Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Pop ups von Flash Player Updates etc. + Flash Player funktioniert nicht mehr (https://www.trojaner-board.de/156450-pop-ups-flash-player-updates-etc-flash-player-funktioniert-mehr.html)

Perserkatze 14.07.2014 21:04
Pop ups von Flash Player Updates etc. + Flash Player funktioniert nicht mehr
 
Hallo ihr Lieben!

seit einigen Tagen und ein bisschen länger habe ich mir vermutlich etwas eingefangen. Es öffnen sich diverse Pop-Upsvon Flash Player und Browser Updates etc. Gleichzeitig kann ich keine Videos mehr via Flash Player anschauen... Dachte erst es wäre ein Flash Player Problem, habe alles deinstalliert und wollte diesen neu installieren -> funktioniert nicht. Öffnet sich im Hintergrund und lässt sich nur über die Prozesse im Task Manager stoppen und sehen.
Mein avast antivir findet nix im scan.

Habe jetzt schon im Hintergrund den Farbar's Recovery Scan Tool laufen.

Da ich mehr halbes als ganzes Wissen bei so etwas habe, bitte ich ganz lieb um Hilfe weil ich ab hier echt nicht weiter weis :/

Schon mal viiiielen super lieben Dank an die Helfenden.

Lieben Gruß

Julia

schrauber 14.07.2014 21:14
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Perserkatze 15.07.2014 07:06
FRST.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by ASUS (administrator) on ASUS-PC on 14-07-2014 21:38:26
Running from C:\Users\ASUS\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe) C:\Users\ASUS\Desktop\install_flashplayer14x32_mssd_aaa_aih.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-06] (AVAST Software)
HKU\S-1-5-21-1697896229-4048069815-419722118-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1697896229-4048069815-419722118-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1697896229-4048069815-419722118-1001\...\MountPoints2: {b3aaca18-56d7-11e2-b48c-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-1697896229-4048069815-419722118-1001\...\MountPoints2: {bfb49cfc-ebcd-11e2-a32e-722f686eea87} - F:\LGAutoRun.exe
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SavingsBull - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\Extensions\SavingsBull@jetpack [2014-02-22]
FF Extension: Adblock Plus - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-24]
FF HKCU\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi
FF Extension: PassShow - C:\Program Files (x86)\PassShow\154.xpi [2014-02-22]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-14] (Advanced Micro Devices, Inc.) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-09-06] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2011-09-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [35840 2011-09-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2011-09-16] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-08] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S0 mfewfpk; system32\drivers\mfewfpk.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-14 21:38 - 2014-07-14 21:39 - 00013539 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-07-14 21:38 - 2014-07-14 21:38 - 00000000 ____D () C:\FRST
2014-07-14 21:37 - 2014-07-14 21:37 - 02086912 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-07-13 13:13 - 2014-07-13 13:13 - 00002216 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\Documents\My Digital Editions
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe_Systems_Incorporate
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-11 19:57 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-11 19:53 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-11 19:53 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-11 19:53 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-11 19:53 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-11 19:53 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-11 19:53 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-11 19:53 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-11 19:53 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-11 19:51 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-11 19:51 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-11 19:51 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-11 19:51 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-11 19:51 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-11 19:51 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-11 19:51 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-11 19:51 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-11 19:51 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-11 19:51 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-11 19:51 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-11 19:51 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-11 19:51 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-11 19:51 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-11 19:51 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-11 19:51 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-11 19:51 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-11 19:51 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-11 19:51 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-11 19:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-11 19:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-11 19:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-11 19:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-11 19:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-11 19:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-11 19:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-11 19:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-11 19:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-11 19:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-11 19:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-11 19:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-11 19:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-11 19:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-11 19:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-11 19:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-11 19:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-11 19:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-11 19:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-11 19:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-11 19:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-11 19:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-11 19:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-11 19:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-11 19:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-11 19:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-11 19:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-11 19:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-11 19:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-11 19:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-11 19:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-11 19:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-11 19:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-11 19:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-11 19:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-11 19:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-11 19:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-11 19:49 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-11 19:48 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-11 19:48 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-08 18:49 - 2014-07-08 18:49 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\No Company Name
2014-07-08 18:38 - 2014-07-08 18:38 - 01057176 _____ (Adobe) C:\Users\ASUS\Desktop\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-30 19:35 - 2014-07-11 20:14 - 00000000 ____D () C:\Users\ASUS\Desktop\wohnung

==================== One Month Modified Files and Folders =======

2014-07-14 21:39 - 2014-07-14 21:38 - 00013539 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-07-14 21:38 - 2014-07-14 21:38 - 00000000 ____D () C:\FRST
2014-07-14 21:37 - 2014-07-14 21:37 - 02086912 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-07-14 21:37 - 2012-02-24 04:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-14 21:34 - 2012-02-24 04:29 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 21:16 - 2014-02-24 09:45 - 01523841 _____ () C:\windows\WindowsUpdate.log
2014-07-14 20:43 - 2009-07-14 06:45 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 20:43 - 2009-07-14 06:45 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 20:36 - 2013-12-23 14:48 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Wise Care 365
2014-07-14 20:35 - 2014-02-24 09:41 - 00020342 _____ () C:\windows\setupact.log
2014-07-14 20:35 - 2013-12-23 14:59 - 00000420 _____ () C:\windows\Tasks\Wise Care 365.job
2014-07-14 20:35 - 2013-02-14 21:48 - 00000380 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2014-07-14 20:35 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-13 13:13 - 2014-07-13 13:13 - 00002216 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\Documents\My Digital Editions
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe_Systems_Incorporate
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-13 13:04 - 2011-02-19 06:24 - 00699666 _____ () C:\windows\system32\perfh007.dat
2014-07-13 13:04 - 2011-02-19 06:24 - 00149774 _____ () C:\windows\system32\perfc007.dat
2014-07-13 13:04 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-13 09:55 - 2013-06-02 14:20 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Skype
2014-07-13 00:45 - 2009-07-14 06:45 - 01658584 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-13 00:42 - 2014-05-01 11:43 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-13 00:42 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 00:42 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-13 00:42 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-11 20:48 - 2013-08-15 06:46 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 20:43 - 2013-01-31 16:45 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-11 20:14 - 2014-06-30 19:35 - 00000000 ____D () C:\Users\ASUS\Desktop\wohnung
2014-07-10 07:00 - 2014-02-22 18:33 - 00065104 _____ () C:\Users\ASUS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 18:52 - 2012-02-24 04:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-08 18:49 - 2014-07-08 18:49 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\No Company Name
2014-07-08 18:38 - 2014-07-08 18:38 - 01057176 _____ (Adobe) C:\Users\ASUS\Desktop\install_flashplayer14x32_mssd_aaa_aih.exe
2014-07-06 09:34 - 2013-02-05 22:19 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe
2014-07-05 10:48 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-04 19:26 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-01 17:53 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-06-30 04:09 - 2014-07-11 19:53 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-11 19:53 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-22 15:34 - 2014-02-24 22:55 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-06-20 22:14 - 2014-07-11 19:51 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-11 19:50 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-19 03:39 - 2014-07-11 19:50 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-11 19:51 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-11 19:50 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-11 19:50 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-11 19:50 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-11 19:50 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-11 19:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 02:41 - 2014-07-11 19:50 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 02:32 - 2014-07-11 19:50 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-11 19:51 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-11 19:50 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-11 19:50 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-11 19:50 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-11 19:50 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-11 19:51 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-11 19:50 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-11 19:50 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-11 19:51 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-11 19:51 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-11 19:50 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-11 19:50 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-11 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-11 19:50 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-11 19:50 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-11 19:50 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-11 19:51 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-11 19:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-11 19:50 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-11 19:50 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-11 19:51 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-11 19:51 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 01:28 - 2014-07-11 19:50 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 01:27 - 2014-07-11 19:50 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-11 19:50 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-11 19:50 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-11 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-11 19:51 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-11 19:51 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-11 19:51 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-11 19:50 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-11 19:51 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-11 19:50 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-11 19:50 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-11 19:50 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-11 19:50 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-11 19:51 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-11 19:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-11 19:51 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-11 19:50 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-11 19:51 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-11 19:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-11 19:50 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-11 19:51 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-11 19:50 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-11 19:53 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-11 19:53 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-11 19:53 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\avgnt.exe
C:\Users\ASUS\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\ASUS\AppData\Local\Temp\readSTILog.dll
C:\Users\ASUS\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 19:16

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014 01
Ran by ASUS at 2014-07-14 21:40:33
Running from C:\Users\ASUS\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.709.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{EC591B58-07C2-1BF3-C2DB-7CBA363B7A08}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60713.1822 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.16 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
ASUS Sonic Focus (HKLM-x32\...\{B0002707-4F7E-4745-88A7-852DA8A88635}) (Version: 1.0.0.5 - Synopsys )
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bubbletown (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}) (Version:  - Oberon Media)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0713.1829.31376 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0713.1830.31376 - Advanced Micro Devices, Inc.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadtime Stories (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}) (Version:  - Oberon Media)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version:  - Oberon Media)
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Farm Frenzy 3 - Madagascar (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}) (Version:  - Oberon Media)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\Game Park Console) (Version: 1.2.4.431 - Oberon Media Inc.)
Go Go Gourmet Chef of the Year (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}) (Version:  - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 15.0.874.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.79 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LG United Mobile Drivers (HKLM-x32\...\{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}) (Version: 3.6.0.0 - LG Electronics)
Mahjong Memoirs (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
PassShow (HKLM-x32\...\711b30bb-9a27-492e-96b8-946705ab6197) (Version:  - PassShow Software) <==== ATTENTION
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs Zombies (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}) (Version:  - Oberon Media)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
SavingsbullFilter (Version: 1.0.0.0 - SavingsBull Filter) Hidden <==== ATTENTION
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Turbo Fiesta (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}) (Version:  - Oberon Media)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
Wise Care 365 2.95 (HKLM-x32\...\Wise Care 365_is1) (Version: 2.95 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.92 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.92 - WiseCleaner.com, Inc.)
World of Goo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}) (Version:  - Oberon Media)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 16.4.3505.0912 - Корпорация Майкрософт) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

13-06-2014 18:53:10 Windows Update
19-06-2014 16:36:31 Windows Update
24-06-2014 16:15:30 Windows Update
29-06-2014 13:53:18 Windows Update
04-07-2014 15:48:13 Windows Update
08-07-2014 16:40:26 Removed Adobe Photoshop Elements 12.
10-07-2014 05:04:36 Windows Update
11-07-2014 18:39:07 Windows Update
14-07-2014 19:32:03 Removed Adobe Download Assistant

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B3022E3-1822-42D2-853B-060D9B16FE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {19F28411-035E-464D-BF94-FFC93716678E} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-12-09] (WiseCleaner.com)
Task: {3CA3CE29-FE94-4D79-A3E2-AA258B35137B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)
Task: {5F4C1386-8475-4890-A8C9-7821EC7C5DE1} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {91AB53EC-1B47-4BE4-A128-72A04FDB966E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-08] (AVAST Software)
Task: {9BA0A356-EE65-43BD-B5A8-7685CFAC2F3B} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {FB6B85F8-1569-44D1-A3D3-386CAE86580C} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-01-21] (WiseCleaner.COM)
Task: {FF62E251-D159-43A7-8B1D-0C83F02A96ED} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PassShow Update.job => C:\Program Files (x86)\PassShow\PsUP.exe <==== ATTENTION
Task: C:\windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2011-07-14 04:23 - 2011-07-14 04:23 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-14 19:02 - 2014-07-14 19:02 - 02792960 _____ () C:\Program Files\AVAST Software\Avast\defs\14071400\algo.dll
2014-07-14 20:37 - 2014-07-14 20:37 - 02792960 _____ () C:\Program Files\AVAST Software\Avast\defs\14071401\algo.dll
2012-02-21 15:49 - 2012-02-21 15:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-01-12 18:17 - 2012-01-12 18:17 - 00204800 _____ () C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
2010-08-20 19:57 - 2010-08-20 19:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 19:57 - 2010-08-20 19:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-01-31 10:25 - 2012-01-31 10:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2014-02-24 22:54 - 2014-02-24 22:54 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-11 19:36 - 2014-06-11 19:37 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2014 09:32:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.7.0, Zeitstempel: 0x51b24edb
Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.7.0, Zeitstempel: 0x51b24edb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001d3c
ID des fehlerhaften Prozesses: 0x1014
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (05/23/2014 09:32:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.18150, Zeitstempel: 0x518c6df8
Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.18150, Zeitstempel: 0x518c7e2e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001d7d3f
ID des fehlerhaften Prozesses: 0xf90
Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0
Pfad der fehlerhaften Anwendung: wmplayer.exe1
Pfad des fehlerhaften Moduls: wmplayer.exe2
Berichtskennung: wmplayer.exe3

Error: (05/23/2014 09:31:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.18150, Zeitstempel: 0x518c6df8
Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.18150, Zeitstempel: 0x518c7e2e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001d7d3f
ID des fehlerhaften Prozesses: 0xe34
Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0
Pfad der fehlerhaften Anwendung: wmplayer.exe1
Pfad des fehlerhaften Moduls: wmplayer.exe2
Berichtskennung: wmplayer.exe3

Error: (05/23/2014 09:31:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.18150, Zeitstempel: 0x518c6df8
Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.18150, Zeitstempel: 0x518c7e2e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001d7d3f
ID des fehlerhaften Prozesses: 0x13a0
Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0
Pfad der fehlerhaften Anwendung: wmplayer.exe1
Pfad des fehlerhaften Moduls: wmplayer.exe2
Berichtskennung: wmplayer.exe3

Error: (05/08/2014 02:46:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 634

Startzeit: 01cf6aba71a3e11c

Endzeit: 142

Anwendungspfad: C:\windows\Explorer.EXE

Berichts-ID: bee65d64-d6ae-11e3-b1c3-722f686eea87

Error: (04/27/2014 05:32:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 50c

Startzeit: 01cf622dd44f6353

Endzeit: 115

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 2bfcd600-ce21-11e3-a1af-722f686eea87

Error: (04/23/2014 07:35:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e37
Name des fehlerhaften Moduls: xul.dll, Version: 28.0.0.5186, Zeitstempel: 0x53240e04
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00184729
ID des fehlerhaften Prozesses: 0x13e0
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3


System errors:
=============
Error: (07/14/2014 08:36:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk

Error: (07/14/2014 08:35:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee OOBE Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/14/2014 07:14:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/14/2014 07:01:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk

Error: (07/14/2014 07:00:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee OOBE Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/14/2014 07:32:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/14/2014 07:24:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk

Error: (07/14/2014 07:24:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee OOBE Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/14/2014 01:30:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/14/2014 01:24:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk


Microsoft Office Sessions:
=========================
Error: (05/23/2014 09:32:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.0.7.051b24edbvlc.exe2.0.7.051b24edbc000000500001d3c101401cf76bdaa854fa7C:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\vlc.exe02c52bb6-e2b1-11e3-aa4d-722f686eea87

Error: (05/23/2014 09:32:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmplayer.exe12.0.7601.18150518c6df8wmp.dll12.0.7601.18150518c7e2ec0000005001d7d3ff9001cf76bdc1946a5aC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\windows\system32\wmp.dllfffb2fa8-e2b0-11e3-aa4d-722f686eea87

Error: (05/23/2014 09:31:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmplayer.exe12.0.7601.18150518c6df8wmp.dll12.0.7601.18150518c7e2ec0000005001d7d3fe3401cf76bda661e371C:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\windows\system32\wmp.dlle4877edf-e2b0-11e3-aa4d-722f686eea87

Error: (05/23/2014 09:31:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmplayer.exe12.0.7601.18150518c6df8wmp.dll12.0.7601.18150518c7e2ec0000005001d7d3f13a001cf76bd99b19470C:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\windows\system32\wmp.dlld977e841-e2b0-11e3-aa4d-722f686eea87

Error: (05/08/2014 02:46:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756763401cf6aba71a3e11c142C:\windows\Explorer.EXEbee65d64-d6ae-11e3-b1c3-722f686eea87

Error: (04/27/2014 05:32:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe28.0.0.518650c01cf622dd44f6353115C:\Program Files (x86)\Mozilla Firefox\firefox.exe2bfcd600-ce21-11e3-a1af-722f686eea87

Error: (04/23/2014 07:35:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c00000050018472913e001cf5eb576d8e593C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll14ff41c9-caa9-11e3-a06f-722f686eea87


CodeIntegrity Errors:
===================================
  Date: 2013-02-02 17:16:31.435
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\ASUS\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 17:16:26.412
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\ASUS\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 17:16:21.233
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\ASUS\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 17:16:16.100
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\ASUS\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 17:14:36.057
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\ASUS\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 17:14:30.909
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\ASUS\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 17:14:25.730
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\ASUS\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 17:14:20.551
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\ASUS\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 17:13:41.051
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\ASUS\Documents\boot\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 17:13:35.981
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\ASUS\Documents\boot\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 5739.66 MB
Available physical RAM: 3471.08 MB
Total Pagefile: 11477.49 MB
Available Pagefile: 9014.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:128 GB) (Free:64.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:144.99 GB) (Free:125.76 GB) NTFS
Drive e: (Sims3) (CDROM) (Total:5.56 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: FB54197A)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=145 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 15.07.2014 20:40
Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Perserkatze 16.07.2014 19:10
Also der Revo Uninstaller hat keine o.g. Dateien beinhaltet die solch einen Zusatz hatten.

Habe daraufhin Combofix durchlaufen lassen. Dabei kam folgendes raus

Code:
ComboFix 14-07-16.02 - ASUS 16.07.2014  19:42:35.1.2 - x64
ausgeführt von:: c:\users\ASUS\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WiseBootAssistant
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-06-16 bis 2014-07-16  ))))))))))))))))))))))))))))))
.
.
2014-07-16 17:56 . 2014-07-16 17:56        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-07-16 17:32 . 2014-07-16 17:32        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-07-15 05:58 . 2014-07-02 03:09        10924376        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7341E70C-2D19-4AEB-BA8E-E84FB5663C85}\mpengine.dll
2014-07-14 19:38 . 2014-07-14 20:10        --------        d-----w-        C:\FRST
2014-07-13 11:13 . 2014-07-13 11:13        --------        d-----w-        c:\users\ASUS\AppData\Local\Adobe_Systems_Incorporate
2014-07-11 17:53 . 2014-06-18 02:19        1247232        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-11 17:51 . 2014-06-19 00:53        48640        ----a-w-        c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-07-11 17:50 . 2014-06-19 01:06        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-07-11 17:49 . 2014-06-05 14:45        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-07-11 17:48 . 2014-06-05 14:26        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-07-11 17:48 . 2014-06-05 14:25        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-07-08 16:49 . 2014-07-08 16:49        --------        d-----w-        c:\users\ASUS\AppData\Roaming\No Company Name
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 17:58 . 2013-02-14 19:48        380        ----a-w-        c:\users\ASUS\AppData\Roaming\sp_data.sys
2014-07-11 18:43 . 2013-01-31 14:45        96441528        ----a-w-        c:\windows\system32\MRT.exe
2014-05-16 17:18 . 2014-02-24 20:55        85328        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-05-16 17:18 . 2014-02-24 20:55        1039096        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-05-16 17:18 . 2014-02-24 20:55        423240        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-05-08 12:43 . 2014-05-08 12:43        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-05-08 12:43 . 2014-02-24 20:55        208416        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-05-08 12:43 . 2014-02-24 20:55        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-05-08 12:43 . 2014-02-24 20:55        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-05-08 12:43 . 2014-02-24 20:54        334648        ----a-w-        c:\windows\system32\aswBoot.exe
2014-05-08 12:43 . 2014-02-24 20:55        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-05-08 12:43 . 2014-05-08 12:43        43152        ----a-w-        c:\windows\avastSS.scr
2014-05-02 02:37 . 2014-06-12 19:21        116736        ----a-w-        c:\windows\system32\drivers\UMDF\WUDFUsbccidDriver.dll
2014-04-25 02:34 . 2014-06-12 19:21        801280        ----a-w-        c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-12 19:21        626688        ----a-w-        c:\windows\SysWow64\usp10.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-14 19:15        220632        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-14 19:15        220632        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-14 19:15        220632        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21446272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-06 3890208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2014-07-16 c:\windows\Tasks\Wise Care 365.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-12-23 13:38]
.
2014-03-10 c:\windows\Tasks\Wise Turbo Checker.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-12-23 14:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-14 19:15        244696        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-14 19:15        244696        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-14 19:15        244696        ----a-w-        c:\users\ASUS\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-08 12:43        290888        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09        227840        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09        227840        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1697896229-4048069815-419722118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1697896229-4048069815-419722118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-16  20:06:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-07-16 18:06
.
Vor Suchlauf: 10 Verzeichnis(se), 69.489.651.712 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 68.719.792.128 Bytes frei
.
- - End Of File - - 026D47B460A9A74AA9F4FD0836D696F5
A36C5E4F47E84449FF07ED3517B43A31
Lieben Gruß und Danke

Julia

schrauber 17.07.2014 15:17
Richtig lesen bitte:

Den Zusatz findest Du in der Addition.txt von FRST, das Programm dann mit Revo deinstallieren. Mach das bitte, dann:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Perserkatze 23.07.2014 21:14
Hallo, Danke für die Antwort und den Hinweis!

zuerst die MBAM
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 23.07.2014
Suchlauf-Zeit: 20:54:00
Logdatei: Suchlaufprotokoll.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.23.07
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ASUS

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 294984
Verstrichene Zeit: 20 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 9
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [c23130724b30d46295967be008fa2cd4],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [9261633fdaa1ac8ae352319b6b978a76],
PUP.Optional.SavingsBull.A, HKLM\SOFTWARE\Savings Bull, In Quarantäne, [1ed51f83502b2511418bb3386d9518e8],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{813BA625-B0FA-48D8-9B75-59759C88C219}, In Quarantäne, [787ba8fa57245adc546cd70222e04cb4],
PUP.Optional.SavingsBull.A, HKLM\SOFTWARE\WOW6432NODE\SavingsbullFilter, In Quarantäne, [22d1317183f874c2c30bf6f5d9297d83],
PUP.Optional.SavingsBull.A, HKU\S-1-5-21-1697896229-4048069815-419722118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavingsBull, In Quarantäne, [11e2c1e17b0065d1f8a98d916b998a76],
PUP.Optional.SavingsBull.A, HKU\S-1-5-21-1697896229-4048069815-419722118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Bull, In Quarantäne, [945f237f83f8fc3afecd4c9f58aaf10f],
PUP.Optional.SavingsBull.A, HKU\S-1-5-21-1697896229-4048069815-419722118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavingsBull, In Quarantäne, [d221b7ebc1ba52e468380e108381748c],
PUP.Optional.PassShow.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\711b30bb-9a27-492e-96b8-946705ab6197, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 33
PUP.Optional.SavingsBull.A, C:\PROGRAM FILES\SAVINGSBULLFILTER, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\PROGRAM FILES (X86)\SAVINGSBULL, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\defaults, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\defaults\preferences, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\locale, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\resources, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\addon-kit, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\ADDON-KIT\data, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\ADDON-KIT\lib, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\api-utils, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\data, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\addon, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\content, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\dom, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\event, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\events, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\l10n, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\private-browsing, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\system, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\tabs, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\traits, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\utils, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\window, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\windows, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\SavingsBull, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\SAVINGSBULL\data, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\SAVINGSBULL\lib, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\SAVINGSBULL\tests, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.PassShow.A, C:\PROGRAM FILES (X86)\PassShow, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.Adpeak, C:\PROGRAM FILES\LEVEL QUALITY WATCHER, In Quarantäne, [f4ff287a27540a2c36ed8c3224dea45c],
PUP.Optional.Adpeak, C:\PROGRAM FILES\LEVEL QUALITY WATCHER\v1.01, In Quarantäne, [f4ff287a27540a2c36ed8c3224dea45c],

Dateien: 116
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\sample.dll, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\Installbat64.dll, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\Microsoft.Deployment.WindowsInstaller.dll, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\Microsoft.Deployment.WindowsInstaller.xml, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\nfapi.dll, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\nfregdrv.exe, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\ProtocolFilters.dll, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\background.js, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\bootstrap.js, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\bootstrap.js.old, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\CustomActionInstall, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\CustomActionUninstall, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\ff_main.js.old, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon128.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon16.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon32.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon48.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon64.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon8.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\manifest.json, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\marcopolo.js, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\Microsoft.Deployment.WindowsInstaller.dll, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\Microsoft.Deployment.WindowsInstaller.xml, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\SendJson.dll, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\bootstrap.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\harness-options.json, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\icon.png, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\install.rdf, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\locales.json, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\defaults\preferences\prefs.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\addon-kit\lib\page-mod.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\addon-kit\lib\private-browsing.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\addon-kit\lib\request.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\addon-kit\lib\windows.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\heritage.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\api-utils.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\base64.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\byte-streams.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\collection.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\cortex.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\cuddlefish.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\deprecate.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\environment.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\errors.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\events.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\file.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\functional.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\globals.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\hidden-frame.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\light-traits.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\list.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\loader.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\match-pattern.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\memory.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\namespace.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\observer-service.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\plain-text-console.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\preferences-service.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\promise.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\querystring.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\runtime.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\sandbox.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\self.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\system.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\text-streams.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\timer.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\traceback.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\traits.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\unload.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\url.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\uuid.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\window-utils.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\xhr.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\xpcom.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\xul-app.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\addon\runner.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content\content-proxy.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content\content-worker.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content\loader.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content\symbiont.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content\worker.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\dom\events.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\event\core.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\event\target.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\events\assembler.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n\core.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n\html.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n\loader.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n\locale.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n\prefs.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\private-browsing\utils.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\system\events.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\tabs\events.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\tabs\observer.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\tabs\tab.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\tabs\utils.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\traits\core.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\utils\data.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\utils\object.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\utils\registry.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\utils\thumbnail.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\window\utils.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\windows\dom.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\windows\loader.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\windows\observer.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\windows\tabs.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\SavingsBull\data\icon64.png, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\SavingsBull\lib\main.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\154.crx, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\154.dat, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\154.xpi, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\a.db, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\b.db, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\Sqlite3.dll, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\Uninstall.exe, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],

Physische Sektoren: 0
(No malicious items detected)


(end)
ADW Cleaner
Code:
# AdwCleaner v3.216 - Bericht erstellt am 23/07/2014 um 21:33:06
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ASUS - ASUS-PC
# Gestartet von : C:\Users\ASUS\Desktop\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Ordner Gelöscht : C:\windows\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219}
Datei Gelöscht : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1801 octets] - [23/07/2014 21:25:01]
AdwCleaner[S0].txt - [1722 octets] - [23/07/2014 21:33:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1782 octets] ##########
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ASUS on 23.07.2014 at 21:40:18,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\windows\Tasks\wise care 365.job"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\z40bnesm.default\minidumps [97 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2014 at 22:04:09,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
eine neue FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by ASUS (administrator) on ASUS-PC on 23-07-2014 22:07:06
Running from C:\Users\ASUS\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-18] (AVAST Software)
HKU\S-1-5-21-1697896229-4048069815-419722118-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1697896229-4048069815-419722118-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-24]
FF HKCU\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-14] (Advanced Micro Devices, Inc.) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-18] (AVAST Software)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-09-06] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2011-09-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [35840 2011-09-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2011-09-16] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-18] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-18] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-23] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 mfewfpk; system32\drivers\mfewfpk.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 22:06 - 2014-07-23 22:06 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-07-23 22:04 - 2014-07-23 22:04 - 00000824 _____ () C:\Users\ASUS\Desktop\JRT.txt
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\windows\ERUNT
2014-07-23 21:39 - 2014-07-23 21:39 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-07-23 21:37 - 2014-07-23 21:37 - 00001862 _____ () C:\Users\ASUS\Desktop\AdwCleaner[S0].txt
2014-07-23 21:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-23 21:24 - 2014-07-23 21:33 - 00000000 ____D () C:\AdwCleaner
2014-07-23 21:23 - 2014-07-23 21:23 - 01354223 _____ () C:\Users\ASUS\Desktop\adwcleaner_3.216.exe
2014-07-23 21:21 - 2014-07-23 21:21 - 00031957 _____ () C:\Users\ASUS\Desktop\mbam.txt
2014-07-23 20:52 - 2014-07-23 21:19 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 20:51 - 2014-07-23 20:51 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 20:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-23 20:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-23 20:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-18 12:48 - 2014-07-18 12:48 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-16 20:06 - 2014-07-16 20:06 - 00017525 _____ () C:\ComboFix.txt
2014-07-16 19:39 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-16 19:39 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-16 19:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-16 19:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-16 19:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-16 19:39 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-16 19:39 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-16 19:39 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-16 19:38 - 2014-07-16 20:06 - 00000000 ____D () C:\Qoobox
2014-07-16 19:38 - 2014-07-16 20:02 - 00000000 ____D () C:\windows\erdnt
2014-07-16 19:35 - 2014-07-16 19:36 - 05221447 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-07-16 19:32 - 2014-07-16 19:32 - 00001294 _____ () C:\Users\ASUS\Desktop\Revo Uninstaller.lnk
2014-07-16 19:32 - 2014-07-16 19:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-14 21:38 - 2014-07-23 22:07 - 00013056 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-07-14 21:38 - 2014-07-23 22:07 - 00000000 ____D () C:\FRST
2014-07-14 21:37 - 2014-07-23 22:06 - 02091520 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-07-13 13:13 - 2014-07-13 13:13 - 00002216 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\Documents\My Digital Editions
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe_Systems_Incorporate
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-11 19:57 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-11 19:53 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-11 19:53 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-11 19:53 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-11 19:53 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-11 19:53 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-11 19:53 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-11 19:53 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-11 19:53 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-11 19:51 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-11 19:51 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-11 19:51 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-11 19:51 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-11 19:51 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-11 19:51 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-11 19:51 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-11 19:51 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-11 19:51 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-11 19:51 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-11 19:51 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-11 19:51 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-11 19:51 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-11 19:51 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-11 19:51 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-11 19:51 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-11 19:51 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-11 19:51 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-11 19:51 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-11 19:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-11 19:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-11 19:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-11 19:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-11 19:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-11 19:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-11 19:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-11 19:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-11 19:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-11 19:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-11 19:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-11 19:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-11 19:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-11 19:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-11 19:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-11 19:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-11 19:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-11 19:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-11 19:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-11 19:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-11 19:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-11 19:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-11 19:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-11 19:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-11 19:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-11 19:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-11 19:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-11 19:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-11 19:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-11 19:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-11 19:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-11 19:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-11 19:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-11 19:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-11 19:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-11 19:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-11 19:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-11 19:49 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-11 19:48 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-11 19:48 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-08 18:49 - 2014-07-08 18:49 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\No Company Name
2014-07-08 18:38 - 2014-07-08 18:38 - 01057176 _____ (Adobe) C:\Users\ASUS\Desktop\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-30 19:35 - 2014-07-11 20:14 - 00000000 ____D () C:\Users\ASUS\Desktop\wohnung

==================== One Month Modified Files and Folders =======

2014-07-23 22:08 - 2014-07-14 21:38 - 00013056 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-07-23 22:07 - 2014-07-14 21:38 - 00000000 ____D () C:\FRST
2014-07-23 22:06 - 2014-07-23 22:06 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-07-23 22:06 - 2014-07-14 21:37 - 02091520 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-07-23 22:04 - 2014-07-23 22:04 - 00000824 _____ () C:\Users\ASUS\Desktop\JRT.txt
2014-07-23 21:41 - 2009-07-14 06:45 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-23 21:41 - 2009-07-14 06:45 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\windows\ERUNT
2014-07-23 21:39 - 2014-07-23 21:39 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-07-23 21:38 - 2013-06-02 14:20 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Skype
2014-07-23 21:37 - 2014-07-23 21:37 - 00001862 _____ () C:\Users\ASUS\Desktop\AdwCleaner[S0].txt
2014-07-23 21:34 - 2014-02-24 09:41 - 00210262 _____ () C:\windows\PFRO.log
2014-07-23 21:34 - 2014-02-24 09:41 - 00020846 _____ () C:\windows\setupact.log
2014-07-23 21:34 - 2013-02-14 21:48 - 00000380 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2014-07-23 21:34 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-23 21:33 - 2014-07-23 21:24 - 00000000 ____D () C:\AdwCleaner
2014-07-23 21:33 - 2014-02-24 09:45 - 01719725 _____ () C:\windows\WindowsUpdate.log
2014-07-23 21:23 - 2014-07-23 21:23 - 01354223 _____ () C:\Users\ASUS\Desktop\adwcleaner_3.216.exe
2014-07-23 21:21 - 2014-07-23 21:21 - 00031957 _____ () C:\Users\ASUS\Desktop\mbam.txt
2014-07-23 21:19 - 2014-07-23 20:52 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 21:16 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-07-23 20:51 - 2014-07-23 20:51 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 20:47 - 2012-02-24 04:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-23 20:39 - 2011-02-19 06:24 - 00699666 _____ () C:\windows\system32\perfh007.dat
2014-07-23 20:39 - 2011-02-19 06:24 - 00149774 _____ () C:\windows\system32\perfc007.dat
2014-07-23 20:39 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-23 20:36 - 2013-12-23 14:59 - 00000400 _____ () C:\windows\Tasks\Wise Turbo Checker.job
2014-07-23 20:36 - 2012-02-24 04:29 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 12:48 - 2014-07-18 12:48 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-18 12:48 - 2014-05-08 14:43 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-07-18 12:48 - 2014-02-24 22:55 - 00001978 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-18 12:48 - 2014-02-24 22:54 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-16 20:06 - 2014-07-16 20:06 - 00017525 _____ () C:\ComboFix.txt
2014-07-16 20:06 - 2014-07-16 19:38 - 00000000 ____D () C:\Qoobox
2014-07-16 20:02 - 2014-07-16 19:38 - 00000000 ____D () C:\windows\erdnt
2014-07-16 19:59 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-07-16 19:57 - 2009-07-14 04:34 - 89653248 _____ () C:\windows\system32\config\software.bak
2014-07-16 19:57 - 2009-07-14 04:34 - 20709376 _____ () C:\windows\system32\config\system.bak
2014-07-16 19:57 - 2009-07-14 04:34 - 00524288 _____ () C:\windows\system32\config\default.bak
2014-07-16 19:57 - 2009-07-14 04:34 - 00262144 _____ () C:\windows\system32\config\security.bak
2014-07-16 19:57 - 2009-07-14 04:34 - 00262144 _____ () C:\windows\system32\config\sam.bak
2014-07-16 19:36 - 2014-07-16 19:35 - 05221447 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-07-16 19:32 - 2014-07-16 19:32 - 00001294 _____ () C:\Users\ASUS\Desktop\Revo Uninstaller.lnk
2014-07-16 19:32 - 2014-07-16 19:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-16 19:28 - 2013-12-23 14:48 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Wise Care 365
2014-07-14 21:37 - 2012-02-24 04:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-13 13:13 - 2014-07-13 13:13 - 00002216 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\Documents\My Digital Editions
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe_Systems_Incorporate
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-13 00:45 - 2009-07-14 06:45 - 01658584 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-13 00:42 - 2014-05-01 11:43 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-13 00:42 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 00:42 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-13 00:42 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-11 20:48 - 2013-08-15 06:46 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 20:43 - 2013-01-31 16:45 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-11 20:14 - 2014-06-30 19:35 - 00000000 ____D () C:\Users\ASUS\Desktop\wohnung
2014-07-10 07:00 - 2014-02-22 18:33 - 00065104 _____ () C:\Users\ASUS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 18:52 - 2012-02-24 04:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-08 18:49 - 2014-07-08 18:49 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\No Company Name
2014-07-08 18:38 - 2014-07-08 18:38 - 01057176 _____ (Adobe) C:\Users\ASUS\Desktop\install_flashplayer14x32_mssd_aaa_aih.exe
2014-07-06 09:34 - 2013-02-05 22:19 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe
2014-07-05 10:48 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-04 19:26 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-01 17:53 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-06-30 04:09 - 2014-07-11 19:53 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-11 19:53 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 13:04

==================== End Of Log ============================
--- --- ---


Vielen Dank für die Hilfe :)

Lieben Gruß
Julia

Perserkatze 23.07.2014 21:15
Hallo, Danke für die Antwort und den Hinweis!

zuerst die MBAM
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 23.07.2014
Suchlauf-Zeit: 20:54:00
Logdatei: Suchlaufprotokoll.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.23.07
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ASUS

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 294984
Verstrichene Zeit: 20 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 9
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [c23130724b30d46295967be008fa2cd4],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [9261633fdaa1ac8ae352319b6b978a76],
PUP.Optional.SavingsBull.A, HKLM\SOFTWARE\Savings Bull, In Quarantäne, [1ed51f83502b2511418bb3386d9518e8],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{813BA625-B0FA-48D8-9B75-59759C88C219}, In Quarantäne, [787ba8fa57245adc546cd70222e04cb4],
PUP.Optional.SavingsBull.A, HKLM\SOFTWARE\WOW6432NODE\SavingsbullFilter, In Quarantäne, [22d1317183f874c2c30bf6f5d9297d83],
PUP.Optional.SavingsBull.A, HKU\S-1-5-21-1697896229-4048069815-419722118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavingsBull, In Quarantäne, [11e2c1e17b0065d1f8a98d916b998a76],
PUP.Optional.SavingsBull.A, HKU\S-1-5-21-1697896229-4048069815-419722118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Bull, In Quarantäne, [945f237f83f8fc3afecd4c9f58aaf10f],
PUP.Optional.SavingsBull.A, HKU\S-1-5-21-1697896229-4048069815-419722118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavingsBull, In Quarantäne, [d221b7ebc1ba52e468380e108381748c],
PUP.Optional.PassShow.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\711b30bb-9a27-492e-96b8-946705ab6197, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 33
PUP.Optional.SavingsBull.A, C:\PROGRAM FILES\SAVINGSBULLFILTER, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\PROGRAM FILES (X86)\SAVINGSBULL, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\defaults, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\defaults\preferences, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\locale, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\resources, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\addon-kit, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\ADDON-KIT\data, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\ADDON-KIT\lib, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\api-utils, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\data, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\addon, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\content, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\dom, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\event, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\events, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\l10n, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\private-browsing, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\system, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\tabs, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\traits, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\utils, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\window, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\API-UTILS\lib\windows, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\SavingsBull, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\SAVINGSBULL\data, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\SAVINGSBULL\lib, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\Z40BNESM.DEFAULT\EXTENSIONS\SAVINGSBULL@JETPACK\RESOURCES\SAVINGSBULL\tests, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.PassShow.A, C:\PROGRAM FILES (X86)\PassShow, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.Adpeak, C:\PROGRAM FILES\LEVEL QUALITY WATCHER, In Quarantäne, [f4ff287a27540a2c36ed8c3224dea45c],
PUP.Optional.Adpeak, C:\PROGRAM FILES\LEVEL QUALITY WATCHER\v1.01, In Quarantäne, [f4ff287a27540a2c36ed8c3224dea45c],

Dateien: 116
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\sample.dll, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\Installbat64.dll, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\Microsoft.Deployment.WindowsInstaller.dll, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\Microsoft.Deployment.WindowsInstaller.xml, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\nfapi.dll, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\nfregdrv.exe, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files\SavingsbullFilter\ProtocolFilters.dll, In Quarantäne, [9261584a96e532049733cc1f9f637090],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\background.js, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\bootstrap.js, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\bootstrap.js.old, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\CustomActionInstall, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\CustomActionUninstall, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\ff_main.js.old, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon128.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon16.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon32.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon48.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon64.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\icon8.png, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\manifest.json, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\marcopolo.js, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\Microsoft.Deployment.WindowsInstaller.dll, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\Microsoft.Deployment.WindowsInstaller.xml, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Program Files (x86)\SavingsBull\SendJson.dll, In Quarantäne, [1dd6346ed5a69a9c58178f1b56ace11f],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\bootstrap.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\harness-options.json, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\icon.png, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\install.rdf, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\locales.json, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\defaults\preferences\prefs.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\addon-kit\lib\page-mod.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\addon-kit\lib\private-browsing.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\addon-kit\lib\request.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\addon-kit\lib\windows.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\heritage.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\api-utils.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\base64.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\byte-streams.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\collection.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\cortex.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\cuddlefish.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\deprecate.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\environment.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\errors.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\events.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\file.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\functional.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\globals.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\hidden-frame.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\light-traits.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\list.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\loader.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\match-pattern.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\memory.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\namespace.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\observer-service.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\plain-text-console.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\preferences-service.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\promise.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\querystring.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\runtime.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\sandbox.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\self.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\system.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\text-streams.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\timer.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\traceback.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\traits.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\unload.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\url.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\uuid.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\window-utils.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\xhr.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\xpcom.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\xul-app.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\addon\runner.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content\content-proxy.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content\content-worker.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content\loader.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content\symbiont.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\content\worker.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\dom\events.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\event\core.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\event\target.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\events\assembler.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n\core.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n\html.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n\loader.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n\locale.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n\prefs.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\private-browsing\utils.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\system\events.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\tabs\events.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\tabs\observer.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\tabs\tab.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\tabs\utils.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\traits\core.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\utils\data.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\utils\object.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\utils\registry.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\utils\thumbnail.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\window\utils.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\windows\dom.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\windows\loader.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\windows\observer.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\api-utils\lib\windows\tabs.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\SavingsBull\data\icon64.png, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.SavingsBull.A, C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\extensions\SavingsBull@jetpack\resources\SavingsBull\lib\main.js, In Quarantäne, [ee053c6619622d09dd67affd8a78d828],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\154.crx, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\154.dat, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\154.xpi, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\a.db, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\b.db, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\Sqlite3.dll, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],
PUP.Optional.PassShow.A, C:\Program Files (x86)\PassShow\Uninstall.exe, In Quarantäne, [9b58c2e0e6952412706609aa0df534cc],

Physische Sektoren: 0
(No malicious items detected)


(end)
ADW Cleaner
Code:
# AdwCleaner v3.216 - Bericht erstellt am 23/07/2014 um 21:33:06
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ASUS - ASUS-PC
# Gestartet von : C:\Users\ASUS\Desktop\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Ordner Gelöscht : C:\windows\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219}
Datei Gelöscht : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1801 octets] - [23/07/2014 21:25:01]
AdwCleaner[S0].txt - [1722 octets] - [23/07/2014 21:33:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1782 octets] ##########
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ASUS on 23.07.2014 at 21:40:18,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\windows\Tasks\wise care 365.job"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\z40bnesm.default\minidumps [97 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2014 at 22:04:09,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
eine neue FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by ASUS (administrator) on ASUS-PC on 23-07-2014 22:07:06
Running from C:\Users\ASUS\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-18] (AVAST Software)
HKU\S-1-5-21-1697896229-4048069815-419722118-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1697896229-4048069815-419722118-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\z40bnesm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-24]
FF HKCU\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-14] (Advanced Micro Devices, Inc.) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-18] (AVAST Software)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-09-06] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2011-09-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [35840 2011-09-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2011-09-16] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-18] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-18] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-23] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 mfewfpk; system32\drivers\mfewfpk.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 22:06 - 2014-07-23 22:06 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-07-23 22:04 - 2014-07-23 22:04 - 00000824 _____ () C:\Users\ASUS\Desktop\JRT.txt
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\windows\ERUNT
2014-07-23 21:39 - 2014-07-23 21:39 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-07-23 21:37 - 2014-07-23 21:37 - 00001862 _____ () C:\Users\ASUS\Desktop\AdwCleaner[S0].txt
2014-07-23 21:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-23 21:24 - 2014-07-23 21:33 - 00000000 ____D () C:\AdwCleaner
2014-07-23 21:23 - 2014-07-23 21:23 - 01354223 _____ () C:\Users\ASUS\Desktop\adwcleaner_3.216.exe
2014-07-23 21:21 - 2014-07-23 21:21 - 00031957 _____ () C:\Users\ASUS\Desktop\mbam.txt
2014-07-23 20:52 - 2014-07-23 21:19 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 20:51 - 2014-07-23 20:51 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 20:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-23 20:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-23 20:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-18 12:48 - 2014-07-18 12:48 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-16 20:06 - 2014-07-16 20:06 - 00017525 _____ () C:\ComboFix.txt
2014-07-16 19:39 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-16 19:39 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-16 19:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-16 19:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-16 19:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-16 19:39 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-16 19:39 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-16 19:39 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-16 19:38 - 2014-07-16 20:06 - 00000000 ____D () C:\Qoobox
2014-07-16 19:38 - 2014-07-16 20:02 - 00000000 ____D () C:\windows\erdnt
2014-07-16 19:35 - 2014-07-16 19:36 - 05221447 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-07-16 19:32 - 2014-07-16 19:32 - 00001294 _____ () C:\Users\ASUS\Desktop\Revo Uninstaller.lnk
2014-07-16 19:32 - 2014-07-16 19:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-14 21:38 - 2014-07-23 22:07 - 00013056 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-07-14 21:38 - 2014-07-23 22:07 - 00000000 ____D () C:\FRST
2014-07-14 21:37 - 2014-07-23 22:06 - 02091520 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-07-13 13:13 - 2014-07-13 13:13 - 00002216 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\Documents\My Digital Editions
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe_Systems_Incorporate
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-11 19:57 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-11 19:57 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-11 19:57 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-11 19:53 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-11 19:53 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-11 19:53 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-11 19:53 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-11 19:53 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-11 19:53 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-11 19:53 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-11 19:53 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-11 19:51 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-11 19:51 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-11 19:51 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-11 19:51 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-11 19:51 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-11 19:51 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-11 19:51 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-11 19:51 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-11 19:51 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-11 19:51 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-11 19:51 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-11 19:51 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-11 19:51 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-11 19:51 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-11 19:51 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-11 19:51 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-11 19:51 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-11 19:51 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-11 19:51 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-11 19:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-11 19:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-11 19:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-11 19:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-11 19:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-11 19:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-11 19:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-11 19:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-11 19:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-11 19:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-11 19:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-11 19:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-11 19:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-11 19:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-11 19:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-11 19:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-11 19:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-11 19:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-11 19:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-11 19:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-11 19:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-11 19:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-11 19:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-11 19:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-11 19:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-11 19:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-11 19:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-11 19:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-11 19:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-11 19:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-11 19:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-11 19:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-11 19:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-11 19:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-11 19:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-11 19:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-11 19:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-11 19:49 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-11 19:48 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-11 19:48 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-08 18:49 - 2014-07-08 18:49 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\No Company Name
2014-07-08 18:38 - 2014-07-08 18:38 - 01057176 _____ (Adobe) C:\Users\ASUS\Desktop\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-30 19:35 - 2014-07-11 20:14 - 00000000 ____D () C:\Users\ASUS\Desktop\wohnung

==================== One Month Modified Files and Folders =======

2014-07-23 22:08 - 2014-07-14 21:38 - 00013056 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-07-23 22:07 - 2014-07-14 21:38 - 00000000 ____D () C:\FRST
2014-07-23 22:06 - 2014-07-23 22:06 - 00000000 ____D () C:\Users\ASUS\Desktop\FRST-OlderVersion
2014-07-23 22:06 - 2014-07-14 21:37 - 02091520 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-07-23 22:04 - 2014-07-23 22:04 - 00000824 _____ () C:\Users\ASUS\Desktop\JRT.txt
2014-07-23 21:41 - 2009-07-14 06:45 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-23 21:41 - 2009-07-14 06:45 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\windows\ERUNT
2014-07-23 21:39 - 2014-07-23 21:39 - 01016261 _____ (Thisisu) C:\Users\ASUS\Desktop\JRT.exe
2014-07-23 21:38 - 2013-06-02 14:20 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Skype
2014-07-23 21:37 - 2014-07-23 21:37 - 00001862 _____ () C:\Users\ASUS\Desktop\AdwCleaner[S0].txt
2014-07-23 21:34 - 2014-02-24 09:41 - 00210262 _____ () C:\windows\PFRO.log
2014-07-23 21:34 - 2014-02-24 09:41 - 00020846 _____ () C:\windows\setupact.log
2014-07-23 21:34 - 2013-02-14 21:48 - 00000380 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2014-07-23 21:34 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-23 21:33 - 2014-07-23 21:24 - 00000000 ____D () C:\AdwCleaner
2014-07-23 21:33 - 2014-02-24 09:45 - 01719725 _____ () C:\windows\WindowsUpdate.log
2014-07-23 21:23 - 2014-07-23 21:23 - 01354223 _____ () C:\Users\ASUS\Desktop\adwcleaner_3.216.exe
2014-07-23 21:21 - 2014-07-23 21:21 - 00031957 _____ () C:\Users\ASUS\Desktop\mbam.txt
2014-07-23 21:19 - 2014-07-23 20:52 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 21:16 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-07-23 20:51 - 2014-07-23 20:51 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 20:51 - 2014-07-23 20:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 20:47 - 2012-02-24 04:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-23 20:39 - 2011-02-19 06:24 - 00699666 _____ () C:\windows\system32\perfh007.dat
2014-07-23 20:39 - 2011-02-19 06:24 - 00149774 _____ () C:\windows\system32\perfc007.dat
2014-07-23 20:39 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-23 20:36 - 2013-12-23 14:59 - 00000400 _____ () C:\windows\Tasks\Wise Turbo Checker.job
2014-07-23 20:36 - 2012-02-24 04:29 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 12:48 - 2014-07-18 12:48 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-18 12:48 - 2014-05-08 14:43 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-18 12:48 - 2014-02-24 22:55 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-07-18 12:48 - 2014-02-24 22:55 - 00001978 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-18 12:48 - 2014-02-24 22:54 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-16 20:06 - 2014-07-16 20:06 - 00017525 _____ () C:\ComboFix.txt
2014-07-16 20:06 - 2014-07-16 19:38 - 00000000 ____D () C:\Qoobox
2014-07-16 20:02 - 2014-07-16 19:38 - 00000000 ____D () C:\windows\erdnt
2014-07-16 19:59 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-07-16 19:57 - 2009-07-14 04:34 - 89653248 _____ () C:\windows\system32\config\software.bak
2014-07-16 19:57 - 2009-07-14 04:34 - 20709376 _____ () C:\windows\system32\config\system.bak
2014-07-16 19:57 - 2009-07-14 04:34 - 00524288 _____ () C:\windows\system32\config\default.bak
2014-07-16 19:57 - 2009-07-14 04:34 - 00262144 _____ () C:\windows\system32\config\security.bak
2014-07-16 19:57 - 2009-07-14 04:34 - 00262144 _____ () C:\windows\system32\config\sam.bak
2014-07-16 19:36 - 2014-07-16 19:35 - 05221447 ____R (Swearware) C:\Users\ASUS\Desktop\ComboFix.exe
2014-07-16 19:32 - 2014-07-16 19:32 - 00001294 _____ () C:\Users\ASUS\Desktop\Revo Uninstaller.lnk
2014-07-16 19:32 - 2014-07-16 19:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-16 19:28 - 2013-12-23 14:48 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Wise Care 365
2014-07-14 21:37 - 2012-02-24 04:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-13 13:13 - 2014-07-13 13:13 - 00002216 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\Documents\My Digital Editions
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe_Systems_Incorporate
2014-07-13 13:13 - 2014-07-13 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-13 00:45 - 2009-07-14 06:45 - 01658584 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-13 00:42 - 2014-05-01 11:43 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-13 00:42 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 00:42 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-13 00:42 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-11 20:48 - 2013-08-15 06:46 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 20:43 - 2013-01-31 16:45 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-11 20:14 - 2014-06-30 19:35 - 00000000 ____D () C:\Users\ASUS\Desktop\wohnung
2014-07-10 07:00 - 2014-02-22 18:33 - 00065104 _____ () C:\Users\ASUS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 18:52 - 2012-02-24 04:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-08 18:49 - 2014-07-08 18:49 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\No Company Name
2014-07-08 18:38 - 2014-07-08 18:38 - 01057176 _____ (Adobe) C:\Users\ASUS\Desktop\install_flashplayer14x32_mssd_aaa_aih.exe
2014-07-06 09:34 - 2013-02-05 22:19 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe
2014-07-05 10:48 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-04 19:26 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-01 17:53 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-06-30 04:09 - 2014-07-11 19:53 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-11 19:53 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 13:04

==================== End Of Log ============================
--- --- ---


Vielen Dank für die Hilfe :)

Lieben Gruß
Julia

schrauber 24.07.2014 19:03

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132