Windows 8/64bit: Optimizer Pro auf PC

petsei · 27.01.2014, 15:21

Seit einigen Tagen habe ich Optimizer Pro auf meinem PC. Heute hatte ich die Idee mich darüber zu informieren und bin deshalb hier. Wäre sehr froh, wenn mir jemand helfen könnte. Vielen Dank im voraus.
Gruß petsei
Es folgt: defogger disable, FRST, Addition und Gmer

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:11 on 27/01/2014 (Peter)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

********************************************************************

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014
Ran by Peter (administrator) on PETSEI on 27-01-2014 13:45:54
Running from C:\Users\Peter\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(RapidSolution Software AG) C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Firetrust Ltd) C:\Program Files (x86)\Firetrust\MailWasher Pro\MailWasher.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AMD) C:\Windows\System32\atieclxx.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5N2Y6FU\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS Ai Charger] - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-05-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-10-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [SoftAuto.exe] - C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-24] ()
HKCU\...\Run: [CTZDetec.exe] - C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe [368640 2008-04-24] (Creative Technology Ltd.)
MountPoints2: {3e801809-3658-11e3-be86-08606e462385} - "G:\LGAutoRun.exe" 
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2603312 2014-01-13] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2869720 2013-10-29] ()
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Show-Password - {53297dad-a575-42dc-817b-9a9b0ba3abfa} - C:\Program Files (x86)\Show-Password\150.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default\user.js
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ReminderFox - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-07-03]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKCU\...\Firefox\Extensions: [{67d5e887-f92d-4c57-8f2b-0165c0432c49}] - C:\Program Files (x86)\Show-Password\150.xpi
FF Extension: Show-Password - C:\Program Files (x86)\Show-Password\150.xpi [2014-01-13]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-24]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-24]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-24]
CHR Extension: (Google-Suche) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-24]
CHR Extension: (Freemake Video Converter) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-09-24]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Google Mail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-24]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-07-01]
CHR HKLM-x32\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files (x86)\Show-Password\150.crx [2014-01-13]

==================== Services (Whitelisted) =================

U2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe [143488 2014-01-13] ()
U2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-15] (Advanced Micro Devices, Inc.)
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
U2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
U2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
U2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
U2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)
U2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-28] (Freemake)
U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
U2 Virtual CDAudio Service; C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [179464 2013-04-24] (RapidSolution Software AG)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-23] (ASUSTek Computer Inc.)
U3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
U3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
U3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
U2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
U1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
U1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
U3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
U3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
U3 RRNetCap; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-04-24] (RapidSolution Software AG)
U3 RRNetCapMP; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-04-24] (RapidSolution Software AG)
U3 rsvcdwdr; C:\Windows\system32\DRIVERS\rsvcdwdr.sys [45192 2013-04-24] (RapidSolution Software AG)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-27 13:45 - 2014-01-27 13:46 - 00019057 _____ C:\Users\Peter\Downloads\FRST.txt
2014-01-27 13:45 - 2014-01-27 13:45 - 00000000 ____D C:\FRST
2014-01-27 13:44 - 2014-01-27 13:44 - 02078208 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-01-27 12:10 - 2014-01-27 12:11 - 00000472 _____ C:\Users\Peter\Desktop\defogger_disable.log
2014-01-27 12:10 - 2014-01-27 12:10 - 00000000 _____ C:\Users\Peter\defogger_reenable
2014-01-27 11:37 - 2014-01-27 11:37 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-27 11:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-27 11:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-27 11:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 15:15 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-15 15:15 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-15 15:15 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 15:15 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-15 15:15 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-15 15:15 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-15 15:15 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-15 15:15 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-15 15:15 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-15 15:15 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 15:15 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-15 15:11 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 15:11 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 15:11 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 15:11 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-13 17:12 - 2014-01-13 17:12 - 00000000 ____D C:\Users\Peter\Documents\Optimizer Pro
2014-01-13 17:12 - 2014-01-13 17:12 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Optimizer Pro
2014-01-13 17:09 - 2014-01-13 17:09 - 00000000 ____D C:\Users\Peter\Documents\StreamTransport
2014-01-13 17:07 - 2014-01-13 17:07 - 00001069 _____ C:\Users\Peter\Desktop\Optimizer Pro.lnk
2014-01-13 17:07 - 2014-01-13 17:07 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-13 17:06 - 2014-01-27 11:30 - 00000418 _____ C:\Windows\Tasks\Show-Password Update.job
2014-01-13 17:06 - 2014-01-13 17:06 - 00003058 _____ C:\Windows\System32\Tasks\Show-Password Update
2014-01-13 17:06 - 2014-01-13 17:06 - 00001098 _____ C:\Users\Public\Desktop\StreamTransport.lnk
2014-01-13 17:06 - 2014-01-13 17:06 - 00000000 ____D C:\Program Files (x86)\StreamTransport
2014-01-13 17:06 - 2014-01-13 17:06 - 00000000 ____D C:\Program Files (x86)\Show-Password
2014-01-03 12:34 - 2014-01-03 12:34 - 00001411 _____ C:\Users\Public\Desktop\Dealmaster Pro.lnk
2014-01-03 12:33 - 2014-01-22 07:59 - 00000000 ____D C:\dmpro
2014-01-03 12:25 - 2014-01-03 12:26 - 00397248 _____ C:\Windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-01-27 13:46 - 2014-01-27 13:45 - 00019057 _____ C:\Users\Peter\Downloads\FRST.txt
2014-01-27 13:45 - 2014-01-27 13:45 - 00000000 ____D C:\FRST
2014-01-27 13:44 - 2014-01-27 13:44 - 02078208 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-01-27 13:41 - 2013-11-04 00:50 - 00000000 ____D C:\Users\Peter\AppData\Roaming\ClassicShell
2014-01-27 13:40 - 2013-07-02 16:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-27 13:16 - 2013-05-07 23:48 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-27 13:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-27 12:19 - 2013-04-17 00:35 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2482523277-1572735136-853847637-1002
2014-01-27 12:11 - 2014-01-27 12:10 - 00000472 _____ C:\Users\Peter\Desktop\defogger_disable.log
2014-01-27 12:10 - 2014-01-27 12:10 - 00000000 _____ C:\Users\Peter\defogger_reenable
2014-01-27 12:10 - 2013-04-17 00:27 - 00000000 ____D C:\Users\Peter
2014-01-27 12:00 - 2013-04-17 06:31 - 00000000 ____D C:\Users\Peter\AppData\Roaming\MailWasherPro
2014-01-27 11:51 - 2012-11-22 20:20 - 01851837 _____ C:\Windows\WindowsUpdate.log
2014-01-27 11:38 - 2013-10-16 23:16 - 00000000 ____D C:\ProgramData\Oracle
2014-01-27 11:37 - 2014-01-27 11:37 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:37 - 2013-08-04 20:49 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-27 11:30 - 2014-01-13 17:06 - 00000418 _____ C:\Windows\Tasks\Show-Password Update.job
2014-01-27 11:30 - 2013-05-07 23:48 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 10:41 - 2013-04-17 04:47 - 00000000 ____D C:\Users\Peter\Documents\aPETER
2014-01-22 08:32 - 2013-04-27 10:27 - 00000000 ____D C:\Bridge Base Online
2014-01-22 07:59 - 2014-01-03 12:33 - 00000000 ____D C:\dmpro
2014-01-22 07:59 - 2013-04-17 00:28 - 00000000 ____D C:\Users\Peter\AppData\Local\VirtualStore
2014-01-19 21:22 - 2013-04-17 06:55 - 00000000 ____D C:\Program Files (x86)\Everything
2014-01-19 13:19 - 2013-06-18 08:37 - 00090112 ___SH C:\Users\Peter\Desktop\Thumbs.db
2014-01-19 12:37 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2014-01-19 12:16 - 2012-10-25 05:08 - 00751892 _____ C:\Windows\system32\perfh007.dat
2014-01-19 12:16 - 2012-10-25 05:08 - 00155620 _____ C:\Windows\system32\perfc007.dat
2014-01-19 12:16 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 12:11 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 12:10 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-19 12:10 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-17 20:59 - 2013-09-01 16:19 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2014-01-17 13:19 - 2013-09-24 10:31 - 00002182 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-16 11:55 - 2013-04-17 05:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 11:54 - 2013-08-15 09:38 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 11:50 - 2013-04-18 09:48 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 01:33 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2014-01-13 17:12 - 2014-01-13 17:12 - 00000000 ____D C:\Users\Peter\Documents\Optimizer Pro
2014-01-13 17:12 - 2014-01-13 17:12 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Optimizer Pro
2014-01-13 17:09 - 2014-01-13 17:09 - 00000000 ____D C:\Users\Peter\Documents\StreamTransport
2014-01-13 17:07 - 2014-01-13 17:07 - 00001069 _____ C:\Users\Peter\Desktop\Optimizer Pro.lnk
2014-01-13 17:07 - 2014-01-13 17:07 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-13 17:06 - 2014-01-13 17:06 - 00003058 _____ C:\Windows\System32\Tasks\Show-Password Update
2014-01-13 17:06 - 2014-01-13 17:06 - 00001098 _____ C:\Users\Public\Desktop\StreamTransport.lnk
2014-01-13 17:06 - 2014-01-13 17:06 - 00000000 ____D C:\Program Files (x86)\StreamTransport
2014-01-13 17:06 - 2014-01-13 17:06 - 00000000 ____D C:\Program Files (x86)\Show-Password
2014-01-13 16:06 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-09 09:02 - 2013-11-16 11:32 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-16 11:32 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-08 10:12 - 2013-04-17 08:16 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2014-01-08 09:01 - 2013-04-17 08:16 - 00000000 ____D C:\ProgramData\Skype
2014-01-08 09:00 - 2013-04-17 08:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-07 18:53 - 2013-09-01 16:19 - 00000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-03 12:34 - 2014-01-03 12:34 - 00001411 _____ C:\Users\Public\Desktop\Dealmaster Pro.lnk
2014-01-03 12:26 - 2014-01-03 12:25 - 00397248 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 12:25 - 2012-10-25 04:55 - 01097916 _____ C:\Windows\PFRO.log
2013-12-31 19:15 - 2013-04-17 05:29 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\ApnIC.dll
C:\Users\Peter\AppData\Local\Temp\ApnStub.exe
C:\Users\Peter\AppData\Local\Temp\AskSLib.dll
C:\Users\Peter\AppData\Local\Temp\avgnt.exe
C:\Users\Peter\AppData\Local\Temp\bboE00E.exe
C:\Users\Peter\AppData\Local\Temp\COMAP.EXE
C:\Users\Peter\AppData\Local\Temp\FreemakeVideoConverter_4.0.2.5.exe
C:\Users\Peter\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Peter\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Peter\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Peter\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Peter\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Peter\AppData\Local\Temp\ose00000.exe
C:\Users\Peter\AppData\Local\Temp\ScreenpressoUpd.exe
C:\Users\Peter\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Peter\AppData\Local\Temp\Show-Password_1030-8102.exe
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Peter\AppData\Local\Temp\vlc-2.0.7-win64.exe
C:\Users\Peter\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\Peter\AppData\Local\Temp\vlc-2.1.1-win64.exe
C:\Users\Peter\AppData\Local\Temp\vlc-2.1.2-win64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-27 12:20

==================== End Of Log ============================

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014
Ran by Peter (administrator) on PETSEI on 27-01-2014 13:45:54
Running from C:\Users\Peter\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(RapidSolution Software AG) C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Firetrust Ltd) C:\Program Files (x86)\Firetrust\MailWasher Pro\MailWasher.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AMD) C:\Windows\System32\atieclxx.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5N2Y6FU\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS Ai Charger] - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-05-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-10-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [SoftAuto.exe] - C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-24] ()
HKCU\...\Run: [CTZDetec.exe] - C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe [368640 2008-04-24] (Creative Technology Ltd.)
MountPoints2: {3e801809-3658-11e3-be86-08606e462385} - "G:\LGAutoRun.exe" 
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2603312 2014-01-13] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2869720 2013-10-29] ()
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Show-Password - {53297dad-a575-42dc-817b-9a9b0ba3abfa} - C:\Program Files (x86)\Show-Password\150.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default\user.js
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ReminderFox - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-07-03]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKCU\...\Firefox\Extensions: [{67d5e887-f92d-4c57-8f2b-0165c0432c49}] - C:\Program Files (x86)\Show-Password\150.xpi
FF Extension: Show-Password - C:\Program Files (x86)\Show-Password\150.xpi [2014-01-13]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-24]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-24]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-24]
CHR Extension: (Google-Suche) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-24]
CHR Extension: (Freemake Video Converter) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-09-24]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Google Mail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-24]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-07-01]
CHR HKLM-x32\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files (x86)\Show-Password\150.crx [2014-01-13]

==================== Services (Whitelisted) =================

U2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe [143488 2014-01-13] ()
U2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-15] (Advanced Micro Devices, Inc.)
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
U2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
U2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
U2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
U2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)
U2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-28] (Freemake)
U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
U2 Virtual CDAudio Service; C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [179464 2013-04-24] (RapidSolution Software AG)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-23] (ASUSTek Computer Inc.)
U3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
U3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
U3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
U2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
U1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
U1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
U3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
U3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
U3 RRNetCap; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-04-24] (RapidSolution Software AG)
U3 RRNetCapMP; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-04-24] (RapidSolution Software AG)
U3 rsvcdwdr; C:\Windows\system32\DRIVERS\rsvcdwdr.sys [45192 2013-04-24] (RapidSolution Software AG)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-27 13:45 - 2014-01-27 13:46 - 00019057 _____ C:\Users\Peter\Downloads\FRST.txt
2014-01-27 13:45 - 2014-01-27 13:45 - 00000000 ____D C:\FRST
2014-01-27 13:44 - 2014-01-27 13:44 - 02078208 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-01-27 12:10 - 2014-01-27 12:11 - 00000472 _____ C:\Users\Peter\Desktop\defogger_disable.log
2014-01-27 12:10 - 2014-01-27 12:10 - 00000000 _____ C:\Users\Peter\defogger_reenable
2014-01-27 11:37 - 2014-01-27 11:37 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-27 11:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-27 11:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-27 11:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 15:15 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-15 15:15 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-15 15:15 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 15:15 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-15 15:15 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-15 15:15 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-15 15:15 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-15 15:15 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-15 15:15 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-15 15:15 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 15:15 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-15 15:11 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 15:11 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 15:11 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 15:11 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-13 17:12 - 2014-01-13 17:12 - 00000000 ____D C:\Users\Peter\Documents\Optimizer Pro
2014-01-13 17:12 - 2014-01-13 17:12 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Optimizer Pro
2014-01-13 17:09 - 2014-01-13 17:09 - 00000000 ____D C:\Users\Peter\Documents\StreamTransport
2014-01-13 17:07 - 2014-01-13 17:07 - 00001069 _____ C:\Users\Peter\Desktop\Optimizer Pro.lnk
2014-01-13 17:07 - 2014-01-13 17:07 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-13 17:06 - 2014-01-27 11:30 - 00000418 _____ C:\Windows\Tasks\Show-Password Update.job
2014-01-13 17:06 - 2014-01-13 17:06 - 00003058 _____ C:\Windows\System32\Tasks\Show-Password Update
2014-01-13 17:06 - 2014-01-13 17:06 - 00001098 _____ C:\Users\Public\Desktop\StreamTransport.lnk
2014-01-13 17:06 - 2014-01-13 17:06 - 00000000 ____D C:\Program Files (x86)\StreamTransport
2014-01-13 17:06 - 2014-01-13 17:06 - 00000000 ____D C:\Program Files (x86)\Show-Password
2014-01-03 12:34 - 2014-01-03 12:34 - 00001411 _____ C:\Users\Public\Desktop\Dealmaster Pro.lnk
2014-01-03 12:33 - 2014-01-22 07:59 - 00000000 ____D C:\dmpro
2014-01-03 12:25 - 2014-01-03 12:26 - 00397248 _____ C:\Windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-01-27 13:46 - 2014-01-27 13:45 - 00019057 _____ C:\Users\Peter\Downloads\FRST.txt
2014-01-27 13:45 - 2014-01-27 13:45 - 00000000 ____D C:\FRST
2014-01-27 13:44 - 2014-01-27 13:44 - 02078208 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-01-27 13:41 - 2013-11-04 00:50 - 00000000 ____D C:\Users\Peter\AppData\Roaming\ClassicShell
2014-01-27 13:40 - 2013-07-02 16:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-27 13:16 - 2013-05-07 23:48 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-27 13:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-27 12:19 - 2013-04-17 00:35 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2482523277-1572735136-853847637-1002
2014-01-27 12:11 - 2014-01-27 12:10 - 00000472 _____ C:\Users\Peter\Desktop\defogger_disable.log
2014-01-27 12:10 - 2014-01-27 12:10 - 00000000 _____ C:\Users\Peter\defogger_reenable
2014-01-27 12:10 - 2013-04-17 00:27 - 00000000 ____D C:\Users\Peter
2014-01-27 12:00 - 2013-04-17 06:31 - 00000000 ____D C:\Users\Peter\AppData\Roaming\MailWasherPro
2014-01-27 11:51 - 2012-11-22 20:20 - 01851837 _____ C:\Windows\WindowsUpdate.log
2014-01-27 11:38 - 2013-10-16 23:16 - 00000000 ____D C:\ProgramData\Oracle
2014-01-27 11:37 - 2014-01-27 11:37 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:37 - 2013-08-04 20:49 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-27 11:30 - 2014-01-13 17:06 - 00000418 _____ C:\Windows\Tasks\Show-Password Update.job
2014-01-27 11:30 - 2013-05-07 23:48 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 10:41 - 2013-04-17 04:47 - 00000000 ____D C:\Users\Peter\Documents\aPETER
2014-01-22 08:32 - 2013-04-27 10:27 - 00000000 ____D C:\Bridge Base Online
2014-01-22 07:59 - 2014-01-03 12:33 - 00000000 ____D C:\dmpro
2014-01-22 07:59 - 2013-04-17 00:28 - 00000000 ____D C:\Users\Peter\AppData\Local\VirtualStore
2014-01-19 21:22 - 2013-04-17 06:55 - 00000000 ____D C:\Program Files (x86)\Everything
2014-01-19 13:19 - 2013-06-18 08:37 - 00090112 ___SH C:\Users\Peter\Desktop\Thumbs.db
2014-01-19 12:37 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2014-01-19 12:16 - 2012-10-25 05:08 - 00751892 _____ C:\Windows\system32\perfh007.dat
2014-01-19 12:16 - 2012-10-25 05:08 - 00155620 _____ C:\Windows\system32\perfc007.dat
2014-01-19 12:16 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 12:11 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 12:10 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-19 12:10 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-17 20:59 - 2013-09-01 16:19 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2014-01-17 13:19 - 2013-09-24 10:31 - 00002182 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-16 11:55 - 2013-04-17 05:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 11:54 - 2013-08-15 09:38 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 11:50 - 2013-04-18 09:48 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 01:33 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2014-01-13 17:12 - 2014-01-13 17:12 - 00000000 ____D C:\Users\Peter\Documents\Optimizer Pro
2014-01-13 17:12 - 2014-01-13 17:12 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Optimizer Pro
2014-01-13 17:09 - 2014-01-13 17:09 - 00000000 ____D C:\Users\Peter\Documents\StreamTransport
2014-01-13 17:07 - 2014-01-13 17:07 - 00001069 _____ C:\Users\Peter\Desktop\Optimizer Pro.lnk
2014-01-13 17:07 - 2014-01-13 17:07 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-13 17:06 - 2014-01-13 17:06 - 00003058 _____ C:\Windows\System32\Tasks\Show-Password Update
2014-01-13 17:06 - 2014-01-13 17:06 - 00001098 _____ C:\Users\Public\Desktop\StreamTransport.lnk
2014-01-13 17:06 - 2014-01-13 17:06 - 00000000 ____D C:\Program Files (x86)\StreamTransport
2014-01-13 17:06 - 2014-01-13 17:06 - 00000000 ____D C:\Program Files (x86)\Show-Password
2014-01-13 16:06 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-09 09:02 - 2013-11-16 11:32 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-16 11:32 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-08 10:12 - 2013-04-17 08:16 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2014-01-08 09:01 - 2013-04-17 08:16 - 00000000 ____D C:\ProgramData\Skype
2014-01-08 09:00 - 2013-04-17 08:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-07 18:53 - 2013-09-01 16:19 - 00000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-03 12:34 - 2014-01-03 12:34 - 00001411 _____ C:\Users\Public\Desktop\Dealmaster Pro.lnk
2014-01-03 12:26 - 2014-01-03 12:25 - 00397248 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 12:25 - 2012-10-25 04:55 - 01097916 _____ C:\Windows\PFRO.log
2013-12-31 19:15 - 2013-04-17 05:29 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\ApnIC.dll
C:\Users\Peter\AppData\Local\Temp\ApnStub.exe
C:\Users\Peter\AppData\Local\Temp\AskSLib.dll
C:\Users\Peter\AppData\Local\Temp\avgnt.exe
C:\Users\Peter\AppData\Local\Temp\bboE00E.exe
C:\Users\Peter\AppData\Local\Temp\COMAP.EXE
C:\Users\Peter\AppData\Local\Temp\FreemakeVideoConverter_4.0.2.5.exe
C:\Users\Peter\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Peter\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Peter\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Peter\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Peter\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Peter\AppData\Local\Temp\ose00000.exe
C:\Users\Peter\AppData\Local\Temp\ScreenpressoUpd.exe
C:\Users\Peter\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Peter\AppData\Local\Temp\Show-Password_1030-8102.exe
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Peter\AppData\Local\Temp\vlc-2.0.7-win64.exe
C:\Users\Peter\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\Peter\AppData\Local\Temp\vlc-2.1.1-win64.exe
C:\Users\Peter\AppData\Local\Temp\vlc-2.1.2-win64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-27 12:20

==================== End Of Log ============================

Code:

ATTFilter

GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-27 14:19:43
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000039 ST1000DM003-9YN162 rev.CC4B 931.51GB
Running: gmer.exe; Driver: C:\Users\Peter\AppData\Local\Temp\ugloapoc.sys


---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                                 unknown MBR code

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\svchost.exe [988:9900]                                                                                                                                                                                                                            000007fa512d10f0
Thread   C:\Windows\system32\svchost.exe [988:26128]                                                                                                                                                                                                                           000007fa593116b0
Thread   C:\Windows\system32\csrss.exe [15464:23864]                                                                                                                                                                                                                           fffff960008925e8
---- Processes - GMER 2.1 ----

Process  C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (*** suspicious ***) @ C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [1956]                                                                                             0000000000b40000
Library  C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [22624]                                                                                                                                                 000007fa59810000
Process  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [23352]          000007f798b60000
Library  C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.50727.1_x64__8wekyb3d8bbwe\MSVCR110.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [23352]                       000007fa52f20000
Library  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\wllog.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [23352]             000007fa5a2f0000
Library  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Service.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbw  000007fa508b0000
Library  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\shared\bici.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [23352]       000007fa51530000
Library  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveCo  000007fa4eab0000
Library  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Shared.Market.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\L  000007fa5a910000
Library  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.PresenceIM.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8  000007fa4f9f0000
Library  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Eas.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Li  000007fa4d7e0000
Library  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Calendar.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bb  000007fa4d6a0000
Library  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d  000007fa5a380000
Library  C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (*** suspicious ***) @ C:\Program Files\Internet Explorer\iexplore.exe [25168]                                                                                                                         000007fa59810000
Process  C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5N2Y6FU\Defogger.exe (*** suspicious ***) @ C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5N2Y6FU\Defogger.exe [10096]                    0000000000400000
Process  C:\Users\Peter\AppData\Local\Temp\Temp1_gmer_2.1.19355.zip\gmer.exe (*** suspicious ***) @ C:\Users\Peter\AppData\Local\Temp\Temp1_gmer_2.1.19355.zip\gmer.exe [7960]                                                                                                 0000000000400000

---- EOF - GMER 2.1 ----

schrauber · 27.01.2014, 15:41

hi,

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

petsei · 27.01.2014, 18:24

Danke für die schnelle Antwort! Das ist hoffentich das richtige File.

Code:

ATTFilter

ComboFix 14-01-27.02 - Peter 27.01.2014  18:02:38.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.43.1031.18.7646.5344 [GMT 1:00]
ausgeführt von:: c:\users\Peter\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Show-Password\150.dll
c:\users\Peter\Favorites\Videos.url
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-12-27 bis 2014-01-27  ))))))))))))))))))))))))))))))
.
.
2014-01-27 17:06 . 2014-01-27 17:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-27 12:45 . 2014-01-27 12:45	--------	d-----w-	C:\FRST
2014-01-27 10:37 . 2013-12-18 20:09	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-24 16:19 . 2014-01-24 16:19	246960	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10231.bin
2014-01-15 14:15 . 2013-10-31 05:56	915968	----a-w-	c:\windows\system32\MPSSVC.dll
2014-01-15 14:15 . 2013-10-31 05:56	758784	----a-w-	c:\windows\system32\FirewallAPI.dll
2014-01-15 14:15 . 2013-10-28 05:50	588288	----a-w-	c:\windows\system32\SHCore.dll
2014-01-15 14:15 . 2013-10-31 04:01	550400	----a-w-	c:\windows\SysWow64\FirewallAPI.dll
2014-01-15 14:15 . 2013-10-28 04:05	452608	----a-w-	c:\windows\SysWow64\SHCore.dll
2014-01-15 14:15 . 2013-10-13 20:49	100696	----a-w-	c:\windows\system32\drivers\disk.sys
2014-01-15 14:15 . 2013-08-27 05:21	227840	----a-w-	c:\windows\system32\WebClnt.dll
2014-01-15 14:15 . 2013-08-26 22:29	199168	----a-w-	c:\windows\SysWow64\WebClnt.dll
2014-01-15 14:15 . 2013-08-27 05:19	104448	----a-w-	c:\windows\system32\davclnt.dll
2014-01-15 14:15 . 2013-08-26 22:28	86016	----a-w-	c:\windows\SysWow64\davclnt.dll
2014-01-15 14:15 . 2013-10-31 03:42	74752	----a-w-	c:\windows\system32\drivers\mpsdrv.sys
2014-01-15 14:11 . 2013-12-07 06:37	688640	----a-w-	c:\windows\system32\WSShared.dll
2014-01-15 14:11 . 2013-12-07 06:37	163840	----a-w-	c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 14:11 . 2013-12-07 05:15	562688	----a-w-	c:\windows\SysWow64\WSShared.dll
2014-01-15 14:11 . 2013-12-07 05:15	124928	----a-w-	c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-13 16:12 . 2014-01-13 16:12	--------	d-----w-	c:\users\Peter\AppData\Roaming\Optimizer Pro
2014-01-13 16:07 . 2014-01-13 16:07	--------	d-----w-	c:\program files (x86)\Optimizer Pro
2014-01-13 16:06 . 2014-01-27 17:05	--------	d-----w-	c:\program files (x86)\Show-Password
2014-01-13 16:06 . 2014-01-13 16:06	--------	d-----w-	c:\program files (x86)\StreamTransport
2014-01-03 11:33 . 2014-01-22 06:59	--------	d-----w-	C:\dmpro
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 10:50 . 2013-04-18 08:48	86054176	----a-w-	c:\windows\system32\MRT.exe
2014-01-09 08:02 . 2013-11-16 10:32	78296	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-09 08:02 . 2013-11-16 10:32	694240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-18 12:25 . 2013-05-07 18:07	84720	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-12-18 12:25 . 2013-04-17 17:24	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-12-18 12:25 . 2013-04-17 17:24	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-11-23 06:43 . 2013-12-10 23:00	420864	----a-w-	c:\windows\system32\WMPhoto.dll
2013-11-23 05:05 . 2013-12-10 23:00	368640	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-11-10 14:26 . 2013-11-10 13:32	12767232	----a-w-	c:\program files (x86)\Common Files\lpuninstall.exe
2013-11-06 23:18 . 2013-12-10 23:00	4036608	----a-w-	c:\windows\system32\win32k.sys
2013-11-01 05:38 . 2013-12-10 23:00	312320	----a-w-	c:\windows\system32\msieftp.dll
2013-11-01 03:49 . 2013-12-10 23:00	273408	----a-w-	c:\windows\SysWow64\msieftp.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	130736	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	130736	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	130736	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-10-20 16:47	627712	----a-w-	c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-12-06 20203904]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-04-18 1090912]
"CTZDetec.exe"="c:\program files (x86)\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2012-08-13 547984]
"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2012-05-24 195200]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-10-25 3187360]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-15 642216]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-18 684600]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-11-10 12767232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 70e6ca8c;Optimizer Pro Crash Monitor;c:\progra~2\optimi~1\OptProCrash.exe;c:\progra~2\optimi~1\OptProCrash.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 Virtual CDAudio Service;Virtual CDAudio Service;c:\program files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe;c:\program files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 AU8168;AU 8168 NT Driver;c:\windows\system32\DRIVERS\au630x64.sys;c:\windows\SYSNATIVE\DRIVERS\au630x64.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys;c:\windows\SYSNATIVE\DRIVERS\rsvcdwdr.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-17 12:17	1211672	----a-w-	c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-02 23:40]
.
2014-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07 22:48]
.
2014-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07 22:48]
.
2014-01-27 c:\windows\Tasks\Show-Password Update.job
- c:\program files (x86)\Show-Password\Show_Password.exe [2014-01-13 16:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	164016	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	164016	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	164016	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59	164016	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-10-20 16:47	774144	----a-w-	c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: LastPass - file://c:\users\Peter\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Ausfüllformulare - file://c:\users\Peter\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{53297dad-a575-42dc-817b-9a9b0ba3abfa} - c:\program files (x86)\Show-Password\150.dll
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-01-27  18:14:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-01-27 17:14
.
Vor Suchlauf: 10 Verzeichnis(se), 96*223*768*576 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 97*256*833*024 Bytes frei
.
- - End Of File - - 18345AB03558F83FA6FCDED1E6B66C92
5FB38429D5D77768867C76DCBDB35194

schrauber · 28.01.2014, 14:56

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

petsei · 28.01.2014, 19:07

Hi schrauber, bin sehr dankbar für Deine Unterstützung.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.28.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Peter :: PETSEI [Administrator]

28.01.2014 17:27:39
mbam-log-2014-01-28 (17-27-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213792
Laufzeit: 3 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 10
HKLM\SYSTEM\CurrentControlSet\Services\70e6ca8c (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2660f388-de52-436b-ac90-01f4d6e517b6 (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\logekkkdbdidmmcgkonmmonclldogceg (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53297dad-a575-42dc-817b-9a9b0ba3abfa} (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{53297dad-a575-42dc-817b-9a9b0ba3abfa} (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{53297DAD-A575-42DC-817B-9A9B0BA3ABFA} (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53297DAD-A575-42DC-817B-9A9B0BA3ABFA} (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Daten: hxxp://www.safeshopgate.com/r?s=121000946&g=3244FBB0-0AA1-43A3-5D75-10C3B865BC6B -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Program Files (x86)\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Löschen bei Neustart.
C:\Users\Peter\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Show-Password (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 36
C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe (PUP.Optional.OptimizerPro) -> Löschen bei Neustart.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\German.ini (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll (PUP.Optional.OptimizerPro.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\StartupList.txt (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\unins000.msg (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Hilfe.lnk (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Nach Updates suchen.lnk (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro entfernen.lnk (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro im Internet.lnk (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Show-Password\150.crx (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Show-Password\01.db (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Show-Password\150.dat (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Show-Password\150.xpi (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Show-Password\Show_Password.exe (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Show-Password\Sqlite3.dll (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Show-Password\Uninstall.exe (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Show-Password Update.job (PUP.Optional.ShowPassword.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 28/01/2014 um 17:51:56
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Peter - PETSEI
# Gestartet von : C:\Users\Peter\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Peter\AppData\Roaming\optimizer pro
Datei Gelöscht : C:\Users\Peter\Desktop\Optimizer Pro.lnk
[x] Nicht Gelöscht : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v

[ Datei : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ Datei : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1740 octets] - [28/01/2014 17:49:12]
AdwCleaner[S0].txt - [1613 octets] - [28/01/2014 17:51:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1673 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8 x64
Ran by Peter on 28.01.2014 at 18:22:57,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.01.2014 at 18:27:13,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02
Ran by Peter (administrator) on PETSEI on 28-01-2014 18:54:01
Running from C:\Users\Peter\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(RapidSolution Software AG) C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS Ai Charger] - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-05-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-10-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [SoftAuto.exe] - C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKCU\...\Run: [CTZDetec.exe] - C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe [368640 2008-04-24] (Creative Technology Ltd.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default\user.js
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ReminderFox - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-07-03]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKCU\...\Firefox\Extensions: [{67d5e887-f92d-4c57-8f2b-0165c0432c49}] - C:\Program Files (x86)\Show-Password\150.xpi

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-24]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-24]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-24]
CHR Extension: (Google-Suche) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-24]
CHR Extension: (Freemake Video Converter) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-09-24]
CHR Extension: (Show-Password) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg [2014-01-27]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Google Mail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-24]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-07-01]

==================== Services (Whitelisted) =================

U2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-15] (Advanced Micro Devices, Inc.)
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
U2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
U2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
U2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
U2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)
U2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-28] (Freemake)
U2 Virtual CDAudio Service; C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [179464 2013-04-24] (RapidSolution Software AG)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-23] (ASUSTek Computer Inc.)
U3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
U3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
U3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
U2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
U1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
U1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
U3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
U3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
U3 RRNetCap; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-04-24] (RapidSolution Software AG)
U3 RRNetCapMP; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-04-24] (RapidSolution Software AG)
U3 rsvcdwdr; C:\Windows\system32\DRIVERS\rsvcdwdr.sys [45192 2013-04-24] (RapidSolution Software AG)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-28 18:53 - 2014-01-28 18:53 - 00000000 ____D C:\Users\Peter\Downloads\FRST-OlderVersion
2014-01-28 18:27 - 2014-01-28 18:27 - 00000831 _____ C:\Users\Peter\Desktop\JRT.txt
2014-01-28 18:22 - 2014-01-28 18:22 - 00000000 ____D C:\Windows\ERUNT
2014-01-28 18:20 - 2014-01-28 18:20 - 01037068 _____ (Thisisu) C:\Users\Peter\Downloads\JRT.exe
2014-01-28 17:48 - 2014-01-28 17:52 - 00000000 ____D C:\AdwCleaner
2014-01-28 17:47 - 2014-01-28 17:47 - 01166132 _____ C:\Users\Peter\Downloads\adwcleaner.exe
2014-01-28 17:27 - 2014-01-28 17:27 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-28 17:22 - 2014-01-28 17:22 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Malwarebytes
2014-01-28 17:21 - 2014-01-28 17:21 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-28 17:21 - 2014-01-28 17:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-28 17:21 - 2014-01-28 17:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-28 17:21 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-28 17:20 - 2014-01-28 17:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Peter\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-28 01:25 - 2014-01-19 08:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-27 18:14 - 2014-01-27 18:14 - 00021037 _____ C:\ComboFix.txt
2014-01-27 18:01 - 2014-01-27 18:14 - 00000000 ____D C:\Qoobox
2014-01-27 18:01 - 2014-01-27 18:12 - 00000000 ____D C:\Windows\erdnt
2014-01-27 18:01 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-27 18:01 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-27 18:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-27 18:00 - 2014-01-27 18:01 - 05175619 ____R (Swearware) C:\Users\Peter\Downloads\ComboFix.exe
2014-01-27 17:46 - 2014-01-27 17:46 - 00035526 _____ C:\Users\Peter\Documents\bookmark.htm
2014-01-27 14:19 - 2014-01-27 14:19 - 00006166 _____ C:\Users\Peter\Downloads\Gmer.txt
2014-01-27 13:51 - 2014-01-27 13:51 - 00370971 _____ C:\Users\Peter\Downloads\gmer_2.1.19355.zip
2014-01-27 13:46 - 2014-01-27 13:46 - 00019908 _____ C:\Users\Peter\Downloads\Addition.txt
2014-01-27 13:46 - 2014-01-27 13:46 - 00000119 _____ C:\Users\Peter\Desktop\Addition.txt
2014-01-27 13:45 - 2014-01-28 18:54 - 00017183 _____ C:\Users\Peter\Downloads\FRST.txt
2014-01-27 13:45 - 2014-01-28 18:53 - 00000000 ____D C:\FRST
2014-01-27 13:44 - 2014-01-28 18:53 - 02079232 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-01-27 12:10 - 2014-01-27 12:11 - 00000472 _____ C:\Users\Peter\Desktop\defogger_disable.log
2014-01-27 12:10 - 2014-01-27 12:10 - 00000000 _____ C:\Users\Peter\defogger_reenable
2014-01-27 11:37 - 2014-01-27 11:37 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-27 11:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-27 11:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-27 11:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 15:15 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-15 15:15 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-15 15:15 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 15:15 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-15 15:15 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-15 15:15 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-15 15:15 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-15 15:15 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-15 15:15 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-15 15:15 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 15:15 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-15 15:11 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 15:11 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 15:11 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 15:11 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-13 17:09 - 2014-01-13 17:09 - 00000000 ____D C:\Users\Peter\Documents\StreamTransport
2014-01-13 17:06 - 2014-01-13 17:06 - 00001098 _____ C:\Users\Public\Desktop\StreamTransport.lnk
2014-01-13 17:06 - 2014-01-13 17:06 - 00000000 ____D C:\Program Files (x86)\StreamTransport
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-03 12:34 - 2014-01-03 12:34 - 00001411 _____ C:\Users\Public\Desktop\Dealmaster Pro.lnk
2014-01-03 12:33 - 2014-01-22 07:59 - 00000000 ____D C:\dmpro
2014-01-03 12:25 - 2014-01-03 12:26 - 00397248 _____ C:\Windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-01-28 18:54 - 2014-01-27 13:45 - 00017183 _____ C:\Users\Peter\Downloads\FRST.txt
2014-01-28 18:53 - 2014-01-28 18:53 - 00000000 ____D C:\Users\Peter\Downloads\FRST-OlderVersion
2014-01-28 18:53 - 2014-01-27 13:45 - 00000000 ____D C:\FRST
2014-01-28 18:53 - 2014-01-27 13:44 - 02079232 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-01-28 18:42 - 2013-04-17 06:31 - 00000000 ____D C:\Users\Peter\AppData\Roaming\MailWasherPro
2014-01-28 18:40 - 2013-07-02 16:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-28 18:31 - 2013-04-17 00:35 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2482523277-1572735136-853847637-1002
2014-01-28 18:27 - 2014-01-28 18:27 - 00000831 _____ C:\Users\Peter\Desktop\JRT.txt
2014-01-28 18:22 - 2014-01-28 18:22 - 00000000 ____D C:\Windows\ERUNT
2014-01-28 18:20 - 2014-01-28 18:20 - 01037068 _____ (Thisisu) C:\Users\Peter\Downloads\JRT.exe
2014-01-28 18:16 - 2013-05-07 23:48 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-28 18:14 - 2013-04-17 06:55 - 00000000 ____D C:\Program Files (x86)\Everything
2014-01-28 18:14 - 2012-11-22 20:20 - 02048993 _____ C:\Windows\WindowsUpdate.log
2014-01-28 18:08 - 2013-11-04 00:50 - 00000000 ____D C:\Users\Peter\AppData\Roaming\ClassicShell
2014-01-28 18:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-28 17:58 - 2012-10-25 05:08 - 00751892 _____ C:\Windows\system32\perfh007.dat
2014-01-28 17:58 - 2012-10-25 05:08 - 00155620 _____ C:\Windows\system32\perfc007.dat
2014-01-28 17:58 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-28 17:54 - 2013-05-07 23:48 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-28 17:53 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-28 17:52 - 2014-01-28 17:48 - 00000000 ____D C:\AdwCleaner
2014-01-28 17:52 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-28 17:47 - 2014-01-28 17:47 - 01166132 _____ C:\Users\Peter\Downloads\adwcleaner.exe
2014-01-28 17:43 - 2012-10-25 04:55 - 01109548 _____ C:\Windows\PFRO.log
2014-01-28 17:39 - 2013-06-18 08:37 - 00182784 ___SH C:\Users\Peter\Desktop\Thumbs.db
2014-01-28 17:27 - 2014-01-28 17:27 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-28 17:22 - 2014-01-28 17:22 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Malwarebytes
2014-01-28 17:21 - 2014-01-28 17:21 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-28 17:21 - 2014-01-28 17:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-28 17:21 - 2014-01-28 17:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-28 17:20 - 2014-01-28 17:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Peter\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-27 18:14 - 2014-01-27 18:14 - 00021037 _____ C:\ComboFix.txt
2014-01-27 18:14 - 2014-01-27 18:01 - 00000000 ____D C:\Qoobox
2014-01-27 18:14 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2014-01-27 18:12 - 2014-01-27 18:01 - 00000000 ____D C:\Windows\erdnt
2014-01-27 18:10 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2014-01-27 18:01 - 2014-01-27 18:00 - 05175619 ____R (Swearware) C:\Users\Peter\Downloads\ComboFix.exe
2014-01-27 17:46 - 2014-01-27 17:46 - 00035526 _____ C:\Users\Peter\Documents\bookmark.htm
2014-01-27 14:21 - 2013-04-17 04:47 - 00000000 ____D C:\Users\Peter\Documents\aPETER
2014-01-27 14:19 - 2014-01-27 14:19 - 00006166 _____ C:\Users\Peter\Downloads\Gmer.txt
2014-01-27 13:51 - 2014-01-27 13:51 - 00370971 _____ C:\Users\Peter\Downloads\gmer_2.1.19355.zip
2014-01-27 13:46 - 2014-01-27 13:46 - 00019908 _____ C:\Users\Peter\Downloads\Addition.txt
2014-01-27 13:46 - 2014-01-27 13:46 - 00000119 _____ C:\Users\Peter\Desktop\Addition.txt
2014-01-27 12:11 - 2014-01-27 12:10 - 00000472 _____ C:\Users\Peter\Desktop\defogger_disable.log
2014-01-27 12:10 - 2014-01-27 12:10 - 00000000 _____ C:\Users\Peter\defogger_reenable
2014-01-27 12:10 - 2013-04-17 00:27 - 00000000 ____D C:\Users\Peter
2014-01-27 11:38 - 2013-10-16 23:16 - 00000000 ____D C:\ProgramData\Oracle
2014-01-27 11:37 - 2014-01-27 11:37 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:37 - 2013-08-04 20:49 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-22 08:32 - 2013-04-27 10:27 - 00000000 ____D C:\Bridge Base Online
2014-01-22 07:59 - 2014-01-03 12:33 - 00000000 ____D C:\dmpro
2014-01-22 07:59 - 2013-04-17 00:28 - 00000000 ____D C:\Users\Peter\AppData\Local\VirtualStore
2014-01-19 12:37 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2014-01-19 12:10 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-19 08:33 - 2014-01-28 01:25 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 20:59 - 2013-09-01 16:19 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2014-01-17 13:19 - 2013-09-24 10:31 - 00002182 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-16 11:55 - 2013-04-17 05:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 11:54 - 2013-08-15 09:38 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 11:50 - 2013-04-18 09:48 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 01:33 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2014-01-13 17:09 - 2014-01-13 17:09 - 00000000 ____D C:\Users\Peter\Documents\StreamTransport
2014-01-13 17:06 - 2014-01-13 17:06 - 00001098 _____ C:\Users\Public\Desktop\StreamTransport.lnk
2014-01-13 17:06 - 2014-01-13 17:06 - 00000000 ____D C:\Program Files (x86)\StreamTransport
2014-01-13 16:06 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-09 09:02 - 2013-11-16 11:32 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-16 11:32 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-08 10:12 - 2013-04-17 08:16 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2014-01-08 09:01 - 2013-04-17 08:16 - 00000000 ____D C:\ProgramData\Skype
2014-01-08 09:00 - 2013-04-17 08:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-07 18:53 - 2013-09-01 16:19 - 00000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-03 12:34 - 2014-01-03 12:34 - 00001411 _____ C:\Users\Public\Desktop\Dealmaster Pro.lnk
2014-01-03 12:26 - 2014-01-03 12:25 - 00397248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-31 19:15 - 2013-04-17 05:29 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-27 12:20

==================== End Of Log ============================

--- --- ---

Hoffe, das passt einigermaßen.

Gruß, petsei

schrauber · 29.01.2014, 12:01

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

petsei · 29.01.2014, 15:05

Hallo schrauber,
heißt Dein Smiley, dass wir in der Zielgeraden sind ? Wie gewünscht, bitte....

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b170f2cd054d2d42a8b0ac75e34cff4b
# engine=16850
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-29 01:40:44
# local_time=2014-01-29 02:40:44 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775165 100 96 11065 256429734 3842 0
# compatibility_mode=5893 16776574 100 94 77404 18286319 0 0
# scanned=200120
# found=0
# cleaned=0
# scan_time=3693

Code:

ATTFilter

Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
Avira Desktop      
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 	11.9.900.170  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Thunderbird (24.0.1) 
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Peter (administrator) on PETSEI on 29-01-2014 14:56:34
Running from C:\Users\Peter\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(RapidSolution Software AG) C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS Ai Charger] - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-05-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-10-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [SoftAuto.exe] - C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKCU\...\Run: [CTZDetec.exe] - C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe [368640 2008-04-24] (Creative Technology Ltd.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default\user.js
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ReminderFox - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vfucr.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-07-03]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKCU\...\Firefox\Extensions: [{67d5e887-f92d-4c57-8f2b-0165c0432c49}] - C:\Program Files (x86)\Show-Password\150.xpi

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-24]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-24]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-24]
CHR Extension: (Google-Suche) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-24]
CHR Extension: (Freemake Video Converter) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-09-24]
CHR Extension: (Show-Password) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\logekkkdbdidmmcgkonmmonclldogceg [2014-01-27]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Google Mail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-24]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-07-01]

==================== Services (Whitelisted) =================

U2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-15] (Advanced Micro Devices, Inc.)
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
U2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
U2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
U2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
U2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)
U2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-28] (Freemake)
U2 Virtual CDAudio Service; C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [179464 2013-04-24] (RapidSolution Software AG)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-23] (ASUSTek Computer Inc.)
U3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
U3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
U3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
U2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
U1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
U1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
U3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
U3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
U3 RRNetCap; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-04-24] (RapidSolution Software AG)
U3 RRNetCapMP; C:\Windows\system32\DRIVERS\rrnetcap.sys [37480 2013-04-24] (RapidSolution Software AG)
U3 rsvcdwdr; C:\Windows\system32\DRIVERS\rsvcdwdr.sys [45192 2013-04-24] (RapidSolution Software AG)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-29 14:56 - 2014-01-29 14:56 - 00017516 _____ C:\Users\Peter\Downloads\FRST.txt
2014-01-29 14:56 - 2014-01-29 14:56 - 00000000 ____D C:\Users\Peter\Downloads\FRST-OlderVersion
2014-01-29 14:47 - 2014-01-29 14:47 - 00987425 _____ C:\Users\Peter\Downloads\SecurityCheck.exe
2014-01-29 13:07 - 2014-01-29 13:07 - 05631168 _____ (IvoSoft) C:\Users\Peter\Downloads\ClassicShellSetup_4_0_4.exe
2014-01-28 18:22 - 2014-01-28 18:22 - 00000000 ____D C:\Windows\ERUNT
2014-01-28 18:20 - 2014-01-28 18:20 - 01037068 _____ (Thisisu) C:\Users\Peter\Downloads\JRT.exe
2014-01-28 17:48 - 2014-01-28 17:52 - 00000000 ____D C:\AdwCleaner
2014-01-28 17:47 - 2014-01-28 17:47 - 01166132 _____ C:\Users\Peter\Downloads\adwcleaner.exe
2014-01-28 17:27 - 2014-01-28 17:27 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-28 17:22 - 2014-01-28 17:22 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Malwarebytes
2014-01-28 17:21 - 2014-01-28 17:21 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-28 17:21 - 2014-01-28 17:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-28 17:21 - 2014-01-28 17:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-28 17:21 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-28 17:20 - 2014-01-28 17:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Peter\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-28 01:25 - 2014-01-19 08:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-27 18:14 - 2014-01-27 18:14 - 00021037 _____ C:\ComboFix.txt
2014-01-27 18:01 - 2014-01-27 18:14 - 00000000 ____D C:\Qoobox
2014-01-27 18:01 - 2014-01-27 18:12 - 00000000 ____D C:\Windows\erdnt
2014-01-27 18:01 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-27 18:01 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-27 18:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-27 18:01 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-27 18:00 - 2014-01-27 18:01 - 05175619 ____R (Swearware) C:\Users\Peter\Downloads\ComboFix.exe
2014-01-27 17:46 - 2014-01-27 17:46 - 00035526 _____ C:\Users\Peter\Documents\bookmark.htm
2014-01-27 13:45 - 2014-01-29 14:56 - 00000000 ____D C:\FRST
2014-01-27 13:44 - 2014-01-29 14:56 - 02079744 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-01-27 12:10 - 2014-01-27 12:10 - 00000000 _____ C:\Users\Peter\defogger_reenable
2014-01-27 11:37 - 2014-01-27 11:37 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-27 11:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-27 11:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-27 11:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-18 17:12 - 2014-01-18 17:12 - 00283840 _____ (IvoSoft) C:\Windows\system32\StartMenuHelper64.dll
2014-01-18 17:12 - 2014-01-18 17:12 - 00243904 _____ (IvoSoft) C:\Windows\SysWOW64\StartMenuHelper32.dll
2014-01-15 15:15 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-15 15:15 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-15 15:15 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 15:15 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-15 15:15 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-15 15:15 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-15 15:15 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-15 15:15 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-15 15:15 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-15 15:15 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 15:15 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-15 15:11 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 15:11 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 15:11 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 15:11 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-13 17:09 - 2014-01-13 17:09 - 00000000 ____D C:\Users\Peter\Documents\StreamTransport
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-03 12:34 - 2014-01-03 12:34 - 00001411 _____ C:\Users\Public\Desktop\Dealmaster Pro.lnk
2014-01-03 12:33 - 2014-01-22 07:59 - 00000000 ____D C:\dmpro
2014-01-03 12:25 - 2014-01-03 12:26 - 00397248 _____ C:\Windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-01-29 14:56 - 2014-01-29 14:56 - 00017516 _____ C:\Users\Peter\Downloads\FRST.txt
2014-01-29 14:56 - 2014-01-29 14:56 - 00000000 ____D C:\Users\Peter\Downloads\FRST-OlderVersion
2014-01-29 14:56 - 2014-01-27 13:45 - 00000000 ____D C:\FRST
2014-01-29 14:56 - 2014-01-27 13:44 - 02079744 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-01-29 14:55 - 2013-11-04 00:50 - 00000000 ____D C:\Users\Peter\AppData\Roaming\ClassicShell
2014-01-29 14:54 - 2013-04-17 04:47 - 00000000 ____D C:\Users\Peter\Documents\aPETER
2014-01-29 14:47 - 2014-01-29 14:47 - 00987425 _____ C:\Users\Peter\Downloads\SecurityCheck.exe
2014-01-29 14:40 - 2013-07-02 16:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 14:16 - 2013-05-07 23:48 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 14:16 - 2013-05-07 23:48 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 14:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-29 13:14 - 2013-11-04 00:46 - 00000000 ____D C:\ProgramData\ClassicShell
2014-01-29 13:11 - 2012-11-22 20:20 - 02091485 _____ C:\Windows\WindowsUpdate.log
2014-01-29 13:09 - 2013-11-04 00:49 - 00000000 ____D C:\Program Files\Classic Shell
2014-01-29 13:07 - 2014-01-29 13:07 - 05631168 _____ (IvoSoft) C:\Users\Peter\Downloads\ClassicShellSetup_4_0_4.exe
2014-01-29 13:01 - 2012-10-25 05:08 - 00751892 _____ C:\Windows\system32\perfh007.dat
2014-01-29 13:01 - 2012-10-25 05:08 - 00155620 _____ C:\Windows\system32\perfc007.dat
2014-01-29 13:01 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-29 12:59 - 2012-07-26 08:21 - 00083271 _____ C:\Windows\setupact.log
2014-01-29 12:51 - 2013-04-17 00:35 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2482523277-1572735136-853847637-1002
2014-01-29 00:46 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 00:45 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-29 00:34 - 2013-04-17 06:55 - 00000000 ____D C:\Program Files (x86)\Everything
2014-01-29 00:30 - 2013-04-17 06:31 - 00000000 ____D C:\Users\Peter\AppData\Roaming\MailWasherPro
2014-01-28 22:18 - 2013-09-24 10:31 - 00002182 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-28 19:55 - 2013-04-27 10:27 - 00000000 ____D C:\Bridge Base Online
2014-01-28 18:57 - 2013-06-18 08:37 - 00206336 ___SH C:\Users\Peter\Desktop\Thumbs.db
2014-01-28 18:22 - 2014-01-28 18:22 - 00000000 ____D C:\Windows\ERUNT
2014-01-28 18:20 - 2014-01-28 18:20 - 01037068 _____ (Thisisu) C:\Users\Peter\Downloads\JRT.exe
2014-01-28 17:52 - 2014-01-28 17:48 - 00000000 ____D C:\AdwCleaner
2014-01-28 17:47 - 2014-01-28 17:47 - 01166132 _____ C:\Users\Peter\Downloads\adwcleaner.exe
2014-01-28 17:43 - 2012-10-25 04:55 - 01109548 _____ C:\Windows\PFRO.log
2014-01-28 17:27 - 2014-01-28 17:27 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-28 17:22 - 2014-01-28 17:22 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Malwarebytes
2014-01-28 17:21 - 2014-01-28 17:21 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-28 17:21 - 2014-01-28 17:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-28 17:21 - 2014-01-28 17:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-28 17:20 - 2014-01-28 17:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Peter\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-27 18:14 - 2014-01-27 18:14 - 00021037 _____ C:\ComboFix.txt
2014-01-27 18:14 - 2014-01-27 18:01 - 00000000 ____D C:\Qoobox
2014-01-27 18:14 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2014-01-27 18:12 - 2014-01-27 18:01 - 00000000 ____D C:\Windows\erdnt
2014-01-27 18:10 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2014-01-27 18:01 - 2014-01-27 18:00 - 05175619 ____R (Swearware) C:\Users\Peter\Downloads\ComboFix.exe
2014-01-27 17:46 - 2014-01-27 17:46 - 00035526 _____ C:\Users\Peter\Documents\bookmark.htm
2014-01-27 12:10 - 2014-01-27 12:10 - 00000000 _____ C:\Users\Peter\defogger_reenable
2014-01-27 12:10 - 2013-04-17 00:27 - 00000000 ____D C:\Users\Peter
2014-01-27 11:38 - 2013-10-16 23:16 - 00000000 ____D C:\ProgramData\Oracle
2014-01-27 11:37 - 2014-01-27 11:37 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:37 - 2013-08-04 20:49 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-22 07:59 - 2014-01-03 12:33 - 00000000 ____D C:\dmpro
2014-01-22 07:59 - 2013-04-17 00:28 - 00000000 ____D C:\Users\Peter\AppData\Local\VirtualStore
2014-01-19 12:37 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2014-01-19 12:10 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-19 08:33 - 2014-01-28 01:25 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 17:12 - 2014-01-18 17:12 - 00283840 _____ (IvoSoft) C:\Windows\system32\StartMenuHelper64.dll
2014-01-18 17:12 - 2014-01-18 17:12 - 00243904 _____ (IvoSoft) C:\Windows\SysWOW64\StartMenuHelper32.dll
2014-01-17 20:59 - 2013-09-01 16:19 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2014-01-16 11:55 - 2013-04-17 05:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 11:54 - 2013-08-15 09:38 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 11:50 - 2013-04-18 09:48 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 01:33 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2014-01-13 17:09 - 2014-01-13 17:09 - 00000000 ____D C:\Users\Peter\Documents\StreamTransport
2014-01-13 16:06 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-09 09:02 - 2013-11-16 11:32 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-16 11:32 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-08 10:12 - 2013-04-17 08:16 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2014-01-08 09:01 - 2013-04-17 08:16 - 00000000 ____D C:\ProgramData\Skype
2014-01-08 09:00 - 2013-04-17 08:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-07 18:53 - 2013-09-01 16:19 - 00000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-03 12:34 - 2014-01-03 12:34 - 00001411 _____ C:\Users\Public\Desktop\Dealmaster Pro.lnk
2014-01-03 12:26 - 2014-01-03 12:25 - 00397248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-31 19:15 - 2013-04-17 05:29 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-27 12:20

==================== End Of Log ============================

--- --- ---

Ich kann mich nur wiederholen, ich bedanke mich, schrauber !
Gruß,
petsei

schrauber · 30.01.2014, 07:24

Adobe updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

petsei · 30.01.2014, 14:14

Hi schrauber, leider muß ich dich nocheinmal belästigen. Die defogger.exe ist mir abhanden gekommen und mein Papierkorb wurde im Zuge unserer gemeinsamen Arbeit geleert. Die Datei defogger_reenable ist eine leere Hülse.
Soll ich defogger.exe nocheinmal herunterladen?
gruß, petsei

schrauber · 31.01.2014, 08:51

Nö wenn die Datei ler ist brauchste das nit, einfach die DAtei löschen

petsei · 31.01.2014, 12:38

Hi schrauber,
damit wäre alles erledigt.Nochmals vielen Dank.
Gruß,
petsei

schrauber · 01.02.2014, 10:19

Gern Geschehen

31.01.2014, 08:51	#10
schrauber /// the machine /// TB-Ausbilder	Windows 8/64bit: Optimizer Pro auf PC Nö wenn die Datei ler ist brauchste das nit, einfach die DAtei löschen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

01.02.2014, 10:19	#12
schrauber /// the machine /// TB-Ausbilder	Windows 8/64bit: Optimizer Pro auf PC Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 8/64bit: Optimizer Pro auf PC

Log-Analyse und Auswertung: Windows 8/64bit: Optimizer Pro auf PC