.txt, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\version.txt, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\xpi\install.rdf, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297265\xpi\defaults\preferences\defaults.js, In Quarantäne, [2f1aa35cf783a98dd3318601738f827e],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297861\chromeid.txt, In Quarantäne, [ed5cf40b4436c76f06fe780f8d75a65a],
PUP.Optional.Conduit.A, C:\Users\Ya-Hü\AppData\Local\Temp\ct3297861\setup.ini.txt, In Quarantäne, [ed5cf40b4436c76f06fe780f8d75a65a],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3297265\SetupIcon.ico, In Quarantäne, [cd7c8f70eb8f112590897f089270a060],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3297265\UninstallerUI.exe, In Quarantäne, [cd7c8f70eb8f112590897f089270a060],
PUP.Optional.Conduit, C:\Users\Ya-Hü\AppData\Local\TBHostSupport\TBHostSupport_0.dll, In Quarantäne, [af9afe01057591a51deddcaca2601fe1],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Client.exe, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\config.dat, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\makecert.exe, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\TrustedRoot.cer, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\uninstall.exe, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\certutil.exe, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libnspr4.dll, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libplc4.dll, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libplds4.dll, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\nss3.dll, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\smime3.dll, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\softokn3.dll, In Quarantäne, [6adfed123842270f4ad5e3a8c33f1ae6],

Physische Sektoren: 0
(No malicious items detected)


(end)

AdwCleaner Logfile:
--- --- ---

AdwCleaner Logfile:
--- --- ---JRT Logfile:
--- --- ---


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ya-Hü on 22.09.2014 at 13:21:56,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitutil_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitutil_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitutil_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitutil_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{81C5F3D0-96DD-41A1-9AB0-34D3393ECD63}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{880A4506-D686-4F9D-99E6-AF7031E4954A}



~~~ Files

Successfully deleted: [File] "C:\Users\Ya-Hü\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Ya-Hü\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Ya-Hü\AppData\Roaming\getrighttogo"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.09.2014 at 13:43:26,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
--- --- ---

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9e6c77d3963e61488d7a7725980832b1
# engine=20247
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-22 06:39:41
# local_time=2014-09-22 08:39:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 23447 163041031 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 99 12597 108777382 0 0
# scanned=134813
# found=22
# cleaned=0
# scan_time=7597
sh=C5E60CCD154DB4E5978E33285DB016171C80ED79 ft=1 fh=58635ab0e5696ad2 vn="Win32/AdWare.Loadshop.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\monitorsvc.exe.vir"
sh=A4CE8B88791877CDA87FFED8168BE73A21BF3370 ft=1 fh=4db1911c9bd166d4 vn="Win32/Agent.WGA Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\score.exe.vir"
sh=7E365F5F8841673A67DEB61EBCD4B689A488B677 ft=1 fh=ae054f85f50e59fb vn="Variante von Win64/Adware.Vitruvian.B Anwendung" ac=I fn="C:\Program Files\TermTutor\IE\TermTutorClientIE.dll"
sh=8242BD4EEE162B47CFB747901E137937FF409B7D ft=1 fh=7577f344c81db086 vn="Variante von Win32/AdWare.Vitruvian.D Anwendung" ac=I fn="C:\Program Files (x86)\TermTutor\IE\TermTutorClientIE.dll"
sh=F48E3296587DA40FDCE135488EC1CFDAB4F77CEB ft=1 fh=218b94011b24785c vn="Variante von Win32/AdWare.Vitruvian.D Anwendung" ac=I fn="C:\Program Files (x86)\TermTutor\Service\ttsvc.exe"
sh=F9DF8C6A129CBD5E05C85F2EA389AD988D6BEA8B ft=1 fh=3cfdff7458f4d340 vn="Variante von Win32/AdWare.AddLyrics.BR Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\3333-2080_SpeedChecker[1].exe"
sh=6BDA022CEE7A5D0FDBC8E201B123062FDAB8D0E2 ft=1 fh=e97dddb74254d8cd vn="Variante von Win32/AdWare.NaviPromo.AZ Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\GenesisInstaller[1].exe"
sh=479E03A3846A720787CF7F2CBC3A9CEA06AD752F ft=1 fh=7f8c6d23a3efd749 vn="Win32/Agent.WGA Trojaner" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\setup[1].exe"
sh=807617DCC6A329C05689BD19BE00EC4203BDF1F8 ft=1 fh=6b92ca387144ec0c vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\setup_mbot_de[1].exe"
sh=9C3F6C2B06D08C5BB112BB0C37B6583EFE4550C8 ft=1 fh=8202483c449e4190 vn="Win32/AdWare.Loadshop.A Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\wp-dcollect-tgu.211[1].exe"
sh=6BDA022CEE7A5D0FDBC8E201B123062FDAB8D0E2 ft=1 fh=e97dddb74254d8cd vn="Variante von Win32/AdWare.NaviPromo.AZ Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\693Etmp\genesisinstaller.exe"
sh=F9DF8C6A129CBD5E05C85F2EA389AD988D6BEA8B ft=1 fh=3cfdff7458f4d340 vn="Variante von Win32/AdWare.AddLyrics.BR Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\693Ftmp\3333-2080_speedchecker.exe"
sh=807617DCC6A329C05689BD19BE00EC4203BDF1F8 ft=1 fh=6b92ca387144ec0c vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\6950tmp\mybestofferstoday.exe"
sh=479E03A3846A720787CF7F2CBC3A9CEA06AD752F ft=1 fh=7f8c6d23a3efd749 vn="Win32/Agent.WGA Trojaner" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\6951tmp\setup.exe"
sh=9C3F6C2B06D08C5BB112BB0C37B6583EFE4550C8 ft=1 fh=8202483c449e4190 vn="Win32/AdWare.Loadshop.A Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\6953tmp\wp-dcollect-tgu.211.exe"
sh=807617DCC6A329C05689BD19BE00EC4203BDF1F8 ft=1 fh=6b92ca387144ec0c vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\6B2Dtmp\mybestofferstoday.exe"
sh=E5E4E3DF67EF76B47C8993AC1F35236577124934 ft=1 fh=b4ebd1af99768d94 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\is45637729\2244190_stp\termtutor-setup-1.9.0.8.exe"
sh=022BDFD43F2C8F7CBB0740457C1FAA19A3804E61 ft=1 fh=fb48ccaad2eefd57 vn="Variante von Win32/TrojanDownloader.Whizelown.K Trojaner" ac=I fn="C:\Users\Ya-Hü\Downloads\WhiteSmokeWriterGeo9139_en (1).exe"
sh=022BDFD43F2C8F7CBB0740457C1FAA19A3804E61 ft=1 fh=fb48ccaad2eefd57 vn="Variante von Win32/TrojanDownloader.Whizelown.K Trojaner" ac=I fn="C:\Users\Ya-Hü\Downloads\WhiteSmokeWriterGeo9139_en (2).exe"
sh=022BDFD43F2C8F7CBB0740457C1FAA19A3804E61 ft=1 fh=fb48ccaad2eefd57 vn="Variante von Win32/TrojanDownloader.Whizelown.K Trojaner" ac=I fn="C:\Users\Ya-Hü\Downloads\WhiteSmokeWriterGeo9139_en (3).exe"
sh=022BDFD43F2C8F7CBB0740457C1FAA19A3804E61 ft=1 fh=fb48ccaad2eefd57 vn="Variante von Win32/TrojanDownloader.Whizelown.K Trojaner" ac=I fn="C:\Users\Ya-Hü\Downloads\WhiteSmokeWriterGeo9139_en (4).exe"
sh=022BDFD43F2C8F7CBB0740457C1FAA19A3804E61 ft=1 fh=fb48ccaad2eefd57 vn="Variante von Win32/TrojanDownloader.Whizelown.K Trojaner" ac=I fn="C:\Users\Ya-Hü\Downloads\WhiteSmokeWriterGeo9139_en.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9e6c77d3963e61488d7a7725980832b1
# engine=20247
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-22 09:45:04
# local_time=2014-09-22 11:45:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 34570 163052154 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 99 12917 108788505 0 0
# scanned=252060
# found=159
# cleaned=0
# scan_time=11017
sh=C5E60CCD154DB4E5978E33285DB016171C80ED79 ft=1 fh=58635ab0e5696ad2 vn="Win32/AdWare.Loadshop.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\monitorsvc.exe.vir"
sh=54F568BEEEF5FAFB44361EF9740BB8B99BC791E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\34d5b262-de52-4027-b42a-4fa3571d7f58.crx.vir"
sh=B01A27DA69379E7A3E75098D1E2673572E3C563C ft=1 fh=c8e0938ce5560143 vn="Variante von Win32/Toolbar.CrossRider.AS evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\59acbb01-4eb7-481b-b3f6-a4eec89c18c5.exe.vir"
sh=36E152AB816973B3A7B571FF0EBB70DFE804F44F ft=1 fh=8bc12dc6c24a2404 vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\98ed4270-7785-4165-abad-58c3f4f52fee-11.exe.vir"
sh=0C9E6E51A254A2BA944F4CB8F36B50B9F720126A ft=1 fh=fc64297ff92b00e1 vn="Variante von Win32/Toolbar.CrossRider.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\98ed4270-7785-4165-abad-58c3f4f52fee-2.exe.vir"
sh=36E152AB816973B3A7B571FF0EBB70DFE804F44F ft=1 fh=8bc12dc6c24a2404 vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\98ed4270-7785-4165-abad-58c3f4f52fee-3.exe.vir"
sh=AF6972A96EBDFF21ACBA29CCC29424AB5A298CB0 ft=1 fh=d29e27007e522373 vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\98ed4270-7785-4165-abad-58c3f4f52fee-4.exe.vir"
sh=1FFCDDDAD10A71CD80E301984E057DCE3DC82869 ft=1 fh=80881101bbc27895 vn="Variante von Win32/Toolbar.CrossRider.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\98ed4270-7785-4165-abad-58c3f4f52fee-5.exe.vir"
sh=A7ECE89AE5BF388432DF19220272BE4405FBCD9E ft=1 fh=0e1cebe1f7866a38 vn="Variante von Win32/Toolbar.CrossRider.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\98ed4270-7785-4165-abad-58c3f4f52fee-7.exe.vir"
sh=C9799082AA74AB6CAE655EA2432AA34D782D78EB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\98ed4270-7785-4165-abad-58c3f4f52fee.crx.vir"
sh=5B48C41FB2316C490E01AC97500B391EC0639016 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\98ed4270-7785-4165-abad-58c3f4f52fee.xpi.vir"
sh=C9799082AA74AB6CAE655EA2432AA34D782D78EB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\a24121dc-c50d-4fe4-bf19-8a663c3e51da.crx.vir"
sh=E33BF05A13942438FC8A8F49F05D59D191E2E0C7 ft=1 fh=2959aa3ca7cd54cc vn="Variante von Win32/Toolbar.CrossRider.AL evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\CinPlusHQ01-2.5cV15.09-bg.exe.vir"
sh=E05A638229036AC8BD319054EB29DB0B3D2E71A8 ft=1 fh=9d473d07b2628723 vn="Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\CinPlusHQ01-2.5cV15.09-bho.dll.vir"
sh=C191D87FB152A19329C7EF1ADDB1F697E512C206 ft=1 fh=6e346c3124001cae vn="Variante von Win64/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\CinPlusHQ01-2.5cV15.09-bho64.dll.vir"
sh=A7ECE89AE5BF388432DF19220272BE4405FBCD9E ft=1 fh=0e1cebe1f7866a38 vn="Variante von Win32/Toolbar.CrossRider.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\CinPlusHQ01-2.5cV15.09-codedownloader.exe.vir"
sh=ED0306DAF62B44720100B39FFEED16394D626FB0 ft=1 fh=bfd3aab6ff0f9199 vn="Variante von Win32/Toolbar.CrossRider.AG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinPlusHQ01-2.5cV15.09\fa50a323-b173-42a7-ad68-a45d88bc41ec.exe.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\nsprotector.js.vir"
sh=53F226B3D1D3828304E40C6C7A50667ADF23B42A ft=1 fh=e1ea10a5e9416a5c vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=0CB68F399D491465198E3E86F1D2923A211614E7 ft=1 fh=021f675753f993f2 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=86EA851108D635D9ED47C01E86899845DFDA3EC7 ft=1 fh=90733a3b10b3e858 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=30E2FB1C671B2808D2E80518D793575965AF2416 ft=1 fh=d06e6f3f3f60e357 vn="Variante von Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=AC11914CC02E023E2EF06A80DEE1701419A5473A ft=1 fh=4cb2d0bd10147652 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=D037F58CF4B36F3B437FAA0D9500720445B27D65 ft=1 fh=b07c7921935b766c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3297265\UninstallerUI.exe.vir"
sh=C367B1BB5B37F59519EBC43C567EA9EAAF9D68CA ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\YA-H~1\AppData\Local\Temp\NativeMessaging\CT3297265.crx.vir"
sh=47684BC9F96872C4134DD46689D013BD8E51A14A ft=1 fh=47ffb6bc73749a57 vn="Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\YA-H~1\AppData\Local\Temp\NativeMessaging\CT3297265\nativeMessaging\TBMessagingHost.exe.vir"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ya-Hü\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ya-Hü\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVDV.dll.vir"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ya-Hü\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll.vir"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ya-Hü\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ya-Hü\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=A4CE8B88791877CDA87FFED8168BE73A21BF3370 ft=1 fh=4db1911c9bd166d4 vn="Win32/Agent.WGA Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\score.exe.vir"
sh=7E365F5F8841673A67DEB61EBCD4B689A488B677 ft=1 fh=ae054f85f50e59fb vn="Variante von Win64/Adware.Vitruvian.B Anwendung" ac=I fn="C:\Program Files\TermTutor\IE\TermTutorClientIE.dll"
sh=5963292E1A864B7E273E281E18F9FE29358A584C ft=1 fh=79168b97a649e56e vn="Variante von MSIL/Toolbar.Linkury.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\OfferBoulevard\OfferBoulevard.exe"
sh=84284DD1DBB46F03512211E372E6466D4D089718 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ss8\8eb1ce14-50d6-4e52-80c1-dd6bc33de32e.crx"
sh=C73557F13264F5005BBA2E4969DBE5ED8F76EE43 ft=1 fh=11450db33cb4f903 vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ss8\bf1a449c-8356-402e-9ecc-44015185bae6-11.exe"
sh=C73557F13264F5005BBA2E4969DBE5ED8F76EE43 ft=1 fh=11450db33cb4f903 vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ss8\bf1a449c-8356-402e-9ecc-44015185bae6-3.exe"
sh=FD05DBDF97B4FD241A07724DECC29DCE6EA01B4C ft=1 fh=8237b1f1b8649c57 vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ss8\bf1a449c-8356-402e-9ecc-44015185bae6-4.exe"
sh=691BB0CAA93F5F5C34CCD6570437B5DF9A8AF619 ft=1 fh=a896af5e55adaa75 vn="Variante von Win32/Toolbar.CrossRider.AR evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ss8\bf1a449c-8356-402e-9ecc-44015185bae6-5.exe"
sh=F5B0E0713C7E568946AB915419E754B4C0070320 ft=1 fh=f5b2e1abc369f053 vn="Variante von Win32/Toolbar.CrossRider.AM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ss8\bf1a449c-8356-402e-9ecc-44015185bae6-7.exe"
sh=D6555B59C732E9E0D46BFAFCA66592EEA8464B69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ss8\bf1a449c-8356-402e-9ecc-44015185bae6.crx"
sh=60F765AF3CA3E1A036E536C925DBBE7345628E91 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ss8\bf1a449c-8356-402e-9ecc-44015185bae6.xpi"
sh=D6555B59C732E9E0D46BFAFCA66592EEA8464B69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ss8\bfc86444-19c2-471f-bb5d-6fd34eb2e3ad.crx"
sh=2192C5235711158F0F66A7841ADC3AF986C362EA ft=1 fh=7790faaecf272ee0 vn="Variante von Win32/Toolbar.CrossRider.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ss8\bfc86444-19c2-471f-bb5d-6fd34eb2e3ad.dll"
sh=8242BD4EEE162B47CFB747901E137937FF409B7D ft=1 fh=7577f344c81db086 vn="Variante von Win32/AdWare.Vitruvian.D Anwendung" ac=I fn="C:\Program Files (x86)\TermTutor\IE\TermTutorClientIE.dll"
sh=F48E3296587DA40FDCE135488EC1CFDAB4F77CEB ft=1 fh=218b94011b24785c vn="Variante von Win32/AdWare.Vitruvian.D Anwendung" ac=I fn="C:\Program Files (x86)\TermTutor\Service\ttsvc.exe"
sh=6BBC79D174DEA35228600E7C9AF0ABFBF91CF403 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldeppocfnbnopadlkalkhefdhglkijd\1.26.35_0\extensionData\plugins\91.js"
sh=D71BEACB10A801F20EA952DFA7E2DBD9B33A8C2F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin\16675.7167.9842_0\extensionData\plugins\91.js"
sh=88F0020FC52EC4C7F80519D64F0C49D56210C499 ft=1 fh=df4b907de8b072e5 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01ANFQR3\APISupport[1].dll"
sh=07E205B6AD3CF96CF57DCFB30B5C6017C4352BA1 ft=1 fh=95976d786c3cfbd0 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01ANFQR3\DivX_Browser_Bar_DE[1].exe"
sh=168FB5D0C15D8B2DE61048A841D24CCBAEEFD98E ft=1 fh=aa31a7169cf92f95 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01ANFQR3\Setup[1].exe"
sh=C1DE7CA5F39F0F2A3A33E6832563D37EE67F69DB ft=1 fh=8e379ea746883d92 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01ANFQR3\SpeedUpMyPC-standalone-setup[1].exe"
sh=F89D0D35647789000A23E8BD1E557BEE519A6BAE ft=1 fh=4f81c51847428f3f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01ANFQR3\statisticsstub[1].exe"
sh=4A82A588430B85B3835C8D0A0A402D7AD35915F9 ft=1 fh=6a3b1b396e0ec641 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SHHLDAR\APISupport[1].dll"
sh=69AF8D82BD65216B649368B4F1A0CB2708D296E1 ft=1 fh=10fa131a8ddb2fc9 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SHHLDAR\APISupport[2].dll"
sh=3096A6D6D5007B947C86A7FE8E72EEB3C86E80B3 ft=1 fh=6df4c99aadb2d5ea vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SHHLDAR\APISupport[3].dll"
sh=75A3C22230CDD2B86A48B6880A953787C3D69644 ft=1 fh=e2e33691572e3d20 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SHHLDAR\divx_browser_bar_de[1].exe"
sh=BD399578DDF3941D028F15E76930C4D1CE438507 ft=1 fh=dfe5e413a46cb93d vn="Variante von Win32/VOPackage.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SHHLDAR\dl[1].htm"
sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SHHLDAR\mconduitinstaller[1].exe"
sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SHHLDAR\TBUpdaterLogic[1].dll"
sh=F9DF8C6A129CBD5E05C85F2EA389AD988D6BEA8B ft=1 fh=3cfdff7458f4d340 vn="Variante von Win32/AdWare.AddLyrics.BR Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\3333-2080_SpeedChecker[1].exe"
sh=E0C40AC460D16773DA3546A23508774E7898D893 ft=1 fh=3e6b5ab950259002 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\APISupport[1].dll"
sh=D68B6F04BDEAE5E8335F52C4A32E08D91A80505E ft=1 fh=adf7011657306ae6 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\APISupport[2].dll"
sh=0E7E5F4C697E7E0A77575D8D62C4C6357CCD3B02 ft=1 fh=cb46e2c2bd0b7bca vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\APISupport[3].dll"
sh=3661EDB38BCB034EA00F78F9144D975333C786BA ft=1 fh=0c96e457c8798f6f vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\APISupport[4].dll"
sh=AF023CD20C85601E6874CB788BCAA49AE325A40D ft=1 fh=da3b4c00ec0bc47d vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\Cloud_Backup_Setup[1].exe"
sh=4C265AAF9AE88D06269ADD7034D63A115606DDFA ft=1 fh=3189627c07c08170 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\conduitinstaller[1].exe"
sh=70F50FD717327A6FDE4B9183F1DF0634D76C6597 ft=1 fh=d52d3c3b5be54481 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\DivX_Browser_Bar_DE[1].exe"
sh=8F983A9242C9C393DBA6966974362A97818A2C91 ft=1 fh=270797b0b63ad147 vn="Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\FastAgainSetup[1].exe"
sh=6BDA022CEE7A5D0FDBC8E201B123062FDAB8D0E2 ft=1 fh=e97dddb74254d8cd vn="Variante von Win32/AdWare.NaviPromo.AZ Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\GenesisInstaller[1].exe"
sh=B737B3143B5BB939C7F8087D30B84D45A697EDFB ft=1 fh=b85870fb35754223 vn="Variante von Win32/ELEX.AX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\lly_istartsurf[1].exe"
sh=479E03A3846A720787CF7F2CBC3A9CEA06AD752F ft=1 fh=7f8c6d23a3efd749 vn="Win32/Agent.WGA Trojaner" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\setup[1].exe"
sh=0DD2E0D7527C504C482682265EF92AF6A2E1A845 ft=1 fh=1714457ec37c7a42 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\Setup[3].exe"
sh=06F36E454B22DAB270CD353014195F0461A31E9C ft=1 fh=2d868c9a5221bd40 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\Setup[4].exe"
sh=807617DCC6A329C05689BD19BE00EC4203BDF1F8 ft=1 fh=6b92ca387144ec0c vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\setup_mbot_de[1].exe"
sh=7CCEF7B1C5795FFBF81F3D88DD5F53D25A28FE8E ft=1 fh=af203ea23d763fd0 vn="Win32/OutBrowse.AO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\ShoppinHelper2_Setup2C2.03.9[1].exe"
sh=383D337A6DC721144F3B026A86365541CA8EDCDB ft=1 fh=c2a6e824279d9939 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\speedupmypc[1].exe"
sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\TBUpdaterLogic[1].dll"
sh=9C3F6C2B06D08C5BB112BB0C37B6583EFE4550C8 ft=1 fh=8202483c449e4190 vn="Win32/AdWare.Loadshop.A Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ4N91OS\wp-dcollect-tgu.211[1].exe"
sh=0084D680F9DDE34CC4E41D4233DB9D8694DE5F88 ft=1 fh=db06912410ad131a vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W94JF27L\APISupport[1].dll"
sh=4C647D60B445220E1F2300C979433DF7C0F119B4 ft=1 fh=dd908f5a44627dda vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W94JF27L\APISupport[2].dll"
sh=91F440A8F2A0FFC91EDA87FE5410B93141B1C6B0 ft=1 fh=1ce5d7cf83504dfe vn="Win32/Toolbar.Conduit.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W94JF27L\checktbexist[1].exe"
sh=1FE3BB46E0954C1466A1D17004750CFA082C13A8 ft=1 fh=b69ff78d62363925 vn="Variante von Win32/VOPackage.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W94JF27L\dl[1].htm"
sh=F0D1181592191D32BEC99002E728C9A76E407BBD ft=1 fh=c71c0011fd02b9de vn="Variante von Win32/Amonetize.BP evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W94JF27L\Launcher[1].exe"
sh=D59EEB2C50E2DCD4124C39CE0E98ACF56E18E871 ft=1 fh=dcbd9fbbc37c7a42 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W94JF27L\Setup[1].exe"
sh=D59EEB2C50E2DCD4124C39CE0E98ACF56E18E871 ft=1 fh=dcbd9fbbc37c7a42 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\ICReinstall_nseD118.tmp"
sh=06F36E454B22DAB270CD353014195F0461A31E9C ft=1 fh=2d868c9a5221bd40 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\ICReinstall_nsn6A97.tmp"
sh=0DD2E0D7527C504C482682265EF92AF6A2E1A845 ft=1 fh=1714457ec37c7a42 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\ICReinstall_nsnBA5B.tmp"
sh=397EA2C8E139073F29D8F4F33C533561A0E70947 ft=1 fh=6cd224074e2139cc vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\ICReinstall_nst6F5.tmp"
sh=E097D8CADCC24B2CF54C154977E0785F2F1B0812 ft=1 fh=ec701a58833046b0 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\ICReinstall_nsxD1D1.tmp"
sh=FDE8D117A89FE2815C000AC72713F1C7AA56F762 ft=1 fh=c71c00119262f1ab vn="Variante von Win32/Amonetize.BP evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\Launcher.exe"
sh=168FB5D0C15D8B2DE61048A841D24CCBAEEFD98E ft=1 fh=aa31a7169cf92f95 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\nsd3303.tmp"
sh=D59EEB2C50E2DCD4124C39CE0E98ACF56E18E871 ft=1 fh=dcbd9fbbc37c7a42 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\nseD118.tmp"
sh=06F36E454B22DAB270CD353014195F0461A31E9C ft=1 fh=2d868c9a5221bd40 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\nsn6A97.tmp"
sh=0DD2E0D7527C504C482682265EF92AF6A2E1A845 ft=1 fh=1714457ec37c7a42 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\nsnBA5B.tmp"
sh=397EA2C8E139073F29D8F4F33C533561A0E70947 ft=1 fh=6cd224074e2139cc vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\nst6F5.tmp"
sh=E097D8CADCC24B2CF54C154977E0785F2F1B0812 ft=1 fh=ec701a58833046b0 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\nsxD1D1.tmp"
sh=7E641C6EE3F2B72831B81AF126C293CC599E28DE ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\tmp-1p7.xpi"
sh=CCA9A5A17CD04A0530E9BDD45E16922CCF94BD04 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\tmp-4uv.xpi"
sh=38E63EDB19C023B394524DFD5B4BF038F99EB4AB ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\tmp-ag8.xpi"
sh=AF023CD20C85601E6874CB788BCAA49AE325A40D ft=1 fh=da3b4c00ec0bc47d vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\693Dtmp\cloud_backup_setup.exe"
sh=6BDA022CEE7A5D0FDBC8E201B123062FDAB8D0E2 ft=1 fh=e97dddb74254d8cd vn="Variante von Win32/AdWare.NaviPromo.AZ Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\693Etmp\genesisinstaller.exe"
sh=F9DF8C6A129CBD5E05C85F2EA389AD988D6BEA8B ft=1 fh=3cfdff7458f4d340 vn="Variante von Win32/AdWare.AddLyrics.BR Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\693Ftmp\3333-2080_speedchecker.exe"
sh=807617DCC6A329C05689BD19BE00EC4203BDF1F8 ft=1 fh=6b92ca387144ec0c vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\6950tmp\mybestofferstoday.exe"
sh=479E03A3846A720787CF7F2CBC3A9CEA06AD752F ft=1 fh=7f8c6d23a3efd749 vn="Win32/Agent.WGA Trojaner" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\6951tmp\setup.exe"
sh=B737B3143B5BB939C7F8087D30B84D45A697EDFB ft=1 fh=b85870fb35754223 vn="Variante von Win32/ELEX.AX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\6952tmp\lly_istartsurf.exe"
sh=9C3F6C2B06D08C5BB112BB0C37B6583EFE4550C8 ft=1 fh=8202483c449e4190 vn="Win32/AdWare.Loadshop.A Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\6953tmp\wp-dcollect-tgu.211.exe"
sh=7CCEF7B1C5795FFBF81F3D88DD5F53D25A28FE8E ft=1 fh=af203ea23d763fd0 vn="Win32/OutBrowse.AO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\6B0Ctmp\shoppinhelper2_setup2c2.03.9.exe"
sh=807617DCC6A329C05689BD19BE00EC4203BDF1F8 ft=1 fh=6b92ca387144ec0c vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\6B2Dtmp\mybestofferstoday.exe"
sh=8F983A9242C9C393DBA6966974362A97818A2C91 ft=1 fh=270797b0b63ad147 vn="Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\6B2Etmp\fastagainsetup.exe"
sh=B58D5AA8A12DDB74DDE97C9541B2242941BA4E3B ft=1 fh=77045453f77bcb91 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\is-29PLM.tmp\conduitinstaller.exe"
sh=E5E4E3DF67EF76B47C8993AC1F35236577124934 ft=1 fh=b4ebd1af99768d94 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\is45637729\2244190_stp\termtutor-setup-1.9.0.8.exe"
sh=4FBD07F6A56404F26EEC26B1B414760EE528AAEA ft=1 fh=7dff93d89cc6e954 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\is45637729\2244276_stp\rcpsetup_adppi15_adppi15.exe"
sh=53710D0AF5A0F57FA49F7183EA0395D3AC1D4791 ft=1 fh=d5332291d75852c0 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\MSIE805.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=8CA8CC2D446C02CCAC3D1657BF0D080F46866B51 ft=1 fh=f889b29708393969 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\MSIE805.tmp-\spbl.dll"
sh=13B9810FD11E624F9CEE5216CF836A445B405CFE ft=1 fh=60c270ccc8601d7b vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\MSIE805.tmp-\sppsm.dll"
sh=77AEDF95EB9FFAD2492371D3FF797F8C2EE6FE27 ft=1 fh=38554c7c33d0a2ec vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\MSIE805.tmp-\spusm.dll"
sh=A11FFA5A1D425D910E4D8170EB6FA24797931534 ft=1 fh=d53347eea837f487 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\MSIE805.tmp-\srbs.dll"
sh=C93C16A5967BF17F37093DE74E933653BFC0516A ft=1 fh=ff85a67c4da32d32 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\MSIE805.tmp-\srbu.dll"
sh=F1BC88C55F21DF3F43C2CAD98C29960CD8D90967 ft=1 fh=5bb3ec1ddf4bbd95 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\MSIE805.tmp-\srptc.dll"
sh=47684BC9F96872C4134DD46689D013BD8E51A14A ft=1 fh=47ffb6bc73749a57 vn="Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Local\Temp\TestIfExeExist\CT3297265\nativeMessaging\TBMessagingHost.exe"
sh=ADA73AFCA1A2B703B4ABF863EB2B1C6ABB03B689 ft=1 fh=59f56b65007ffc77 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\LocalLow\BrotherSoft_Extreme\tbBrot.dll"
sh=068A54F966DB6AC14BCA0E39E2A99E3F0027304D ft=1 fh=39f7a16b0423d981 vn="Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\LocalLow\DivX_Browser_Bar_DE\hk64tbDivX.dll"
sh=CC6AF3A384A61C1C621BA5AB43583E82FF281530 ft=1 fh=bbbd034bf7d0bf76 vn="Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\LocalLow\DivX_Browser_Bar_DE\hktbDivX.dll"
sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\LocalLow\DivX_Browser_Bar_DE\ldrtbDivX.dll"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\LocalLow\DivX_Browser_Bar_DE\tbDivX.dll"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\LocalLow\Vgrabber_v1.4\ldrtbVgra.dll"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\LocalLow\Vgrabber_v1.4\tbVgra.dll"
sh=9ADED0FA6A9F07A5AEF780A67CA98F075DCE5337 ft=1 fh=c33dc6f6e7823d7c vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Roaming\DYISTEC.exe"
sh=9A8C5AF29C87E833E8881CC22C6AA5DD4ACA1A72 ft=1 fh=b65994e10ea9c904 vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Roaming\EVIBZ.exe"
sh=C73557F13264F5005BBA2E4969DBE5ED8F76EE43 ft=1 fh=11450db33cb4f903 vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Roaming\ICLHS.exe"
sh=AF6972A96EBDFF21ACBA29CCC29424AB5A298CB0 ft=1 fh=d29e27007e522373 vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Roaming\TCHMVBY.exe"
sh=FD05DBDF97B4FD241A07724DECC29DCE6EA01B4C ft=1 fh=8237b1f1b8649c57 vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Roaming\UQH.exe"
sh=36E152AB816973B3A7B571FF0EBB70DFE804F44F ft=1 fh=8bc12dc6c24a2404 vn="Variante von Win32/Toolbar.CrossRider.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\AppData\Roaming\YJGWRXDI.exe"
sh=894D413CCB58223FF6C99C01ECF6524F886738F5 ft=1 fh=483ab3832d808c98 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Documents\Downloads\Integrated_BrotherSoft_TB.exe"
sh=C69DF437CBFFA220DBD2669B2D2A391F33D203A5 ft=1 fh=fc565a03233d7ff6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\FileConverter_1_3.exe"
sh=ABD9885EDFA7F2714E9A2A2512ECB294B8A75242 ft=1 fh=d46593929fb6ebf3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\FreeStudio.exe"
sh=16D8F84DFFE7AF956EB573E9ECD61C5017BFA6FD ft=1 fh=79a67e80f2ca1abd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\FreeYouTubeDownload.exe"
sh=FC36E37C5AF2A351DCD003127821BE33E48D56CF ft=1 fh=cc013aa1066e7274 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\FreeYouTubeToMp3Converter (1).exe"
sh=250AD920C538EBAC63102E368FB642EE33AD0593 ft=1 fh=8e020e8f8829bf65 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\FreeYouTubeToMP3Converter (3).exe"
sh=596D78A7F03D1DAEE86BCCE8DD7713AA60E8F9E4 ft=1 fh=8eaf1d336ac02ccc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\FreeYouTubeToMP3Converter (4).exe"
sh=0CE48DA603A5E7431002CE4ACA1F1546C5D6579E ft=1 fh=a7cab65addc4a365 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\FreeYouTubeToMp3Converter.exe"
sh=F26D3750B7D83E87CFC309C372CBCD99AEF5EA60 ft=1 fh=052ab577016968f0 vn="Variante von Win32/ELEX.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\HDfilm.exe"
sh=C90796F421F6CB926ECA073DC9DB0B06C2FB9131 ft=1 fh=12b645393edca65f vn="Variante von Win32/KeyDownload.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\Otshot_installer72.exe"
sh=4AAFD836A0220F2DC418A82D5A31AFB611E42CDC ft=1 fh=8aabd74e4c89e11f vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\SoftonicDownloader_fuer_fifa-09.exe"
sh=786F86D4F813FDBEA02166F003B691F1D45A1217 ft=1 fh=910d5f257fb40190 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\SopCast-3.5.0 (1).exe"
sh=786F86D4F813FDBEA02166F003B691F1D45A1217 ft=1 fh=910d5f257fb40190 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ya-Hü\Downloads\SopCast-3.5.0.exe"
sh=022BDFD43F2C8F7CBB0740457C1FAA19A3804E61 ft=1 fh=fb48ccaad2eefd57 vn="Variante von Win32/TrojanDownloader.Whizelown.K Trojaner" ac=I fn="C:\Users\Ya-Hü\Downloads\WhiteSmokeWriterGeo9139_en (1).exe"
sh=022BDFD43F2C8F7CBB0740457C1FAA19A3804E61 ft=1 fh=fb48ccaad2eefd57 vn="Variante von Win32/TrojanDownloader.Whizelown.K Trojaner" ac=I fn="C:\Users\Ya-Hü\Downloads\WhiteSmokeWriterGeo9139_en (2).exe"
sh=022BDFD43F2C8F7CBB0740457C1FAA19A3804E61 ft=1 fh=fb48ccaad2eefd57 vn="Variante von Win32/TrojanDownloader.Whizelown.K Trojaner" ac=I fn="C:\Users\Ya-Hü\Downloads\WhiteSmokeWriterGeo9139_en (3).exe"
sh=022BDFD43F2C8F7CBB0740457C1FAA19A3804E61 ft=1 fh=fb48ccaad2eefd57 vn="Variante von Win32/TrojanDownloader.Whizelown.K Trojaner" ac=I fn="C:\Users\Ya-Hü\Downloads\WhiteSmokeWriterGeo9139_en (4).exe"
sh=022BDFD43F2C8F7CBB0740457C1FAA19A3804E61 ft=1 fh=fb48ccaad2eefd57 vn="Variante von Win32/TrojanDownloader.Whizelown.K Trojaner" ac=I fn="C:\Users\Ya-Hü\Downloads\WhiteSmokeWriterGeo9139_en.exe"
sh=A690543DBD7525E6DC2EAFFA612EDF9481AAA1FB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EK7ZVTPG\91[1].js"
sh=A690543DBD7525E6DC2EAFFA612EDF9481AAA1FB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EK7ZVTPG\91[1].js"

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Sophos Anti-Virus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2013
TuneUp Utilities Language Pack (de-DE)
Java(TM) 6 Update 27
Java(TM) 6 Update 22
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Google Chrome 36.0.1985.143
Google Chrome 37.0.2062.103
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Sophos Sophos Anti-Virus SavService.exe
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Control swc_service.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Und wie schauts aus...bin ich clean?.. §;o)


FRST Logfile:

FRST Logfile:
--- --- ---

--- --- ---

Java und Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Fertig :)

Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2014
Ran by Ya-Hü at 2014-09-23 23:34:13 Run:1
Running from C:\Users\Ya-Hü\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: http=127.0.0.1:50542;https=127.0.0.1:50542
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.


The system needed a reboot.

==== End of Fixlog ====