Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.08.2013, 11:24   #1
muecke
 
Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen - Standard

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen



Hallo zusammen,

meine Freundin bekam Gestern eine Mail von einer Freundin. Diese wurde allerdings nicht von ihr geschrieben, sondern von ihrem gehackten E-Mail Account versendet mit link-adresse. Sie wusste nicht, dass diese nicht von ihrer Freundin kam un öffnete den link. Ich habe deshalb heute den Rechner überprüft und folgende 3 Dateien gefunden.

Ich weiss dass ihr Java noch nicht auf dem neuesten Stand ist, wollte dies jetzt aber auch nicht mehr verändern um keine Verfälschung im Scan zu bekommen. Wird direkt nach der Problembehebung via javara aktualisiert.

Hier die benötigten Log-Files aus Antivir, Defogger, etc.

Vielen Dank für eure Hilfe

Beste Grüße

Mücke
Angehängte Dateien
Dateityp: log defogger_disable.log (540 Bytes, 129x aufgerufen)
Dateityp: txt Addition.txt (18,2 KB, 197x aufgerufen)
Dateityp: txt FRST.txt (22,9 KB, 132x aufgerufen)
Dateityp: txt Antivir.txt (650 Bytes, 130x aufgerufen)
Dateityp: log Gmer.log (7,8 KB, 115x aufgerufen)

Alt 04.08.2013, 11:36   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen - Standard

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 04.08.2013, 12:16   #3
muecke
 
Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen - Standard

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen



Hier nochmal die Codes der Logs... Sorry
Einmal Antivir

Code:
ATTFilter
Die Datei 'C:\Users\Gabi\AppData\Local\Temp\plugtmp-2\plugin-hram.php'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Pidief.eji' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.

Die Datei 'C:\Users\Gabi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\618e7568-6c1f0f58'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Java.HLP.A.1197' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.

Die Datei 'C:\Users\Gabi\AppData\Local\Temp\7zSD68.tmp\50d6c2f0b7f77.ocx'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
         
Defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:58 on 04/08/2013 (Gabi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         

FRST



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by Gabi (administrator) on 04-08-2013 11:58:58
Running from C:\Users\Gabi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Windows\system32\consent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Gabi\Downloads\Defogger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKCU\...\Run: [Device Detection] - C:\Program Files (x86)\Lidl_Fotos\dd.exe [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [246592 2012-05-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202048 2012-05-15] (NVIDIA Corporation)
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Visualisateur 3D de 20-20 - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default\Extensions\2020Player_IKEA@2020Technologies.com
FF Extension: No Name - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-12] (Avira Operations GmbH & Co. KG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-12] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-12] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-01] (DT Soft Ltd)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-04 11:58 - 2013-08-04 11:58 - 00000540 _____ C:\Users\Gabi\Downloads\defogger_disable.log
2013-08-04 11:58 - 2013-08-04 11:58 - 00000168 _____ C:\Users\Gabi\defogger_reenable
2013-08-04 11:58 - 2013-08-04 11:58 - 00000000 ____D C:\FRST
2013-08-04 11:57 - 2013-08-04 11:57 - 00377856 _____ C:\Users\Gabi\Downloads\gmer_2.1.19163.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 01781485 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 00050477 _____ C:\Users\Gabi\Downloads\Defogger.exe
2013-07-12 07:45 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 07:45 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 07:45 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 07:45 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 07:45 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 07:45 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 07:45 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 07:45 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 07:45 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 07:55 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 07:55 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 07:55 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 07:55 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 07:55 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 07:55 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 07:55 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 09:37 - 2013-07-08 09:54 - 00000000 ____D C:\Users\Gabi\Desktop\Slackline Worldcup '13

==================== One Month Modified Files and Folders =======

2013-08-04 11:58 - 2013-08-04 11:58 - 00000540 _____ C:\Users\Gabi\Downloads\defogger_disable.log
2013-08-04 11:58 - 2013-08-04 11:58 - 00000168 _____ C:\Users\Gabi\defogger_reenable
2013-08-04 11:58 - 2013-08-04 11:58 - 00000000 ____D C:\FRST
2013-08-04 11:58 - 2012-04-24 21:40 - 00000000 ____D C:\Users\Gabi
2013-08-04 11:57 - 2013-08-04 11:57 - 00377856 _____ C:\Users\Gabi\Downloads\gmer_2.1.19163.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 01781485 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 00050477 _____ C:\Users\Gabi\Downloads\Defogger.exe
2013-08-04 11:47 - 2012-07-14 22:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-04 10:53 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-04 10:53 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-04 10:52 - 2011-11-18 09:10 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-04 10:52 - 2011-11-18 09:10 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-04 10:52 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-04 10:46 - 2012-04-25 09:09 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\Skype
2013-08-04 10:46 - 2012-04-24 21:49 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-04 10:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-04 10:45 - 2009-07-14 06:51 - 00084703 _____ C:\Windows\setupact.log
2013-08-03 13:21 - 2011-11-18 00:17 - 01476781 _____ C:\Windows\WindowsUpdate.log
2013-07-31 09:35 - 2012-10-01 20:27 - 00000000 ____D C:\Users\Gabi\.VirtualBox
2013-07-30 07:38 - 2013-02-06 10:15 - 00000000 ____D C:\Users\Gabi\Documents\Rechnungen Selbsst
2013-07-22 19:11 - 2012-04-25 18:31 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\vlc
2013-07-22 17:58 - 2012-11-28 22:43 - 00000000 ____D C:\Users\Gabi\Documents\Heilpraktiker
2013-07-21 14:40 - 2012-05-16 11:06 - 00194048 ___SH C:\Users\Gabi\Documents\Thumbs.db
2013-07-21 14:39 - 2012-06-20 19:33 - 04500270 _____ C:\Users\Gabi\Documents\Lebenslauf Gabi 2012.odt
2013-07-13 08:25 - 2009-07-14 06:45 - 00309512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 08:24 - 2013-03-14 00:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 08:23 - 2013-03-14 00:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 11:56 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 11:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 11:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 07:47 - 2012-04-24 22:14 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-08 09:54 - 2013-07-08 09:37 - 00000000 ____D C:\Users\Gabi\Desktop\Slackline Worldcup '13
2013-07-05 07:01 - 2012-08-05 22:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 09:29

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---



Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2013
Ran by Gabi at 2013-08-04 12:00:00
Running from C:\Users\Gabi\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Acer Backup Manager (x32 Version: 3.0.0.99)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904)
Acer ePower Management (x32 Version: 6.00.3008)
Acer eRecovery Management (x32 Version: 5.00.3504)
Acer Games (x32 Version: 1.0.2.5)
Acer Registration (x32 Version: 1.04.3504)
Acer ScreenSaver (x32 Version: 1.1.0519.2011)
Acer Updater (x32 Version: 1.02.3500)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Age of Conan: Unchained (x32)
Avira Free Antivirus (x32 Version: 12.1.9.2400)
Backup Manager V3 (x32 Version: 3.0.0.99)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2)
Broadcom NetLink Controller (Version: 14.8.4.1)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
clear.fi (x32 Version: 1.0.1517_36458)
clear.fi (x32 Version: 1.0.2024.00)
clear.fi (x32 Version: 9.0.8026)
clear.fi Client (x32 Version: 1.00.3500)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.4.0314)
Diablo III (x32 Version: 1.0.7.15295)
DivX-Setup (x32 Version: 2.6.1.8)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7)
Drakensang Online (x32)
eaner (Version: 3.18)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3)
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451)
FATE (x32 Version: 2.2.0.97)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Foxit Reader (x32 Version: 5.4.2.901)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
GIMP 2.8.2 (Version: 2.8.2)
Identity Card (x32 Version: 1.00.3501)
Insaniquarium Deluxe (x32 Version: 2.2.0.97)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.01.1000)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026)
Intel(R) WiDi (x32 Version: 2.1.41.0)
Intel(R) Wireless Display
Java 7 Update 10 (64-bit) (Version: 7.0.100)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Jewel Match 3 (x32 Version: 2.2.0.97)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.1.7)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (x32 Version: 4.0.14.27)
MyWinLocker Suite (x32 Version: 4.0.14.19)
newsXpresso (x32 Version: 1.0.0.40)
NTI Media Maker 9 (x32 Version: 9.0.2.9002)
NVIDIA Grafiktreiber 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA Optimus 1.8.15 (Version: 1.8.15)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213)
NVIDIA Systemsteuerung 301.42 (Version: 301.42)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Oracle VM VirtualBox 4.2.0 (Version: 4.2.0)
PDF Architect (x32 Version: 1.0.41.8362)
PDFCreator (x32 Version: 1.6.1)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Polar Bowler (x32 Version: 2.2.0.97)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Skype™ 6.3 (x32 Version: 6.3.107)
Slingo Deluxe (x32 Version: 2.2.0.95)
Steam (x32 Version: 1.0.0.0)
Titan Quest (x32 Version: 1.00.0000)
Titan Quest Immortal Throne (x32 Version: 1.00.0000)
Torchlight (x32 Version: 2.2.0.97)
Torchlight II (x32)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97)
VLC media player 2.0.5 (x32 Version: 2.0.5)
Wedding Dash (x32 Version: 2.2.0.95)
Welcome Center (x32 Version: 1.02.3504)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14)
Winamp (x32 Version: 5.623 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
Zuma Deluxe (x32 Version: 2.2.0.95)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

24-05-2013 08:16:34 Geplanter Prüfpunkt
31-05-2013 11:02:26 Geplanter Prüfpunkt
14-06-2013 06:38:27 Windows Update
17-06-2013 15:05:57 Windows Update
12-07-2013 05:35:32 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {7D67ABA8-6E75-4A7E-BFBF-8D444FCC6C90} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {83A559CC-88E5-4DE2-8C88-3C6C4A5DBCD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {8D4B73D2-CEAD-41C8-9B6F-8114F0F2A1B1} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-08-10] (Acer)
Task: {90FB0E62-AE09-4241-865D-35F30926B257} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {A62E1097-111E-4D85-A806-35C4A3DE3F3F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {E83459CD-15F6-4FD8-9F25-F15FC1318777} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {EDD83850-AA70-49F2-B4AA-8AB2472479FE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2013 10:45:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 01:06:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 09:28:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2013 07:33:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2013 06:50:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 11:19:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 07:41:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 10:22:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 07:47:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 07:21:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/26/2013 08:09:36 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (07/24/2013 08:56:36 AM) (Source: DCOM) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}

Error: (07/24/2013 08:56:06 AM) (Source: DCOM) (User: )
Description: {C332C124-340D-4430-AA0D-C75602876FCC}

Error: (07/24/2013 08:43:21 AM) (Source: DCOM) (User: )
Description: {7160A13D-73DA-4CEA-95B9-37356478588A}

Error: (07/24/2013 08:37:43 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (07/24/2013 08:37:43 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/08/2013 02:39:07 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/08/2013 02:10:58 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/03/2013 08:59:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\System32\IWMSSvc.dll
Fehlercode: 258

Error: (07/01/2013 05:58:51 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (08/04/2013 10:45:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2013 01:06:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 09:28:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2013 07:33:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2013 06:50:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 11:19:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 07:41:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 10:22:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 07:47:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2013 07:21:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8043.86 MB
Available physical RAM: 5252.18 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13189.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:324.96 GB) NTFS (Disk=0 Partition=3)
Drive e: (Fedora-17-i686-L) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E155AD59)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Und GMER

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-04 12:10:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Gabi\AppData\Local\Temp\kwldqpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                          fffff80002ff2000 63 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624                                                                          fffff80002ff2040 1 byte [0B]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               0000000074de1465 2 bytes [DE, 74]
.text     C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000074de14bb 2 bytes [DE, 74]
.text     ...                                                                                                                                         * 2
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000074de1465 2 bytes [DE, 74]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000074de14bb 2 bytes [DE, 74]
.text     ...                                                                                                                                         * 2
.text     C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000074de1465 2 bytes [DE, 74]
.text     C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         0000000074de14bb 2 bytes [DE, 74]
.text     ...                                                                                                                                         * 2
.text     C:\Program Files (x86)\Launch Manager\LManager.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000074de1465 2 bytes [DE, 74]
.text     C:\Program Files (x86)\Launch Manager\LManager.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           0000000074de14bb 2 bytes [DE, 74]
.text     ...                                                                                                                                         * 2
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000074de1465 2 bytes [DE, 74]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       0000000074de14bb 2 bytes [DE, 74]
.text     ...                                                                                                                                         * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000074de1465 2 bytes [DE, 74]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             0000000074de14bb 2 bytes [DE, 74]
.text     ...                                                                                                                                         * 2
.text     C:\program files (x86)\avira\antivir desktop\avcenter.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000074de1465 2 bytes [DE, 74]
.text     C:\program files (x86)\avira\antivir desktop\avcenter.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000074de14bb 2 bytes [DE, 74]
.text     ...                                                                                                                                         * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000074de1465 2 bytes [DE, 74]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     0000000074de14bb 2 bytes [DE, 74]
.text     ...                                                                                                                                         * 2
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000074de1465 2 bytes [DE, 74]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000074de14bb 2 bytes [DE, 74]
.text     ...                                                                                                                                         * 2
.text     C:\Users\Gabi\Downloads\Defogger.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000074de1465 2 bytes [DE, 74]
.text     C:\Users\Gabi\Downloads\Defogger.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         0000000074de14bb 2 bytes [DE, 74]
.text     ...                                                                                                                                         * 2

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind    \Device\{4E7D1E52-13BF-4ECC-AC70-97C7F58AD85B}?\Device\{B5883AAE-5A70-43D1-A3B7-35C8D830148A}?\Device\{DF6AF107-C92E-433A-A42A-81D8A3C93B69}?\Device\{2E6EBD58-C9BD-4687-94DD-55E39BE9AFB0}?\Device\{F87A8A50-4A14-480F-A670-CBA2058960B6}?
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route   "{4E7D1E52-13BF-4ECC-AC70-97C7F58AD85B}"?"{B5883AAE-5A70-43D1-A3B7-35C8D830148A}"?"{DF6AF107-C92E-433A-A42A-81D8A3C93B69}"?"{2E6EBD58-C9BD-4687-94DD-55E39BE9AFB0}"?"{F87A8A50-4A14-480F-A670-CBA2058960B6}"?
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export  \Device\TCPIP6TUNNEL_{4E7D1E52-13BF-4ECC-AC70-97C7F58AD85B}?\Device\TCPIP6TUNNEL_{B5883AAE-5A70-43D1-A3B7-35C8D830148A}?\Device\TCPIP6TUNNEL_{DF6AF107-C92E-433A-A42A-81D8A3C93B69}?\Device\TCPIP6TUNNEL_{2E6EBD58-C9BD-4687-94DD-55E39BE9AFB0}?\Device\TCPIP6TUNNEL_{F87A8A50-4A14-480F-A670-CBA2058960B6}?
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4E7D1E52-13BF-4ECC-AC70-97C7F58AD85B}@InterfaceName                      isatap.{3C180582-3290-4F1E-A50B-3764CAABAF7D}
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4E7D1E52-13BF-4ECC-AC70-97C7F58AD85B}@ReusableType                       0
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{DF6AF107-C92E-433A-A42A-81D8A3C93B69}@InterfaceName                      isatap.{82AA5297-3A14-4FF9-BDE9-F736870B6970}
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{DF6AF107-C92E-433A-A42A-81D8A3C93B69}@ReusableType                       0

---- EOF - GMER 2.1 ----
         

Und Hier noch die AdwCleaner log

Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 04/08/2013 um 13:16:51 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Gabi - GABI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gabi\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Gabi\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1436 octets] - [04/08/2013 13:16:28]
AdwCleaner[S1].txt - [1369 octets] - [04/08/2013 13:16:51]

########## EOF - C:\AdwCleaner[S1].txt - [1429 octets] ##########
         
__________________

Geändert von muecke (04.08.2013 um 12:23 Uhr)

Alt 05.08.2013, 07:13   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen - Standard

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen



Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.08.2013, 05:36   #5
muecke
 
Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen - Standard

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.3 (08.04.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gabi on 05.08.2013 at 21:27:29,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Gabi\appdata\local\software"
Successfully deleted: [Empty Folder] C:\Users\Gabi\appdata\local\{131CED06-4A99-43BC-9747-C0F4362E0B7A}
Successfully deleted: [Empty Folder] C:\Users\Gabi\appdata\local\{5A5673E3-1FB3-403C-9D42-139265735E48}
Successfully deleted: [Empty Folder] C:\Users\Gabi\appdata\local\{91D2A485-2A93-4F6B-A8FA-DB9506FBAF3B}
Successfully deleted: [Empty Folder] C:\Users\Gabi\appdata\local\{A0E7A496-D3BC-490E-B471-D761FEC572F7}



~~~ FireFox

Emptied folder: C:\Users\Gabi\AppData\Roaming\mozilla\firefox\profiles\lgbqqqrn.default\minidumps [100 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.08.2013 at 21:40:05,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by Gabi (administrator) on 06-08-2013 06:33:37
Running from C:\Users\Gabi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKCU\...\Run: [Device Detection] - C:\Program Files (x86)\Lidl_Fotos\dd.exe [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [246592 2012-05-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202048 2012-05-15] (NVIDIA Corporation)
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Visualisateur 3D de 20-20 - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default\Extensions\2020Player_IKEA@2020Technologies.com
FF Extension: No Name - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-12] (Avira Operations GmbH & Co. KG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-12] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-12] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-01] (DT Soft Ltd)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-06 06:31 - 2013-08-06 06:31 - 01788685 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64(1).exe
2013-08-05 21:40 - 2013-08-05 21:40 - 00001249 _____ C:\Users\Gabi\Desktop\JRT.txt
2013-08-05 21:27 - 2013-08-05 21:27 - 00000000 ____D C:\Windows\ERUNT
2013-08-05 21:26 - 2013-08-05 21:26 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\Gabi\Downloads\JRT.exe
2013-08-04 13:16 - 2013-08-04 13:17 - 00001498 _____ C:\AdwCleaner[S1].txt
2013-08-04 13:16 - 2013-08-04 13:16 - 00001436 _____ C:\AdwCleaner[R1].txt
2013-08-04 13:15 - 2013-08-04 13:15 - 00666633 _____ C:\Users\Gabi\Downloads\adwcleaner.exe
2013-08-04 12:13 - 2013-08-04 12:13 - 00000650 _____ C:\Users\Gabi\Desktop\Antivir.txt
2013-08-04 12:10 - 2013-08-04 12:10 - 00007970 _____ C:\Users\Gabi\Desktop\Gmer.log
2013-08-04 12:00 - 2013-08-04 12:02 - 00023447 _____ C:\Users\Gabi\Desktop\FRST.txt
2013-08-04 12:00 - 2013-08-04 12:00 - 00018591 _____ C:\Users\Gabi\Desktop\Addition.txt
2013-08-04 11:58 - 2013-08-04 11:58 - 00000540 _____ C:\Users\Gabi\Desktop\defogger_disable.log
2013-08-04 11:58 - 2013-08-04 11:58 - 00000168 _____ C:\Users\Gabi\defogger_reenable
2013-08-04 11:58 - 2013-08-04 11:58 - 00000000 ____D C:\FRST
2013-08-04 11:57 - 2013-08-04 11:57 - 00377856 _____ C:\Users\Gabi\Downloads\gmer_2.1.19163.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 01781485 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 00050477 _____ C:\Users\Gabi\Downloads\Defogger.exe
2013-07-12 07:45 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 07:45 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 07:45 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 07:45 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 07:45 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 07:45 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 07:45 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 07:45 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 07:45 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 07:55 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 07:55 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 07:55 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 07:55 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 07:55 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 07:55 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 07:55 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 09:37 - 2013-07-08 09:54 - 00000000 ____D C:\Users\Gabi\Desktop\Slackline Worldcup '13

==================== One Month Modified Files and Folders =======

2013-08-06 06:31 - 2013-08-06 06:31 - 01788685 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64(1).exe
2013-08-06 06:28 - 2012-07-14 22:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-06 06:28 - 2012-04-25 09:09 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\Skype
2013-08-05 21:40 - 2013-08-05 21:40 - 00001249 _____ C:\Users\Gabi\Desktop\JRT.txt
2013-08-05 21:29 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 21:29 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-05 21:27 - 2013-08-05 21:27 - 00000000 ____D C:\Windows\ERUNT
2013-08-05 21:26 - 2013-08-05 21:26 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\Gabi\Downloads\JRT.exe
2013-08-05 21:26 - 2011-11-18 09:10 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-05 21:26 - 2011-11-18 09:10 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-05 21:26 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-05 21:22 - 2012-04-24 21:49 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-05 21:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-05 21:21 - 2009-07-14 06:51 - 00085039 _____ C:\Windows\setupact.log
2013-08-05 00:26 - 2011-11-18 00:17 - 01588372 _____ C:\Windows\WindowsUpdate.log
2013-08-04 13:17 - 2013-08-04 13:16 - 00001498 _____ C:\AdwCleaner[S1].txt
2013-08-04 13:16 - 2013-08-04 13:16 - 00001436 _____ C:\AdwCleaner[R1].txt
2013-08-04 13:15 - 2013-08-04 13:15 - 00666633 _____ C:\Users\Gabi\Downloads\adwcleaner.exe
2013-08-04 12:13 - 2013-08-04 12:13 - 00000650 _____ C:\Users\Gabi\Desktop\Antivir.txt
2013-08-04 12:10 - 2013-08-04 12:10 - 00007970 _____ C:\Users\Gabi\Desktop\Gmer.log
2013-08-04 12:02 - 2013-08-04 12:00 - 00023447 _____ C:\Users\Gabi\Desktop\FRST.txt
2013-08-04 12:00 - 2013-08-04 12:00 - 00018591 _____ C:\Users\Gabi\Desktop\Addition.txt
2013-08-04 11:58 - 2013-08-04 11:58 - 00000540 _____ C:\Users\Gabi\Desktop\defogger_disable.log
2013-08-04 11:58 - 2013-08-04 11:58 - 00000168 _____ C:\Users\Gabi\defogger_reenable
2013-08-04 11:58 - 2013-08-04 11:58 - 00000000 ____D C:\FRST
2013-08-04 11:58 - 2012-04-24 21:40 - 00000000 ____D C:\Users\Gabi
2013-08-04 11:57 - 2013-08-04 11:57 - 00377856 _____ C:\Users\Gabi\Downloads\gmer_2.1.19163.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 01781485 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 00050477 _____ C:\Users\Gabi\Downloads\Defogger.exe
2013-07-31 09:35 - 2012-10-01 20:27 - 00000000 ____D C:\Users\Gabi\.VirtualBox
2013-07-30 07:38 - 2013-02-06 10:15 - 00000000 ____D C:\Users\Gabi\Documents\Rechnungen Selbsst
2013-07-22 19:11 - 2012-04-25 18:31 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\vlc
2013-07-22 17:58 - 2012-11-28 22:43 - 00000000 ____D C:\Users\Gabi\Documents\Heilpraktiker
2013-07-21 14:40 - 2012-05-16 11:06 - 00194048 ___SH C:\Users\Gabi\Documents\Thumbs.db
2013-07-21 14:39 - 2012-06-20 19:33 - 04500270 _____ C:\Users\Gabi\Documents\Lebenslauf Gabi 2012.odt
2013-07-13 08:25 - 2009-07-14 06:45 - 00309512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 08:24 - 2013-03-14 00:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 08:23 - 2013-03-14 00:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 11:56 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 11:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 11:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 07:47 - 2012-04-24 22:14 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-08 09:54 - 2013-07-08 09:37 - 00000000 ____D C:\Users\Gabi\Desktop\Slackline Worldcup '13

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-04 12:54

==================== End Of Log ============================
         
--- --- ---


Alt 06.08.2013, 16:27   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen - Standard

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen

Alt 07.08.2013, 11:10   #7
muecke
 
Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen - Standard

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen



ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d300fe7bed900940bb694978094da1ff
# engine=14677
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-06 07:32:26
# local_time=2013-08-06 09:32:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 86696 121588029 79482 0
# compatibility_mode=5893 16776574 100 94 2194572 127447396 0 0
# scanned=154715
# found=5
# cleaned=0
# scan_time=4919
sh=55B64F53328498D22D269DE2E65BE2FEEBA7DA00 ft=1 fh=75c36158ce6b01c9 vn="Win32/Adware.MultiPlug.D application" ac=I fn="C:\Users\Gabi\AppData\Local\Temp\7zSD68.tmp\50d6c2f0b7f77.ocx"
sh=B95CDA9FDF57EC92EFE6F6F3ACE89EE815D3BC14 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Gabi\AppData\Local\Temp\7zSD68.tmp\50d6c2f0b7fb0.html"
sh=0FA9303F8D135F1683A449F085D02D096AE29A9E ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Gabi\AppData\Local\Temp\7zSD68.tmp\ibmfmpekmdcpjapmdnphjikbbdpdlben.crx"
sh=FBDF8FFD1B08A92A6C7C30082CAC3C058F607588 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Gabi\AppData\Local\Temp\7zSD68.tmp\50d6c2f0b7dd9@50d6c2f0b7e12.com\content\bg.js"
sh=7E5B7E6BD2032A668C0A1DE39ABE3CCB2A94EB05 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gabi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\618e7568-6c1f0f58"

Code:
ATTFilter
Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Mozilla Firefox (22.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Hier noch der FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013 (ATTENTION: ====> FRST version is 6 days old and could be outdated)
Ran by Gabi (administrator) on 07-08-2013 12:03:59
Running from C:\Users\Gabi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Gabi\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\system32\consent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKCU\...\Run: [Device Detection] - C:\Program Files (x86)\Lidl_Fotos\dd.exe [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [246592 2012-05-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202048 2012-05-15] (NVIDIA Corporation)
Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Visualisateur 3D de 20-20 - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default\Extensions\2020Player_IKEA@2020Technologies.com
FF Extension: No Name - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\lgbqqqrn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-12] (Avira Operations GmbH & Co. KG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-12] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-12] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-01] (DT Soft Ltd)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-06 20:07 - 2013-08-06 20:07 - 00891098 _____ C:\Users\Gabi\Downloads\SecurityCheck.exe
2013-08-06 20:07 - 2013-08-06 20:07 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-06 20:06 - 2013-08-06 20:06 - 02347384 _____ (ESET) C:\Users\Gabi\Downloads\esetsmartinstaller_enu.exe
2013-08-06 06:31 - 2013-08-06 06:31 - 01788685 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64(1).exe
2013-08-05 21:40 - 2013-08-05 21:40 - 00001249 _____ C:\Users\Gabi\Desktop\JRT.txt
2013-08-05 21:27 - 2013-08-05 21:27 - 00000000 ____D C:\Windows\ERUNT
2013-08-05 21:26 - 2013-08-05 21:26 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\Gabi\Downloads\JRT.exe
2013-08-04 13:16 - 2013-08-04 13:17 - 00001498 _____ C:\AdwCleaner[S1].txt
2013-08-04 13:16 - 2013-08-04 13:16 - 00001436 _____ C:\AdwCleaner[R1].txt
2013-08-04 13:15 - 2013-08-04 13:15 - 00666633 _____ C:\Users\Gabi\Downloads\adwcleaner.exe
2013-08-04 12:13 - 2013-08-04 12:13 - 00000650 _____ C:\Users\Gabi\Desktop\Antivir.txt
2013-08-04 12:10 - 2013-08-04 12:10 - 00007970 _____ C:\Users\Gabi\Desktop\Gmer.log
2013-08-04 12:00 - 2013-08-04 12:02 - 00023447 _____ C:\Users\Gabi\Desktop\FRST.txt
2013-08-04 12:00 - 2013-08-04 12:00 - 00018591 _____ C:\Users\Gabi\Desktop\Addition.txt
2013-08-04 11:58 - 2013-08-04 11:58 - 00000540 _____ C:\Users\Gabi\Desktop\defogger_disable.log
2013-08-04 11:58 - 2013-08-04 11:58 - 00000168 _____ C:\Users\Gabi\defogger_reenable
2013-08-04 11:58 - 2013-08-04 11:58 - 00000000 ____D C:\FRST
2013-08-04 11:57 - 2013-08-04 11:57 - 00377856 _____ C:\Users\Gabi\Downloads\gmer_2.1.19163.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 01781485 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 00050477 _____ C:\Users\Gabi\Downloads\Defogger.exe
2013-07-12 07:45 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 07:45 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 07:45 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 07:45 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 07:45 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 07:45 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 07:45 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 07:45 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 07:45 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 07:45 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 07:45 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 07:45 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 07:55 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 07:55 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 07:55 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 07:55 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 07:55 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 07:55 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 07:55 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 09:37 - 2013-07-08 09:54 - 00000000 ____D C:\Users\Gabi\Desktop\Slackline Worldcup '13

==================== One Month Modified Files and Folders =======

2013-08-07 11:47 - 2012-07-14 22:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-07 09:50 - 2013-07-04 08:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 08:05 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 08:05 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 08:02 - 2012-04-24 21:49 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-07 08:02 - 2011-11-18 09:10 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-07 08:02 - 2011-11-18 09:10 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-07 08:02 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-07 07:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-07 07:57 - 2009-07-14 06:51 - 00085151 _____ C:\Windows\setupact.log
2013-08-06 22:05 - 2011-11-18 00:17 - 01632717 _____ C:\Windows\WindowsUpdate.log
2013-08-06 20:07 - 2013-08-06 20:07 - 00891098 _____ C:\Users\Gabi\Downloads\SecurityCheck.exe
2013-08-06 20:07 - 2013-08-06 20:07 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-06 20:06 - 2013-08-06 20:06 - 02347384 _____ (ESET) C:\Users\Gabi\Downloads\esetsmartinstaller_enu.exe
2013-08-06 06:31 - 2013-08-06 06:31 - 01788685 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64(1).exe
2013-08-06 06:28 - 2012-04-25 09:09 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\Skype
2013-08-05 21:40 - 2013-08-05 21:40 - 00001249 _____ C:\Users\Gabi\Desktop\JRT.txt
2013-08-05 21:27 - 2013-08-05 21:27 - 00000000 ____D C:\Windows\ERUNT
2013-08-05 21:26 - 2013-08-05 21:26 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\Gabi\Downloads\JRT.exe
2013-08-04 13:17 - 2013-08-04 13:16 - 00001498 _____ C:\AdwCleaner[S1].txt
2013-08-04 13:16 - 2013-08-04 13:16 - 00001436 _____ C:\AdwCleaner[R1].txt
2013-08-04 13:15 - 2013-08-04 13:15 - 00666633 _____ C:\Users\Gabi\Downloads\adwcleaner.exe
2013-08-04 12:13 - 2013-08-04 12:13 - 00000650 _____ C:\Users\Gabi\Desktop\Antivir.txt
2013-08-04 12:10 - 2013-08-04 12:10 - 00007970 _____ C:\Users\Gabi\Desktop\Gmer.log
2013-08-04 12:02 - 2013-08-04 12:00 - 00023447 _____ C:\Users\Gabi\Desktop\FRST.txt
2013-08-04 12:00 - 2013-08-04 12:00 - 00018591 _____ C:\Users\Gabi\Desktop\Addition.txt
2013-08-04 11:58 - 2013-08-04 11:58 - 00000540 _____ C:\Users\Gabi\Desktop\defogger_disable.log
2013-08-04 11:58 - 2013-08-04 11:58 - 00000168 _____ C:\Users\Gabi\defogger_reenable
2013-08-04 11:58 - 2013-08-04 11:58 - 00000000 ____D C:\FRST
2013-08-04 11:58 - 2012-04-24 21:40 - 00000000 ____D C:\Users\Gabi
2013-08-04 11:57 - 2013-08-04 11:57 - 00377856 _____ C:\Users\Gabi\Downloads\gmer_2.1.19163.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 01781485 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe
2013-08-04 11:56 - 2013-08-04 11:56 - 00050477 _____ C:\Users\Gabi\Downloads\Defogger.exe
2013-07-31 09:35 - 2012-10-01 20:27 - 00000000 ____D C:\Users\Gabi\.VirtualBox
2013-07-30 07:38 - 2013-02-06 10:15 - 00000000 ____D C:\Users\Gabi\Documents\Rechnungen Selbsst
2013-07-22 19:11 - 2012-04-25 18:31 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\vlc
2013-07-22 17:58 - 2012-11-28 22:43 - 00000000 ____D C:\Users\Gabi\Documents\Heilpraktiker
2013-07-21 14:40 - 2012-05-16 11:06 - 00194048 ___SH C:\Users\Gabi\Documents\Thumbs.db
2013-07-21 14:39 - 2012-06-20 19:33 - 04500270 _____ C:\Users\Gabi\Documents\Lebenslauf Gabi 2012.odt
2013-07-13 08:25 - 2009-07-14 06:45 - 00309512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 08:24 - 2013-03-14 00:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 08:23 - 2013-03-14 00:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 11:56 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 11:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 11:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 07:47 - 2012-04-24 22:14 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-08 09:54 - 2013-07-08 09:37 - 00000000 ____D C:\Users\Gabi\Desktop\Slackline Worldcup '13

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-04 12:54

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 07.08.2013, 19:21   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen - Standard

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen



Java updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.08.2013, 19:00   #9
muecke
 
Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen - Standard

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen



Rechner ist wieder sauber. Ich danke dir vielmals. Wünsch dir noch nen schönen Abend.

Beste Grüße
Mücke

Alt 09.08.2013, 10:11   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen - Standard

Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen
account, adware/adware.gen, benötigte, dateien, e-mail, exp/java.hlp.a.1197, exp/pidief.eji, freundin, gefunde, gestern, hallo zusammen, infizierte, neues, neueste, rechner, verändern, win32/adware.multiplug.d, win32/adware.multiplug.h, zusammen



Ähnliche Themen: Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen


  1. Adware.Gen2 und 3 mal Java.Rafold.V.Gen und Java Ternewb
    Plagegeister aller Art und deren Bekämpfung - 06.04.2015 (15)
  2. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  3. Adware/Adware.gen von Antivir gefunden - Forsetzung-Thread wegen Noscript und WOT
    Plagegeister aller Art und deren Bekämpfung - 26.10.2014 (16)
  4. Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden
    Log-Analyse und Auswertung - 22.10.2014 (4)
  5. eBay-Fake eMail mit ZIP Anhang gespeichert, Windows 7- Avira: Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 29.08.2014 (17)
  6. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  7. Avast findet mehrere infizierte Dateien bei Startzeit-Überprüfung (u.a. AdWare)
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (19)
  8. Windows 7: TR/PSW.Zbot.73728.71; JAVA/Lamar.jyi.31; ADWARE/DomaIQ.24569 eingefangen. wie entfernen? log-dateien angehängt.
    Log-Analyse und Auswertung - 12.08.2013 (10)
  9. Absturz Firefox und Funde ADWARE/InstallMat.D, TR/Barys.443.5, ADWARE/Adware.Gen6
    Log-Analyse und Auswertung - 03.01.2013 (19)
  10. AntiVir findet nichts doch Malwarebytes findet 22 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (21)
  11. USB-Stick enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2012 (25)
  12. Antivir findet ADWARE/Agent.Gaba.peg und TR/Agent.370144
    Log-Analyse und Auswertung - 09.07.2012 (5)
  13. Malwarebytes findet Adware.GamePlayLab und 3 weitere infizierte Dateien von Poker Anbietern
    Plagegeister aller Art und deren Bekämpfung - 26.05.2012 (1)
  14. Testbundle23w_1254[1].exe enthält Erkennungsmuster der Adware ADWARE/Adware.GEN
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (5)
  15. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)
  16. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  17. Anti-Malware findet infizierte Objekte: Backdoor.Bot|Adware.Adparatus|Adware.ResultDns
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (7)

Zum Thema Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen - Hallo zusammen, meine Freundin bekam Gestern eine Mail von einer Freundin. Diese wurde allerdings nicht von ihr geschrieben, sondern von ihrem gehackten E-Mail Account versendet mit link-adresse. Sie wusste nicht, - Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen...
Archiv
Du betrachtest: Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.