Vermutung auf Malware, was tun?

Venomous · 03.10.2014, 23:24

Hallo liebes Team,
ich habe folgendes Problem. Ich vermute das mein Laptop von Viren nur so verseucht ist. Vor einigen Tagen habe ich mal gelesen woran es liegen könnte, weswegen mein Laptop so hängt und da stand dann was von Malwarebytes, das man es durchlaufen lassen kann, da es sein könnte das man Malware auf dem Laptop hat. Gut dann dachte ich mir lade ich es mal herunter und starte mal einen vollständigen Suchlauf.
Das war eine gute Idee, es wurden 109 infizierte Daten gefunden, im Anschluss habe ich diese ganzen Daten gelöscht (also habe einfach auf ''alle Daten löschen'' geklickt). Ich dachte eigentlich das sich dadurch alles bessert, aber negativ.

Mein Laptop hängt nach wie vor, heute wollte ich Malwarebytes nochmals durchlaufen lassen, ABER ich kann es nicht öffnen, da steht dann lediglich das ein Fehler aufgetreten ist und ob man im Internet nachsehen will woran es liegen könnte, oder ob man das Programm einfach schließt. Na ja habe Malwarebytes deinstalliert und nochmal neu runtergeladen, so weit so gut, mehr ging aber auch nicht. Ich kann es lediglich runterladen aber sobald ich es installieren möchte kriege ich eine Fehlermeldung nach der anderen, dann ist es aber irgendwie doch ''installiert'', aber wenn ich das dann öffnen will kommt wieder die Fehlermeldung und es steht wieder dran ob ich im Internet gucken will, oder ob ich das Programm schließen möchte (Skype kann ich im übrigen auch nicht öffnen da passiert genau das selbe.)
Ach so und wenn ich auf Hotmail.de gehe steht da dran das die Seite unsicher ist und ich gehackt werden könnte. Ehm wenn ich mich nicht ganz irre dann könnte das ist das doch ein Anzeichen darauf das ich Malware bzw einen Virus habe. (Oooooh verurteilt mich nicht ich kenne mich rein gar nicht mit diesem Thema aus.)

Ich hoffe sehr das ihr verstanden habt was ich meine und das ihr mir helfen könnt.

(Ich hoffe das ich das alles in den richtigen Thread rein geschrieben habe, wenn nicht tut es mir schrecklich leid, ich kenne mich hier nicht sonderlich gut aus.)

Ich danke euch schon mal im voraus,
mit vielen lieben grüßen Venomous.

cosinus · 03.10.2014, 23:38

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Venomous · 04.10.2014, 00:11

Also ich hatte ja Malwarebytes, weiß aber nicht wie ich die Logs finden soll, denn ich habe es ja nicht mehr drauf, aber die Logs müssten doch trotzdem auf meinem Laptop gespeichert sein oder

? Ich habe dann noch AVIRA und da wurden auch schon einige male was gefunden, aber ich lösche immer alles aus der Quarantäne (mein Bruder hat gesagt das ich das machen soll).

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014
Ran by Viki (administrator) on VIKI-PC on 04-10-2014 01:02:14
Running from C:\Users\Viki\Downloads
Loaded Profiles: Viki & UpdatusUser (Available profiles: Viki & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Viki\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Viki\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\Run: [Google Update] => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-11] (Google Inc.)
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Viki\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\MountPoints2: {99925e9a-4afb-11e3-9591-e81132462835} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\MountPoints2: {ba3a0de0-4db6-11e3-9d06-e81132462835} - F:\pushinst.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-01-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-01-17] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE95B4D07E9DECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> search.fbdownloader.com
CHR DefaultSearchProvider: Default -> Search
CHR DefaultSearchURL: Default -> hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-11]
CHR Extension: (Google Drive) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11]
CHR Extension: (Jade Rosseau: The Secret Revelations) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgdeepddmchjbnceahdpgmfgpbifamf [2014-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-11]
CHR Extension: (So Many Me - Demo) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn [2014-09-09]
CHR Extension: (Undead Isle) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhaaheoiicoleaefehhakengekpmoga [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Adblock Plus) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-11]
CHR Extension: (Entanglement) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmnpffgfpcohhpoddjankjanolcekbni [2014-09-09]
CHR Extension: (Google-Suche) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-11]
CHR Extension: (Dunkle Täuschung) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpcngfeplkmhpfkjldpgakfficenmnpc [2014-09-09]
CHR Extension: (Eternal Saga) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejlofkcpcolcdnolbpofinmccmnfbpdd [2014-09-09]
CHR Extension: (Original Blood) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopobbkmdndcoiojegenfnikgkjcpahk [2014-09-09]
CHR Extension: (PicMonkey) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2013-11-11]
CHR Extension: (Millenium Chronicles) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjlllgllnngihkaiaoiebakpjlaifgk [2014-09-09]
CHR Extension: (AdBlock) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-11]
CHR Extension: (Lunaria Story) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohldomknihdgjdinaabghnpnkjhkgcm [2014-09-09]
CHR Extension: (Mystery Case Files: Madame Fate ®) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjhpnaodhjkfpbhmjjakbngblomampb [2014-09-09]
CHR Extension: (Murder Files) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-09-09]
CHR Extension: (Murder Island: Secret of Tantalus) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdfelobikofkdgkelfolclclmnionpfl [2014-09-09]
CHR Extension: (Dragon Pals) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlnjnjagflbngdhmgljkfochnpaomoik [2014-09-09]
CHR Extension: (Eyes - The Horror Game) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jojpkokphfnjlhbnbcilnhgnkkobkngd [2014-09-09]
CHR Extension: (Wrath Of The Titans HD) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkkbdjoenphfolcadckgblciaeeippp [2014-09-09]
CHR Extension: (Google Play) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-11-17]
CHR Extension: (The Haunted Mansion) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\kopoghhgmdeghckjjfeblnkefimokblj [2014-09-09]
CHR Extension: (Solitaire) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbhppfbabandkdmgjmifahoabeodiep [2014-09-09]
CHR Extension: (Saga of Hero) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lknbomipeednfolohikpflfopogbfioo [2014-09-09]
CHR Extension: (Bergwerk-Klon) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lphhmalomcgnihjbpfmkjlolejnbabni [2014-09-09]
CHR Extension: (PacMan Advanced) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmffjghfdhgmjohekbbfgagpifiiapf [2014-09-09]
CHR Extension: (Crystal Saga) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndimpkikocdbhckkfmeocdmgcjbfdoig [2014-09-09]
CHR Extension: (Munchy Bunny! Demo) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmklmahlmbfdfoblobeddalkjfpdjafh [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR Extension: (Burger Shop 2) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiahdjilmlekhacfggeipddaklcbiljf [2014-09-09]
CHR Extension: (Beste Klassische Spiele) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfaogkfljpdfmodbmbogiiblppijleen [2014-09-09]
CHR Extension: (Bloxorz) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\phiaicokjaoaobiobphcfkmbeiejdang [2014-09-09]
CHR Extension: (Google Mail) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4600264 2013-11-05] (INCA Internet Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-24] (Avira Operations GmbH & Co. KG)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 clwvd6; system32\DRIVERS\clwvd6.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 01:02 - 2014-10-04 01:02 - 00018705 _____ () C:\Users\Viki\Downloads\FRST.txt
2014-10-04 01:01 - 2014-10-04 01:02 - 00000000 ____D () C:\FRST
2014-10-04 01:00 - 2014-10-04 01:00 - 02109440 _____ (Farbar) C:\Users\Viki\Downloads\FRST64.exe
2014-10-03 23:19 - 2014-10-03 23:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-18 20:23 - 2014-09-18 20:23 - 00000010 _____ () C:\Users\Viki\Desktop\WICHTIG!!!!!!!.txt
2014-09-17 20:16 - 2014-09-17 20:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-17 20:16 - 2014-09-17 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-15 23:36 - 2014-09-15 23:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 23:32 - 2014-09-15 23:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Viki\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 00:16 - 2014-09-13 00:30 - 1301255152 _____ (Unity Technologies ApS) C:\Users\Viki\Downloads\UnitySetup-4.5.3.exe
2014-09-12 02:46 - 2014-09-13 02:49 - 00003755 _____ () C:\Users\Viki\Downloads\Solange wie die Sterne leuchten....odt
2014-09-12 02:46 - 2014-09-12 02:51 - 00004110 _____ () C:\Users\Viki\Downloads\Just a dream.odt
2014-09-12 02:46 - 2014-09-12 02:46 - 00003666 _____ () C:\Users\Viki\Downloads\Solange wie die Sterne leuchten....2odt
2014-09-09 22:09 - 2014-09-09 22:09 - 00002313 _____ () C:\Users\Viki\Desktop\Chrome App Launcher.lnk
2014-09-05 12:21 - 2014-09-05 12:21 - 00000000 _____ () C:\Users\Viki\Desktop\blablabl.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 00:43 - 2013-11-22 22:13 - 00000000 ____D () C:\Users\Viki\AppData\Roaming\Skype
2014-10-04 00:10 - 2013-11-11 16:43 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000UA.job
2014-10-03 22:34 - 2013-11-11 15:31 - 00799028 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 19:10 - 2013-11-11 16:43 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000Core.job
2014-09-26 23:03 - 2009-07-14 06:51 - 00040303 _____ () C:\Windows\setupact.log
2014-09-26 20:56 - 2014-07-30 01:57 - 00002408 _____ () C:\Users\Viki\Desktop\vba.ini
2014-09-25 17:05 - 2013-11-11 16:44 - 00002313 _____ () C:\Users\Viki\Desktop\Google Chrome.lnk
2014-09-18 18:52 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 18:52 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 18:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 18:43 - 2010-11-21 05:47 - 00237080 _____ () C:\Windows\PFRO.log
2014-09-17 20:16 - 2014-03-06 10:04 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-17 20:16 - 2013-11-22 22:12 - 00000000 ____D () C:\ProgramData\Skype
2014-09-16 00:41 - 2014-04-19 00:21 - 00000000 ____D () C:\ProgramData\Origin
2014-09-15 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-15 22:43 - 2013-12-19 07:10 - 00000000 ____D () C:\Program Files (x86)\Fantasy Dragonica
2014-09-12 23:07 - 2014-08-07 17:59 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-12 23:07 - 2014-08-07 11:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-12 23:07 - 2013-11-11 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 22:09 - 2013-11-11 16:44 - 00000000 ____D () C:\Users\Viki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-07 22:57 - 2014-08-09 23:24 - 00021004 _____ () C:\Users\Viki\Desktop\zsnesw.cfg
2014-09-07 22:57 - 2014-08-09 23:24 - 00003806 _____ () C:\Users\Viki\Desktop\zinput.cfg
2014-09-07 22:57 - 2014-08-09 23:24 - 00002480 _____ () C:\Users\Viki\Desktop\zmovie.cfg

Some content of TEMP:
====================
C:\Users\Viki\AppData\Local\Temp\avgnt.exe
C:\Users\Viki\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Viki\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Viki\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Viki\AppData\Local\Temp\NGMDll.dll
C:\Users\Viki\AppData\Local\Temp\NGMResource.dll
C:\Users\Viki\AppData\Local\Temp\NGMSetup.exe
C:\Users\Viki\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Viki\AppData\Local\Temp\Tsu8FCA062C.dll
C:\Users\Viki\AppData\Local\Temp\unicows.dll
C:\Users\Viki\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 23:46

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014
Ran by Viki at 2014-10-04 01:03:21
Running from C:\Users\Viki\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Age of Wulin (HKLM-x32\...\{30B26714-3C49-4E6E-B236-3313B1257DE9}) (Version: 0.0.1.025 - gPotato)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A00}) (Version: 12.10.0.2949 - APN, LLC)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
BatteryLifeExtender (HKLM-x32\...\{EA257ECF-5F72-4461-B890-959394DCD087}) (Version: 1.0.10 - Samsung)
Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Dragonica (HKLM-x32\...\{10C10382-F201-4466-9346-3646B181DF63}_is1) (Version: 092013 - Webzen Dublin Ltd.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
EdenEternal-DE (HKLM-x32\...\EdenEternal-DE) (Version:  - )
Fantasy Dragonica (HKLM-x32\...\Fantasy Dragonica0.2. 74) (Version: 0.2. 74 - FantasyDr2)
Gameforge Live 2.0.1 "Baby Genius" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.1 - Gameforge)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA Grafiktreiber 266.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.72 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.15 (Version: 1.0.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 266.72 (Version: 266.72 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.15 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.33.1125.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6246 - Realtek Semiconductor Corp.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.0301 - SRS Labs, Inc.)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Yume Nikki 0.10 English (HKCU\...\Yume Nikki 0.10 English) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-897184711-776546724-3221451240-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-897184711-776546724-3221451240-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-897184711-776546724-3221451240-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-897184711-776546724-3221451240-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

01-10-2014 17:11:08 Geplanter Prüfpunkt
03-10-2014 21:18:06 Removed Ragnarok Online
03-10-2014 21:20:01 Removed Ragnarok Online

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {044134DD-CFE8-4842-BF23-6D7A9B8D524A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000UA => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11] (Google Inc.)
Task: {3DCD5FC9-76BF-4A23-B139-918E10D0296B} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {544B4C98-BE40-4399-B21C-901640941A21} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {562D2B77-B3F7-406D-9176-2F0E298E1005} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000Core => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11] (Google Inc.)
Task: {58716F9C-C72B-46DC-9B94-AAF506F0A12F} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe [2010-11-15] (SRS Labs, Inc.)
Task: {6B2A6DE6-28F4-41C3-B3B9-A49AED636E34} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {7CE6DCFB-9710-48F7-B4CB-364289D83D26} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8CD17DA7-3A22-4D48-973F-6917F84982C2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {94C0954E-65BF-46BD-A4F5-E741FA33CC08} - System32\Tasks\{4CD75BD3-6C7F-48CD-AF70-E06B454EE349} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.59.102/de/abandoninstall?page=tsMain
Task: {CEFB9DA2-3042-4607-8426-006116A2F136} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-01] (Samsung Electronics. Co. Ltd.)
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000Core.job => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000UA.job => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-07 11:12 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Viki\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 14:57 - 2014-08-27 14:57 - 00245760 _____ () C:\Program Files (x86)\Avira\My Avira\System.ComponentModel.Composition.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-11-11 16:11 - 2006-08-12 13:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2014-09-09 22:24 - 2014-09-04 05:01 - 08577864 _____ () C:\Users\Viki\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-09 22:24 - 2014-09-04 05:01 - 00331592 _____ () C:\Users\Viki\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-09 22:24 - 2014-09-04 05:01 - 01660232 _____ () C:\Users\Viki\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-09 22:24 - 2014-09-04 05:01 - 01098056 _____ () C:\Users\Viki\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-09 22:24 - 2014-09-04 05:01 - 00174408 _____ () C:\Users\Viki\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-09 22:24 - 2014-09-04 05:01 - 14891848 _____ () C:\Users\Viki\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-897184711-776546724-3221451240-500 - Administrator - Disabled)
Gast (S-1-5-21-897184711-776546724-3221451240-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-897184711-776546724-3221451240-1001 - Limited - Enabled) => C:\Users\UpdatusUser
Viki (S-1-5-21-897184711-776546724-3221451240-1000 - Administrator - Enabled) => C:\Users\Viki

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2014 11:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1644
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (10/03/2014 11:26:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x38d8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (10/03/2014 11:19:15 PM) (Source: MsiInstaller) (EventID: 11730) (User: Viki-PC)
Description: Product: Ragnarok Online -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Error: (10/03/2014 11:17:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xd90
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (10/03/2014 10:44:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x19f8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (10/03/2014 10:43:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x30b0
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (10/03/2014 10:42:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x19a4
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (10/03/2014 10:41:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Name des fehlerhaften Moduls: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006af48d
ID des fehlerhaften Prozesses: 0x267c
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3

Error: (10/03/2014 09:40:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Name des fehlerhaften Moduls: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006af48d
ID des fehlerhaften Prozesses: 0x2080
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3

Error: (09/30/2014 06:23:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0x3ca4
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3


System errors:
=============
Error: (10/04/2014 00:28:59 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/01/2014 07:06:55 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.

Error: (10/01/2014 07:05:40 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/01/2014 07:05:40 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/01/2014 07:05:40 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/01/2014 07:05:40 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/01/2014 07:05:40 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/01/2014 07:05:40 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/01/2014 07:05:40 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (09/30/2014 04:28:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.


Microsoft Office Sessions:
=========================
Error: (10/03/2014 11:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd164401cfdf50c58dab61C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll03a2cd42-4b44-11e4-90d0-e81132462835

Error: (10/03/2014 11:26:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd38d801cfdf50bb9bbf5aC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllfad1e5d6-4b43-11e4-90d0-e81132462835

Error: (10/03/2014 11:19:15 PM) (Source: MsiInstaller) (EventID: 11730) (User: Viki-PC)
Description: Product: Ragnarok Online -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/03/2014 11:17:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd9001cfdf4f6ab4237cC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllabd88ca5-4b42-11e4-90d0-e81132462835

Error: (10/03/2014 10:44:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd19f801cfdf4ac4ba2afcC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll0281ef0b-4b3e-11e4-90d0-e81132462835

Error: (10/03/2014 10:43:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd30b001cfdf4ab7dad80cC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllf5a88fa1-4b3d-11e4-90d0-e81132462835

Error: (10/03/2014 10:42:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd19a401cfdf4a91e074a0C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dlld1518219-4b3d-11e4-90d0-e81132462835

Error: (10/03/2014 10:41:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.20.0.10453fd9215Skype.exe6.20.0.10453fd9215c0000005006af48d267c01cfdf4201fa755aC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exea9ea1bd5-4b3d-11e4-90d0-e81132462835

Error: (10/03/2014 09:40:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.20.0.10453fd9215Skype.exe6.20.0.10453fd9215c0000005006af48d208001cfdf349f3d0038C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe2e73bbea-4b35-11e4-90d0-e81132462835

Error: (09/30/2014 06:23:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795b3ca401cfdc20b54649faC:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exe869fc9ba-4859-11e4-90d0-e81132462835


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 78%
Total physical RAM: 3892.49 MB
Available physical RAM: 823.83 MB
Total Pagefile: 9464.75 MB
Available Pagefile: 2277.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:213.85 GB) (Free:71.49 GB) NTFS
Drive d: () (Fixed) (Total:62 GB) (Free:61.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3EC49987)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=62 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=213.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=22.1 GB) - (Type=27)

==================== End Of Log ============================

cosinus · 04.10.2014, 00:24

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Prüf mal danach, ob du dann an die Logs von Malwarebytes kommst.

Venomous · 05.10.2014, 09:14

Ich habe nochmal nachgeguckt ob ich die Logs noch drauf habe aber Fehlanzeige, ich habe sie vermutlich gleich mitgelöscht als ich Malwarebytes deinstalliert habe

.

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.311 - Bericht erstellt am 05/10/2014 um 09:56:43
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Viki - VIKI-PC
# Gestartet von : C:\Users\Viki\Downloads\AdwCleaner_3.311.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Users\Viki\AppData\Local\Temp\OCS
Datei Gelöscht : C:\Users\Viki\AppData\Local\AnyProtectScannerSetup.exe
Datei Gelöscht : C:\Users\Viki\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
Datei Gelöscht : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Scanner]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_desmume_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_desmume_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_epsxe_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_epsxe_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Google Chrome v

[ Datei : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
Gelöscht [Search Provider] : hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.anisearch.com/anime/index/?char=all&sort=rank&q=true&text={searchTerms}

*************************

AdwCleaner[R0].txt - [4689 octets] - [05/10/2014 09:51:45]
AdwCleaner[S0].txt - [4334 octets] - [05/10/2014 09:56:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4394 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.8 (10.04.2014:1)
OS: Windows 7 Professional x64
Ran by Viki on 05.10.2014 at 10:05:13,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] APNMCP
Successfully deleted: [Service] APNMCP



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\deal_keeper_installer_v3_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\deal_keeper_installer_v3_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealKeeper_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealKeeper_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\deal_keeper_installer_v3_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\deal_keeper_installer_v3_RASMANCS
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{44cbc005-6243-4502-8a02-3a096a282664}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{80703783-e415-4ee3-ab60-d36981c5a6f1}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{f297534d-7b06-459d-bc19-2dd8ef69297b}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{9945959c-aad8-4312-8b57-2de11927e770}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{6978f29a-3493-40b2-8cdc-9c13a02f85a4}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d7949a66-d936-4028-9552-14f7dc50f38d}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Program Files (x86)\askpartnernetwork"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.10.2014 at 10:08:45,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cosinus · 05.10.2014, 14:17

Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

Venomous · 05.10.2014, 19:30

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014
Ran by Viki (administrator) on VIKI-PC on 05-10-2014 20:25:57
Running from C:\Users\Viki\Downloads
Loaded Profiles: Viki & UpdatusUser (Available profiles: Viki & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Viki\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Viki\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\Run: [Google Update] => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-11] (Google Inc.)
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Viki\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\MountPoints2: {99925e9a-4afb-11e3-9591-e81132462835} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-897184711-776546724-3221451240-1000\...\MountPoints2: {ba3a0de0-4db6-11e3-9d06-e81132462835} - F:\pushinst.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-01-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-01-17] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE95B4D07E9DECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR Profile: C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-11]
CHR Extension: (Google Drive) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11]
CHR Extension: (Jade Rosseau: The Secret Revelations) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgdeepddmchjbnceahdpgmfgpbifamf [2014-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-11]
CHR Extension: (So Many Me - Demo) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn [2014-09-09]
CHR Extension: (Undead Isle) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhaaheoiicoleaefehhakengekpmoga [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-11]
CHR Extension: (Entanglement) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmnpffgfpcohhpoddjankjanolcekbni [2014-09-09]
CHR Extension: (Google Search) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-11]
CHR Extension: (Dark Deception) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpcngfeplkmhpfkjldpgakfficenmnpc [2014-09-09]
CHR Extension: (Eternal Saga) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejlofkcpcolcdnolbpofinmccmnfbpdd [2014-09-09]
CHR Extension: (Original Blood) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopobbkmdndcoiojegenfnikgkjcpahk [2014-09-09]
CHR Extension: (PicMonkey) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2013-11-11]
CHR Extension: (Millenium Chronicles) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjlllgllnngihkaiaoiebakpjlaifgk [2014-09-09]
CHR Extension: (AdBlock) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-11]
CHR Extension: (Lunaria Story) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohldomknihdgjdinaabghnpnkjhkgcm [2014-09-09]
CHR Extension: (Mystery Case Files: Madame Fate ®) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjhpnaodhjkfpbhmjjakbngblomampb [2014-09-09]
CHR Extension: (Murder Files) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-09-09]
CHR Extension: (Murder Island: Secret of Tantalus) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdfelobikofkdgkelfolclclmnionpfl [2014-09-09]
CHR Extension: (Dragon Pals) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlnjnjagflbngdhmgljkfochnpaomoik [2014-09-09]
CHR Extension: (Eyes - The Horror Game) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jojpkokphfnjlhbnbcilnhgnkkobkngd [2014-09-09]
CHR Extension: (Wrath Of The Titans HD) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkkbdjoenphfolcadckgblciaeeippp [2014-09-09]
CHR Extension: (Google Play) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-11-17]
CHR Extension: (The Haunted Mansion) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\kopoghhgmdeghckjjfeblnkefimokblj [2014-09-09]
CHR Extension: (Solitaire) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbhppfbabandkdmgjmifahoabeodiep [2014-09-09]
CHR Extension: (Saga of Hero) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lknbomipeednfolohikpflfopogbfioo [2014-09-09]
CHR Extension: (Mine Clone) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lphhmalomcgnihjbpfmkjlolejnbabni [2014-09-09]
CHR Extension: (PacMan Advanced) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmffjghfdhgmjohekbbfgagpifiiapf [2014-09-09]
CHR Extension: (Crystal Saga) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndimpkikocdbhckkfmeocdmgcjbfdoig [2014-09-09]
CHR Extension: (Munchy Bunny! Demo) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmklmahlmbfdfoblobeddalkjfpdjafh [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR Extension: (Burger Shop 2) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiahdjilmlekhacfggeipddaklcbiljf [2014-09-09]
CHR Extension: (Best Classic Games Collection) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfaogkfljpdfmodbmbogiiblppijleen [2014-09-09]
CHR Extension: (Bloxorz) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\phiaicokjaoaobiobphcfkmbeiejdang [2014-09-09]
CHR Extension: (Gmail) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4600264 2013-11-05] (INCA Internet Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-24] (Avira Operations GmbH & Co. KG)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 clwvd6; system32\DRIVERS\clwvd6.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 10:08 - 2014-10-05 10:08 - 00002914 _____ () C:\Users\Viki\Desktop\JRT.txt
2014-10-05 10:05 - 2014-10-05 10:05 - 00000000 ____D () C:\Windows\ERUNT
2014-10-05 10:03 - 2014-10-05 10:04 - 01694116 _____ (Thisisu) C:\Users\Viki\Downloads\JRT.exe
2014-10-05 09:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-05 09:51 - 2014-10-05 09:57 - 00000000 ____D () C:\AdwCleaner
2014-10-04 01:28 - 2014-10-04 01:28 - 01375089 _____ () C:\Users\Viki\Downloads\AdwCleaner_3.311.exe
2014-10-04 01:03 - 2014-10-04 01:04 - 00024116 _____ () C:\Users\Viki\Downloads\Addition.txt
2014-10-04 01:02 - 2014-10-05 20:26 - 00017478 _____ () C:\Users\Viki\Downloads\FRST.txt
2014-10-04 01:01 - 2014-10-05 20:25 - 00000000 ____D () C:\FRST
2014-10-04 01:00 - 2014-10-04 01:00 - 02109440 _____ (Farbar) C:\Users\Viki\Downloads\FRST64.exe
2014-10-03 23:19 - 2014-10-03 23:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-18 20:23 - 2014-09-18 20:23 - 00000010 _____ () C:\Users\Viki\Desktop\WICHTIG!!!!!!!.txt
2014-09-17 20:16 - 2014-09-17 20:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-17 20:16 - 2014-09-17 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-15 23:36 - 2014-09-15 23:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 23:32 - 2014-09-15 23:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Viki\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 00:16 - 2014-09-13 00:30 - 1301255152 _____ (Unity Technologies ApS) C:\Users\Viki\Downloads\UnitySetup-4.5.3.exe
2014-09-12 02:46 - 2014-09-13 02:49 - 00003755 _____ () C:\Users\Viki\Downloads\Solange wie die Sterne leuchten....odt
2014-09-12 02:46 - 2014-09-12 02:51 - 00004110 _____ () C:\Users\Viki\Downloads\Just a dream.odt
2014-09-12 02:46 - 2014-09-12 02:46 - 00003666 _____ () C:\Users\Viki\Downloads\Solange wie die Sterne leuchten....2odt
2014-09-09 22:09 - 2014-09-09 22:09 - 00002313 _____ () C:\Users\Viki\Desktop\Chrome App Launcher.lnk
2014-09-05 12:21 - 2014-09-05 12:21 - 00000000 _____ () C:\Users\Viki\Desktop\blablabl.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 20:10 - 2013-11-11 16:43 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000UA.job
2014-10-05 20:07 - 2013-11-11 15:31 - 00808668 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 20:06 - 2013-11-22 22:13 - 00000000 ____D () C:\Users\Viki\AppData\Roaming\Skype
2014-10-05 15:42 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 15:42 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 15:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-05 15:34 - 2009-07-14 06:51 - 00040415 _____ () C:\Windows\setupact.log
2014-10-05 10:56 - 2014-08-09 23:24 - 00001748 _____ () C:\Users\Viki\Desktop\desmume.ini
2014-10-05 10:19 - 2014-08-09 23:25 - 00000000 ____D () C:\Users\Viki\Desktop\States
2014-10-05 09:59 - 2010-11-21 05:47 - 00238434 _____ () C:\Windows\PFRO.log
2014-10-05 09:54 - 2013-11-11 16:43 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000Core.job
2014-09-26 20:56 - 2014-07-30 01:57 - 00002408 _____ () C:\Users\Viki\Desktop\vba.ini
2014-09-25 17:05 - 2013-11-11 16:44 - 00002313 _____ () C:\Users\Viki\Desktop\Google Chrome.lnk
2014-09-17 20:16 - 2014-03-06 10:04 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-17 20:16 - 2013-11-22 22:12 - 00000000 ____D () C:\ProgramData\Skype
2014-09-16 00:41 - 2014-04-19 00:21 - 00000000 ____D () C:\ProgramData\Origin
2014-09-15 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-15 22:43 - 2013-12-19 07:10 - 00000000 ____D () C:\Program Files (x86)\Fantasy Dragonica
2014-09-12 23:07 - 2014-08-07 17:59 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-12 23:07 - 2014-08-07 11:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-12 23:07 - 2013-11-11 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 22:09 - 2013-11-11 16:44 - 00000000 ____D () C:\Users\Viki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-07 22:57 - 2014-08-09 23:24 - 00021004 _____ () C:\Users\Viki\Desktop\zsnesw.cfg
2014-09-07 22:57 - 2014-08-09 23:24 - 00003806 _____ () C:\Users\Viki\Desktop\zinput.cfg
2014-09-07 22:57 - 2014-08-09 23:24 - 00002480 _____ () C:\Users\Viki\Desktop\zmovie.cfg

Some content of TEMP:
====================
C:\Users\Viki\AppData\Local\Temp\avgnt.exe
C:\Users\Viki\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Viki\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Viki\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Viki\AppData\Local\Temp\NGMDll.dll
C:\Users\Viki\AppData\Local\Temp\NGMResource.dll
C:\Users\Viki\AppData\Local\Temp\NGMSetup.exe
C:\Users\Viki\AppData\Local\Temp\Quarantine.exe
C:\Users\Viki\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Viki\AppData\Local\Temp\Tsu8FCA062C.dll
C:\Users\Viki\AppData\Local\Temp\unicows.dll
C:\Users\Viki\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 23:46

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014
Ran by Viki at 2014-10-05 20:26:50
Running from C:\Users\Viki\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Age of Wulin (HKLM-x32\...\{30B26714-3C49-4E6E-B236-3313B1257DE9}) (Version: 0.0.1.025 - gPotato)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A00}) (Version: 12.10.0.2949 - APN, LLC)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
BatteryLifeExtender (HKLM-x32\...\{EA257ECF-5F72-4461-B890-959394DCD087}) (Version: 1.0.10 - Samsung)
Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Dragonica (HKLM-x32\...\{10C10382-F201-4466-9346-3646B181DF63}_is1) (Version: 092013 - Webzen Dublin Ltd.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
EdenEternal-DE (HKLM-x32\...\EdenEternal-DE) (Version:  - )
Fantasy Dragonica (HKLM-x32\...\Fantasy Dragonica0.2. 74) (Version: 0.2. 74 - FantasyDr2)
Gameforge Live 2.0.1 "Baby Genius" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.1 - Gameforge)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA Grafiktreiber 266.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.72 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.15 (Version: 1.0.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 266.72 (Version: 266.72 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.15 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.33.1125.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6246 - Realtek Semiconductor Corp.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.0301 - SRS Labs, Inc.)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Yume Nikki 0.10 English (HKCU\...\Yume Nikki 0.10 English) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-897184711-776546724-3221451240-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-897184711-776546724-3221451240-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-897184711-776546724-3221451240-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-897184711-776546724-3221451240-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

01-10-2014 17:11:08 Geplanter Prüfpunkt
03-10-2014 21:18:06 Removed Ragnarok Online
03-10-2014 21:20:01 Removed Ragnarok Online

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {044134DD-CFE8-4842-BF23-6D7A9B8D524A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000UA => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11] (Google Inc.)
Task: {544B4C98-BE40-4399-B21C-901640941A21} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {562D2B77-B3F7-406D-9176-2F0E298E1005} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000Core => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11] (Google Inc.)
Task: {58716F9C-C72B-46DC-9B94-AAF506F0A12F} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe [2010-11-15] (SRS Labs, Inc.)
Task: {6B2A6DE6-28F4-41C3-B3B9-A49AED636E34} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {94C0954E-65BF-46BD-A4F5-E741FA33CC08} - System32\Tasks\{4CD75BD3-6C7F-48CD-AF70-E06B454EE349} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.59.102/de/abandoninstall?page=tsMain
Task: {CEFB9DA2-3042-4607-8426-006116A2F136} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-01] (Samsung Electronics. Co. Ltd.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000Core.job => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-897184711-776546724-3221451240-1000UA.job => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-27 14:57 - 2014-08-27 14:57 - 00245760 _____ () C:\Program Files (x86)\Avira\My Avira\System.ComponentModel.Composition.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-07 11:12 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Viki\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-11-11 16:11 - 2006-08-12 13:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2014-09-25 17:05 - 2014-09-23 06:06 - 01098056 _____ () C:\Users\Viki\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 17:05 - 2014-09-23 06:06 - 00174408 _____ () C:\Users\Viki\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 17:05 - 2014-09-23 06:07 - 08577864 _____ () C:\Users\Viki\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 17:05 - 2014-09-23 06:07 - 00331592 _____ () C:\Users\Viki\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 17:05 - 2014-09-23 06:06 - 01660232 _____ () C:\Users\Viki\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-897184711-776546724-3221451240-500 - Administrator - Disabled)
Gast (S-1-5-21-897184711-776546724-3221451240-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-897184711-776546724-3221451240-1001 - Limited - Enabled) => C:\Users\UpdatusUser
Viki (S-1-5-21-897184711-776546724-3221451240-1000 - Administrator - Enabled) => C:\Users\Viki

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/05/2014 03:36:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/05/2014 03:34:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎05.‎10.‎2014 um 15:33:28 unerwartet heruntergefahren.

Error: (10/05/2014 10:26:07 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (10/05/2014 03:36:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 60%
Total physical RAM: 3892.49 MB
Available physical RAM: 1542.74 MB
Total Pagefile: 7783.18 MB
Available Pagefile: 4779.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:213.85 GB) (Free:72.54 GB) NTFS
Drive d: () (Fixed) (Total:62 GB) (Free:61.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3EC49987)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=62 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=213.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=22.1 GB) - (Type=27)

==================== End Of Log ============================

cosinus · 05.10.2014, 23:09

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Venomous · 09.10.2014, 22:23

Tut mir leid das ich erst jetzt Antworte aber es hatte persönliche gründe.
Ehm ja okay also Malwarebytes kann ich nicht runterladen da steht dann folgendes:

Name: Malwarebytes.PNG
Hits: 216
Größe: 66,9 KB

Name: Malwarebytes.PNG
Hits: 216
Größe: 66,9 KB

und bei ESET:

Name: eset.PNG
Hits: 240
Größe: 56,3 KB

und nun

?

cosinus · 17.10.2014, 13:30

So, bin ausm Urlaub wieder zurück.

hat sich in der Zwischenzeit was getan?

Malwarebytes bitte mal wieder so lauffähig bekommen:

1. Download MBAM-Clean.exe => http://downloads.malwarebytes.org/file/mbam_clean auf dem Desktop, per Doppelklick ausführen

2. Malwarebytes neu installieren, Setup neu runterladen! => Malwarebytes Anti-Malware - Download - Filepony

3. Suchlauf erneut starten

Venomous · 19.10.2014, 10:21

Anhang 70248

cosinus · 19.10.2014, 11:57

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

05.10.2014, 14:17	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Vermutung auf Malware, was tun? Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken __________________ --> Vermutung auf Malware, was tun?

Vermutung auf Malware, was tun?

Plagegeister aller Art und deren Bekämpfung: Vermutung auf Malware, was tun?