Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Werbe-Spams Internet Explorer und Reaktionsprobleme Win8 (https://www.trojaner-board.de/158229-werbe-spams-internet-explorer-reaktionsprobleme-win8.html)

eckofresh 02.09.2014 17:39
Werbe-Spams Internet Explorer und Reaktionsprobleme Win8
 
Hallo Liebes Trojaner Board Team!

Ich bekomme im Internet Explorer ständig diese nervigen Werbe-Banner. Der Laptop gehört der Schwiegermutter und sie ist ein Anfänger in Sachen Computer :crazy:
Zusätzlich funktionieren die Websites einfach nicht. PC lädt zwar die Seite komplett aber es lassen sich keine Artikel auswählen bzw. Buttons klicken. Mann muss die Seite 2-3 mal neu laden bis sie dann einwandfrei funktioniert.
Habe dich Log Dateien laut Checkliste erstellt:

defogger_disable.txt
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:08 on 02/09/2014 (Karin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST.txt
Code:
can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Karin (administrator) on KNEIDINGER on 02-09-2014 18:11:00
Running from C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R32EUG6O
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2038010720-557612607-978313770-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-2038010720-557612607-978313770-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {F6AF832B-A36D-4B21-9874-3502757735F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM - {F6AF832B-A36D-4B21-9874-3502757735F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {F6AF832B-A36D-4B21-9874-3502757735F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {F6AF832B-A36D-4B21-9874-3502757735F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {F6AF832B-A36D-4B21-9874-3502757735F8} URL =
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKCU - {F6AF832B-A36D-4B21-9874-3502757735F8} URL =
BHO: Speed Test Analysis -> {310D38FE-EB4C-467C-8781-B7C2AEB7847D} -> C:\Program Files (x86)\Speed Test Analysis\ScriptHost64.dll (SpeedAnalysis.com)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: No Name -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} ->  No File
BHO-x32: Speed Test Analysis -> {310D38FE-EB4C-467C-8781-B7C2AEB7847D} -> C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [speedtestanalysis@SpeedAnalysis.com] - C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com
FF Extension: Speed Test Analysis - C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com [2013-12-14]
FF HKCU\...\Firefox\Extensions: [speedtestanalysis@SpeedAnalysis.com] - C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com

Chrome:
=======
CHR Profile: C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SaveSense) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk [2013-12-14]
CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\Karin\AppData\Roaming\SpeedTestAnalysis\SpeedTestAnalysis.crx [2013-09-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-22] (ELAN Microelectronics Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 18:10 - 2014-09-02 18:11 - 00000000 ____D () C:\FRST
2014-09-02 18:08 - 2014-09-02 18:08 - 00000472 _____ () C:\Users\Karin\Desktop\defogger_disable.log
2014-09-02 18:08 - 2014-09-02 18:08 - 00000244 _____ () C:\Users\Karin\Desktop\defogger_enable.log
2014-08-31 10:13 - 2014-08-31 10:13 - 00002287 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer Games.lnk
2014-08-31 10:13 - 2014-08-31 10:13 - 00002113 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-08-30 12:11 - 2014-08-30 12:11 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-08-30 12:00 - 2014-08-30 12:00 - 00004150 _____ () C:\Users\Karin\Downloads\JRT.txt
2014-08-30 12:00 - 2014-08-30 12:00 - 00004150 _____ () C:\Users\Karin\Desktop\JRT.txt
2014-08-30 11:54 - 2014-08-30 11:54 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 21:41 - 2014-05-15 03:02 - 00059424 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 21:41 - 2014-05-15 00:43 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 21:41 - 2014-05-15 00:43 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 21:41 - 2014-05-15 00:43 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-22 21:41 - 2014-05-15 00:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-20 12:17 - 2014-08-20 12:17 - 00012800 ___SH () C:\Users\Karin\Downloads\Thumbs.db
2014-08-17 22:30 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-17 22:25 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 22:25 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 20:57 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 20:57 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 20:56 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 20:56 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 20:56 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 20:56 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-15 20:56 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 20:56 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 20:56 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 20:56 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 20:56 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 20:56 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 20:56 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 20:56 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 20:56 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-15 20:56 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 20:56 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 20:56 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 20:56 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-15 20:56 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 20:56 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 20:56 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 20:56 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-15 20:56 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-15 20:56 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 20:56 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 20:56 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 20:56 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-15 20:56 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-15 20:56 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-15 20:55 - 2014-08-07 08:33 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 20:55 - 2014-08-07 05:09 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-09 09:34 - 2014-08-19 22:39 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 18:11 - 2014-09-02 18:10 - 00000000 ____D () C:\FRST
2014-09-02 18:08 - 2014-09-02 18:08 - 00000472 _____ () C:\Users\Karin\Desktop\defogger_disable.log
2014-09-02 18:08 - 2014-09-02 18:08 - 00000244 _____ () C:\Users\Karin\Desktop\defogger_enable.log
2014-09-02 18:08 - 2013-12-13 15:50 - 00000000 ____D () C:\Users\Karin
2014-09-02 18:01 - 2013-11-21 10:11 - 01784996 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-01 17:59 - 2013-12-13 15:50 - 00000000 ____D () C:\Users\Karin\AppData\Local\Pokki
2014-08-31 21:04 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-31 20:56 - 2013-12-14 10:56 - 00000314 _____ () C:\Windows\Tasks\SaveSense.job
2014-08-31 10:23 - 2013-12-14 10:42 - 00002283 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-08-31 10:13 - 2014-08-31 10:13 - 00002287 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer Games.lnk
2014-08-31 10:13 - 2014-08-31 10:13 - 00002113 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-08-30 12:11 - 2014-08-30 12:11 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-08-30 12:00 - 2014-08-30 12:00 - 00004150 _____ () C:\Users\Karin\Downloads\JRT.txt
2014-08-30 12:00 - 2014-08-30 12:00 - 00004150 _____ () C:\Users\Karin\Desktop\JRT.txt
2014-08-30 11:54 - 2014-08-30 11:54 - 00000000 ____D () C:\Windows\ERUNT
2014-08-27 20:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-20 13:20 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-08-20 12:17 - 2014-08-20 12:17 - 00012800 ___SH () C:\Users\Karin\Downloads\Thumbs.db
2014-08-20 12:03 - 2013-11-21 18:50 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-08-20 12:03 - 2013-11-21 18:50 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-08-20 12:03 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 22:45 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 22:42 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-19 22:39 - 2014-08-09 09:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-19 22:39 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-19 22:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-17 22:42 - 2013-12-25 12:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 22:40 - 2013-12-25 12:25 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-09 09:36 - 2013-10-15 09:15 - 00127700 _____ () C:\Windows\PFRO.log
2014-08-07 21:39 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-07 08:33 - 2014-08-15 20:55 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 05:09 - 2014-08-15 20:55 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Karin\AppData\Local\Temp\avgnt.exe
C:\Users\Karin\AppData\Local\Temp\COMAP.EXE
C:\Users\Karin\AppData\Local\Temp\FreeZip920.exe
C:\Users\Karin\AppData\Local\Temp\install_helper.exe
C:\Users\Karin\AppData\Local\Temp\oct1E2F.tmp.exe
C:\Users\Karin\AppData\Local\Temp\octC7D9.tmp.exe
C:\Users\Karin\AppData\Local\Temp\sas.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-20 12:39

==================== End Of Log ============================
addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Karin at 2014-09-02 18:12:14
Running from C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R32EUG6O
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKCU\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{123A22CB-6D84-4135-A71F-886C9119E996}) (Version: 99.9 - Eyeo GmbH)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.6 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.4 - Broadcom Corporation)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.23.203_WHQL (HKLM\...\Elantech) (Version: 11.6.23.203 - ELAN Microelectronic Corp.)
Free Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - Somoto Ltd) <==== ATTENTION
Google Update Helper (x32 Version: 1.3.23.0 - SaveSense) Hidden <==== ATTENTION
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Host App Service (HKCU\...\Pokki) (Version: 0.269.3.181 - Pokki)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Math Problem Solver (HKCU\...\Math Problem Solver) (Version:  - ) <==== ATTENTION
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKCU\...\Pokki_Start_Menu) (Version: 0.269.3.181 - )
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.)
SaveSense (HKCU\...\SaveSense) (Version:  - SaveSense) <==== ATTENTION
SaveSense (remove only) (HKLM-x32\...\SaveSense) (Version: 5.3.0.6 - SaveSense) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Speed Test Analysis (HKLM-x32\...\Speed Test Analysis) (Version: 1.0.0.5 - Speed Analysis) <==== ATTENTION
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-05-2014 19:44:17 Windows Update
12-06-2014 19:49:22 Windows Update
14-07-2014 15:20:07 Windows Update
18-07-2014 21:20:38 Windows Update
07-08-2014 19:37:51 Windows Update
17-08-2014 20:23:27 Windows Update
22-08-2014 19:38:07 Windows Update
30-08-2014 10:11:07 Installed Adblock Plus for IE (32-bit and 64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1CA96768-E6CC-4E70-9275-1CD8D1CB302D} - System32\Tasks\SaveSense => C:\Users\Karin\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {4CCB6EB5-A2EE-41A9-AC5D-F4108358B7DD} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {A56DF548-3892-4F47-8DEC-242CE2092779} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B292DDA5-3F0B-4F41-901B-264E02CFB387} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-17] (Microsoft Corporation)
Task: {B5A63E71-35B2-4DC2-94F2-DE9E1AEC3118} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CC816502-C452-45B0-9D15-44B358C5D2A3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {EBE022A8-B96D-4C06-A7D9-EB01BF78511F} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-18] (Acer Incorporate)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F7190960-4987-4D67-A92B-2A5684922365} - System32\Tasks\Math Problem Solver CPU => C:\Users\Karin\AppData\Local\Math Problem Solver\cpu\Solve.exe [2013-07-10] () <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\Karin\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-10-15 09:32 - 2013-07-02 09:43 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-09-07 02:48 - 2013-09-07 02:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 02:45 - 2013-09-07 02:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-15 10:11 - 2013-01-16 22:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-07 02:52 - 2013-09-07 02:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-09-30 11:32 - 2013-09-30 11:32 - 00333632 _____ () C:\Program Files (x86)\Speed Test Analysis\ButtonSite64.dll
2013-09-30 11:32 - 2013-09-30 11:32 - 00475456 _____ () C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe
2013-11-21 10:19 - 2013-01-14 20:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\Run: => "Pokki"
HKCU\...\StartupApproved\Run: => "Skype"

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2014 05:57:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/30/2014 00:14:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.17054 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 3aec

Startzeit: 01cfc43b11273b95

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID: 68f74ddb-302e-11e4-be87-201a06b141f2

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (09/02/2014 05:57:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/30/2014 00:14:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.170543aec01cfc43b11273b954C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE68f74ddb-302e-11e4-be87-201a06b141f2


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz
Percentage of memory in use: 42%
Total physical RAM: 3985.27 MB
Available physical RAM: 2288.25 MB
Total Pagefile: 4689.27 MB
Available Pagefile: 2685.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:683.19 GB) (Free:636.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 64B2CE2E)

Partition: GPT Partition Type.

==================== End Of Log ============================
GMER.txt
Code:
MER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-02 18:21:03
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000037 TOSHIBA_MQ01ABD075 rev.AX003J 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Karin\AppData\Local\Temp\pgddyuod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\System32\dwm.exe[12996] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                    000007fa80e61532 1 byte [E6]
.text  C:\Windows\System32\dwm.exe[12996] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                                    000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Windows\System32\dwm.exe[12996] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                  000007fa80e6165a 1 byte [E6]
.text  C:\Windows\System32\dwm.exe[12996] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                                  000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Windows\system32\taskhostex.exe[7420] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                              000007fa80e61532 1 byte [E6]
.text  C:\Windows\system32\taskhostex.exe[7420] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                              000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Windows\system32\taskhostex.exe[7420] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                            000007fa80e6165a 1 byte [E6]
.text  C:\Windows\system32\taskhostex.exe[7420] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                            000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Program Files\Elantech\ETDCtrl.exe[8360] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fa80e61532 1 byte [E6]
.text  C:\Program Files\Elantech\ETDCtrl.exe[8360] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                          000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Program Files\Elantech\ETDCtrl.exe[8360] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fa80e6165a 1 byte [E6]
.text  C:\Program Files\Elantech\ETDCtrl.exe[8360] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                        000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Windows\Explorer.EXE[15224] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                        000007fa80e61532 1 byte [E6]
.text  C:\Windows\Explorer.EXE[15224] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                                        000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Windows\Explorer.EXE[15224] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                      000007fa80e6165a 1 byte [E6]
.text  C:\Windows\Explorer.EXE[15224] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                                      000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Program Files\Elantech\ETDTouch.exe[12032] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                        000007fa80e61532 1 byte [E6]
.text  C:\Program Files\Elantech\ETDTouch.exe[12032] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                        000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Program Files\Elantech\ETDTouch.exe[12032] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                      000007fa80e6165a 1 byte [E6]
.text  C:\Program Files\Elantech\ETDTouch.exe[12032] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                      000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Program Files\Elantech\ETDCtrlHelper.exe[12928] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                    000007fa80e61532 1 byte [E6]
.text  C:\Program Files\Elantech\ETDCtrlHelper.exe[12928] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                    000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Program Files\Elantech\ETDCtrlHelper.exe[12928] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                  000007fa80e6165a 1 byte [E6]
.text  C:\Program Files\Elantech\ETDCtrlHelper.exe[12928] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                  000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[11064] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                          000007fa80e61532 1 byte [E6]
.text  C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[11064] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                          000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[11064] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                        000007fa80e6165a 1 byte [E6]
.text  C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[11064] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                        000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Windows\system32\wbem\unsecapp.exe[10640] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fa80e61532 1 byte [E6]
.text  C:\Windows\system32\wbem\unsecapp.exe[10640] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                          000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Windows\system32\wbem\unsecapp.exe[10640] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fa80e6165a 1 byte [E6]
.text  C:\Windows\system32\wbem\unsecapp.exe[10640] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                        000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5828] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                            000007fa80e61532 1 byte [E6]
.text  C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5828] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                            000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5828] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                          000007fa80e6165a 1 byte [E6]
.text  C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5828] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                          000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[14160] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690          000007fa80e61532 1 byte [E6]
.text  C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[14160] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692          000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[14160] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246        000007fa80e6165a 1 byte [E6]
.text  C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[14160] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248        000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[14160] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742              000007fa7ec31b32 4 bytes [C3, 7E, FA, 07]
.text  C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[14160] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750              000007fa7ec31b3a 4 bytes [C3, 7E, FA, 07]
.text  C:\Windows\System32\igfxtray.exe[17916] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                              000007fa80e61532 1 byte [E6]
.text  C:\Windows\System32\igfxtray.exe[17916] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                              000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Windows\System32\igfxtray.exe[17916] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                            000007fa80e6165a 1 byte [E6]
.text  C:\Windows\System32\igfxtray.exe[17916] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                            000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Windows\System32\hkcmd.exe[11296] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                  000007fa80e61532 1 byte [E6]
.text  C:\Windows\System32\hkcmd.exe[11296] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                                  000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Windows\System32\hkcmd.exe[11296] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                000007fa80e6165a 1 byte [E6]
.text  C:\Windows\System32\hkcmd.exe[11296] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                                000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Windows\System32\igfxpers.exe[4436] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                      000007fa874d177a 4 bytes [4D, 87, FA, 07]
.text  C:\Windows\System32\igfxpers.exe[4436] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                      000007fa874d1782 4 bytes [4D, 87, FA, 07]
.text  C:\Windows\System32\igfxpers.exe[4436] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                000007fa80e61532 1 byte [E6]
.text  C:\Windows\System32\igfxpers.exe[4436] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                                000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Windows\System32\igfxpers.exe[4436] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                              000007fa80e6165a 1 byte [E6]
.text  C:\Windows\System32\igfxpers.exe[4436] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                              000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[12824] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007fa80e61532 1 byte [E6]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[12824] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[12824] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007fa80e6165a 1 byte [E6]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[12824] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                              000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[16084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690    000007fa80e61532 1 byte [E6]
.text  C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[16084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692    000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[16084] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246  000007fa80e6165a 1 byte [E6]
.text  C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[16084] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248  000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe[11708] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                000007fa80e61532 1 byte [E6]
.text  C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe[11708] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe[11708] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246              000007fa80e6165a 1 byte [E6]
.text  C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe[11708] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248              000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Windows\system32\igfxext.exe[5040] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                000007fa80e61532 1 byte [E6]
.text  C:\Windows\system32\igfxext.exe[5040] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                                000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Windows\system32\igfxext.exe[5040] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                              000007fa80e6165a 1 byte [E6]
.text  C:\Windows\system32\igfxext.exe[5040] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                              000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Windows\system32\igfxsrvc.exe[13368] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                              000007fa80e61532 1 byte [E6]
.text  C:\Windows\system32\igfxsrvc.exe[13368] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                              000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Windows\system32\igfxsrvc.exe[13368] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                            000007fa80e6165a 1 byte [E6]
.text  C:\Windows\system32\igfxsrvc.exe[13368] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                            000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Windows\system32\wbem\unsecapp.exe[8832] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fa80e61532 1 byte [E6]
.text  C:\Windows\system32\wbem\unsecapp.exe[8832] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                                          000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Windows\system32\wbem\unsecapp.exe[8832] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fa80e6165a 1 byte [E6]
.text  C:\Windows\system32\wbem\unsecapp.exe[8832] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                                        000007fa80e6165c 2 bytes [FA, 07]
.text  C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[10704] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                    000007fa80e61532 1 byte [E6]
.text  C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[10704] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 692                    000007fa80e61534 2 bytes [FA, 07]
.text  ...                                                                                                                                      * 3
.text  C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[10704] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                  000007fa80e6165a 1 byte [E6]
.text  C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[10704] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 248                  000007fa80e6165c 2 bytes [FA, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [4496:6268]                                                                                                fffff9600083d5e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----
Habe auch noch ein JRT.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Karin on 30.08.2014 at 11:55:04,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] savesenselive
Successfully deleted: [Service] savesenselive
Successfully stopped: [Service] savesenselivem
Successfully deleted: [Service] savesenselivem



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                            Value Data                   
========================================================================================
    Pokki    REG_EXPAND_SZ    C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\addonsframework.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\buttonsite.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthost.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Successfully deleted: [File] C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\savesenselive"
Successfully deleted: [Folder] "C:\Users\Karin\AppData\Roaming\savesense"
Successfully deleted: [Folder] "C:\Program Files (x86)\savesense"
Successfully deleted: [Folder] "C:\Program Files (x86)\savesenselive"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.08.2014 at 12:00:27,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ich hoffe ich habe nichts vergessen und ihr könnt mir mit meinem Problem weiterhelfen!

Danke!

mfg, florian

Warlord711 02.09.2014 17:54
Hallo eckofresh

:hallo:

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.

Warlord711 02.09.2014 17:56
Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

eckofresh 03.09.2014 20:19
Hallo Timo!

Danke für deine Hilfe! Habe die Schritte ausgeführt.
Anbei die LOG Dateien:

ADWCleaner
Code:
AdwCleaner v3.309 - Bericht erstellt am 03/09/2014 um 20:16:33
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Karin - KNEIDINGER
# Gestartet von : C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R32EUG6O\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Pokki
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Users\Karin\AppData\Local\Pokki
Ordner Gelöscht : C:\Users\Karin\AppData\Local\SaveSenseLive
Ordner Gelöscht : C:\Users\Karin\AppData\Roaming\SpeedTestAnalysis
Ordner Gelöscht : C:\Users\Karin\AppData\Local\Software
Ordner Gelöscht : C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk

***** [ Tasks ] *****

Task Gelöscht : SaveSense

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\SaveSenseLive
Schlüssel Gelöscht : HKLM\SOFTWARE\SaveSenseLive
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17054


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [7827 octets] - [03/09/2014 20:12:02]
AdwCleaner[S0].txt - [7179 octets] - [03/09/2014 20:16:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7239 octets] ##########
Malwarebites:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 03.09.2014
Suchlauf-Zeit: 20:30:59
Logdatei: Malearebites.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.03.07
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Karin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 292188
Verstrichene Zeit: 15 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 6
PUP.Optional.SaveSense.A, C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk, In Quarantäne, [e063d415007bb581a0c4775123dfd52b],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\mz, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\skin, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],

Dateien: 32
PUP.Optional.SaveSense.A, C:\Users\Karin\AppData\Local\Temp\sas.exe, In Quarantäne, [5fe4e7026615c175ce84db75e21fe51b],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome.manifest, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\icon.png, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\install.rdf, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\background.html, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\bg.js, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\button.xml, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\config.js, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\content.js, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\framework.js, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\framework.png, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\framework.xul, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon128.ico, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon128.png, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon16.ico, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon16.png, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon18.ico, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon18.png, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon24.ico, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon24.png, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon32.ico, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon32.png, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon48.ico, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon48.png, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon64.ico, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\icon64.png, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\jquery-1.9.1.min.js, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\options.xul, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\settings.json, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\mz\background.js, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\content\mz\content.js, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\Karin\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com\chrome\skin\framework.css, In Quarantäne, [1d2696537ffcc76f44189a4fa45e29d7],

Physische Sektoren: 0
(No malicious items detected)


(end)
FRST:
Code:
can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Karin (administrator) on KNEIDINGER on 03-09-2014 21:15:40
Running from C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R32EUG6O
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2038010720-557612607-978313770-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - {F6AF832B-A36D-4B21-9874-3502757735F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {F6AF832B-A36D-4B21-9874-3502757735F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {F6AF832B-A36D-4B21-9874-3502757735F8} URL =
SearchScopes: HKCU - {F6AF832B-A36D-4B21-9874-3502757735F8} URL =
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

Chrome:
=======
CHR Profile: C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-22] (ELAN Microelectronics Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-03] (Malwarebytes Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 20:29 - 2014-09-03 21:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 20:27 - 2014-09-03 20:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 20:27 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 20:27 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 20:27 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 20:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-03 20:11 - 2014-09-03 20:17 - 00000000 ____D () C:\AdwCleaner
2014-09-03 17:08 - 2014-09-03 17:08 - 00001268 _____ () C:\Users\Karin\Desktop\Revo Uninstaller.lnk
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-02 18:18 - 2014-09-02 18:18 - 00380416 _____ () C:\Users\Karin\Downloads\Gmer-19357.exe
2014-09-02 18:13 - 2014-09-03 21:13 - 00000000 ____D () C:\Users\Karin\Desktop\LOG Dateien
2014-09-02 18:10 - 2014-09-03 21:15 - 00000000 ____D () C:\FRST
2014-09-02 18:08 - 2014-09-02 18:08 - 00000244 _____ () C:\Users\Karin\Desktop\defogger_enable.log
2014-08-31 10:13 - 2014-08-31 10:13 - 00002287 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer Games.lnk
2014-08-31 10:13 - 2014-08-31 10:13 - 00002113 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-08-30 12:11 - 2014-08-30 12:11 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-08-30 12:00 - 2014-08-30 12:00 - 00004150 _____ () C:\Users\Karin\Downloads\JRT.txt
2014-08-30 11:54 - 2014-08-30 11:54 - 00000000 ____D () C:\Windows\ERUNT
2014-08-29 21:02 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-29 21:02 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 21:02 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 21:40 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 21:40 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 21:40 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 21:40 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 21:40 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 21:40 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 21:40 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-22 21:40 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-22 21:40 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 21:39 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 21:39 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 21:39 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 21:39 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-20 12:17 - 2014-08-20 12:17 - 00012800 ___SH () C:\Users\Karin\Downloads\Thumbs.db
2014-08-17 22:30 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-17 22:25 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 22:25 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 20:57 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 20:57 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 20:56 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 20:56 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 20:56 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 20:56 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-15 20:56 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 20:56 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 20:56 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 20:56 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 20:56 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 20:56 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 20:56 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 20:56 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 20:56 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 20:56 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 20:56 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-15 20:56 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 20:56 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 20:56 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 20:56 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-15 20:56 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 20:56 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 20:56 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 20:56 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-15 20:56 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-15 20:56 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 20:56 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 20:56 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 20:56 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-15 20:56 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-15 20:56 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-15 20:55 - 2014-08-07 08:33 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 20:55 - 2014-08-07 05:09 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-09 09:34 - 2014-08-19 22:39 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 21:15 - 2014-09-02 18:10 - 00000000 ____D () C:\FRST
2014-09-03 21:13 - 2014-09-02 18:13 - 00000000 ____D () C:\Users\Karin\Desktop\LOG Dateien
2014-09-03 21:12 - 2014-09-03 20:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-03 20:51 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 20:50 - 2013-10-15 09:15 - 00242496 _____ () C:\Windows\PFRO.log
2014-09-03 20:50 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-03 20:48 - 2013-12-14 11:30 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2038010720-557612607-978313770-1001
2014-09-03 20:27 - 2014-09-03 20:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 20:27 - 2014-09-03 20:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 20:17 - 2014-09-03 20:11 - 00000000 ____D () C:\AdwCleaner
2014-09-03 20:17 - 2013-11-21 10:11 - 01843041 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 17:08 - 2014-09-03 17:08 - 00001268 _____ () C:\Users\Karin\Desktop\Revo Uninstaller.lnk
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-03 16:51 - 2014-07-22 05:44 - 00307896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 20:47 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-02 18:18 - 2014-09-02 18:18 - 00380416 _____ () C:\Users\Karin\Downloads\Gmer-19357.exe
2014-09-02 18:15 - 2014-01-02 19:48 - 00000000 ____D () C:\Users\Karin\AppData\Local\CrashDumps
2014-09-02 18:08 - 2014-09-02 18:08 - 00000244 _____ () C:\Users\Karin\Desktop\defogger_enable.log
2014-09-02 18:08 - 2013-12-13 15:50 - 00000000 ____D () C:\Users\Karin
2014-08-31 10:23 - 2013-12-14 10:42 - 00002283 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-08-31 10:13 - 2014-08-31 10:13 - 00002287 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer Games.lnk
2014-08-31 10:13 - 2014-08-31 10:13 - 00002113 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-08-30 12:11 - 2014-08-30 12:11 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-08-30 12:00 - 2014-08-30 12:00 - 00004150 _____ () C:\Users\Karin\Downloads\JRT.txt
2014-08-30 11:54 - 2014-08-30 11:54 - 00000000 ____D () C:\Windows\ERUNT
2014-08-27 20:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-23 08:47 - 2014-08-29 21:02 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 13:20 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-08-20 12:17 - 2014-08-20 12:17 - 00012800 ___SH () C:\Users\Karin\Downloads\Thumbs.db
2014-08-20 12:03 - 2013-11-21 18:50 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-08-20 12:03 - 2013-11-21 18:50 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-08-20 12:03 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 22:39 - 2014-08-09 09:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-19 22:39 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-19 22:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-17 22:42 - 2013-12-25 12:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 22:40 - 2013-12-25 12:25 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-07 21:39 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-07 08:33 - 2014-08-15 20:55 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 05:09 - 2014-08-15 20:55 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Karin\AppData\Local\Temp\avgnt.exe
C:\Users\Karin\AppData\Local\Temp\COMAP.EXE
C:\Users\Karin\AppData\Local\Temp\FreeZip920.exe
C:\Users\Karin\AppData\Local\Temp\install_helper.exe
C:\Users\Karin\AppData\Local\Temp\oct1E2F.tmp.exe
C:\Users\Karin\AppData\Local\Temp\octC7D9.tmp.exe
C:\Users\Karin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-03 17:02

==================== End Of Log ============================
Danke für deine Hilfe!

lg florian

Warlord711 04.09.2014 07:32
Sieht ja soweit schon ganz gut aus.
Wie gehts dem "Patienten" ?

Noch Werbe Banner ? Reagieren die Seiten wieder wie gewohnt ?

Wir machen so weiter:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Achtung: Eset Scan dauert länger !

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


eckofresh 04.09.2014 21:06
Hallo!

Ja der Patient schaut gut aus!

security check
Code:
esults of screen317's Security Check version 0.99.87 
  x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop     
Windows Defender 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
ESET
Code:
C:\$Recycle.Bin\S-1-5-21-2038010720-557612607-978313770-1001\$RJBHDLI.exe        Win32/bProtector.H evtl. unerwünschte Anwendung
C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYV1QO61\FreeZipSetup-7d9D1Feq.exe        Win32/Somoto evtl. unerwünschte Anwendung

Warlord711 04.09.2014 22:24
Kannst du bitte den kompletten ESET Log posten ?

eckofresh 05.09.2014 21:04
Hallo!

ESET log:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d8a9595eb617e347bc4c3e4b25a573c2
# engine=20019
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-05 08:00:50
# local_time=2014-09-05 10:00:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 92148 17578805 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7172746 18273571 0 0
# scanned=181108
# found=3
# cleaned=0
# scan_time=15124
sh=45EBE0FDE5DFE2D3680BB9EC4ACA875DE0F392EA ft=1 fh=c71c0011eeab8e7c vn="Win32/bProtector.H evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2038010720-557612607-978313770-1001\$RJBHDLI.exe"
sh=F91C56A041B6FC19FBEBF6C5BAF6187D01DCF28C ft=1 fh=0dec377e1fd5dd09 vn="Win32/Somoto evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYV1QO61\FreeZipSetup-7d9D1Feq.exe"
sh=45EBE0FDE5DFE2D3680BB9EC4ACA875DE0F392EA ft=1 fh=c71c0011eeab8e7c vn="Win32/bProtector.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Karin\AppData\Local\Temp\install_helper.exe"

Warlord711 05.09.2014 21:13
OK sieht gut aus.


Papierkorb am besten leeren.

Revo Uninstaller-Junkdateien bereinigen
  • Starte bitte den Revo Uninstaller erneut
  • Wähle "Tools" aus der oberen Leiste, wähle dann" Optimierungen" - "Junkdateien bereinigen" aus
  • Klicke in der oberen Leiste auf "Scan"
  • Nach Beendigung des Scans, klicke in der oberen Leiste auf "Lösche"

Update: Internet Explorer
Downloade Dir bitte den Internet Explorer 11 von hier und installiere diesen.
Auch wenn dieser nicht dein Standard-Browser ist, sollte sich die aktuelle Version am Rechner befinden. Es gibt noch genug Software die diesen zum Updaten verwendet.


Ansonsten sind wir durch, die Logs sind sauber ! :knuddel:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
  • verwende für jede Anwendung und jeden Account ein anderes Passwort
  • ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
  • speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
  • ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
  • benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
  • verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

eckofresh 06.09.2014 07:31
super danke!
werde auf Firefox umsteigen!

Läuft alles wieder einwandfrei!

Danke für deine Hilfe!

lg, flo:dankeschoen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27