Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Text Link doppelt markiert mit Popup im Browser [Holen Media Player]

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]


Log-Analyse und Auswertung: Text Link doppelt markiert mit Popup im Browser [Holen Media Player]

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 21.01.2014, 14:23   #1
wmannheim
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]


bekomme doppelt unterstrichenen grünen Link mit Popup Holen Media Player im Chrome Browser nicht weg. Bitte um Hilfe!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by wmannheim (administrator) on WMDESKTOP on 21-01-2014 14:13:00
Running from C:\Users\wmannheim\Downloads
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(StarWind Software) C:\Brenner\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Tools\Rainlendar2\Rainlendar2.exe
() C:\Tools\ClipX\clipx.exe
(Tencent Inc.) C:\Internet\Foxmail 7\Foxmail.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [clipx] - C:\Tools\ClipX\clipx.exe [68608 2005-11-30] ()
HKLM-x32\...\Run: [Foxmail] - C:\Internet\Foxmail 7\Foxmail.exe [16619576 2013-08-29] (Tencent Inc.)
HKCU\...\Run: [RadioSure] - D:\RadioSure\RadioSure.exe [2873856 2012-11-04] (TheBestWare Studio)
HKCU\...\Run: [Rainlendar2] - C:\Tools\Rainlendar2\Rainlendar2.exe [4411488 2014-01-20] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6A8A5B2204C9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.5
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0996AFD2-DE75-42EC-9F7E-E2110D0EFA09&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0996AFD2-DE75-42EC-9F7E-E2110D0EFA09&q={searchTerms}&SSPV=
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR HomePage: hxxp://google.de/
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0996AFD2-DE75-42EC-9F7E-E2110D0EFA09&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\wmannheim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-18]
CHR Extension: (YouTube) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-18]
CHR Extension: (Google-Suche) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-18]
CHR Extension: (AdBlock) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-18]
CHR Extension: (Cr!Box) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2013-09-18]
CHR Extension: (Dropbox) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-09-18]
CHR Extension: (Dropbox Shortcut) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbelldokcfkkgejineadomjjcicgghbk [2013-09-18]
CHR Extension: (Evernote Web) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-09-18]
CHR Extension: (Ghostery) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-09-18]
CHR Extension: (Google Wallet) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (Google Mail) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-18]
CHR Extension: (HDvid Codec V6.0) - C:\Users\wmannheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnkhmnoajbfccclonaeepohggeolcih [2013-12-07]

==================== Services (Whitelisted) =================

U2 AxAutoMntSrv; C:\Brenner\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-10-25] (Nitro PDF Software)
U2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
U2 StarWindServiceAE; C:\Brenner\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2013-12-21] (Alcohol Soft Development Team)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-11-14] (NVIDIA Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2013-12-21] (Duplex Secure Ltd.)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 LVPr2M64; \SystemRoot\system32\DRIVERS\LVPr2M64.sys [x]
U5 UnlockerDriver5; C:\Tools\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 14:12 - 2014-01-21 14:12 - 00022149 _____ C:\Users\wmannheim\Downloads\Addition.txt
2014-01-21 14:11 - 2014-01-21 14:13 - 00012092 _____ C:\Users\wmannheim\Downloads\FRST.txt
2014-01-21 14:11 - 2014-01-21 14:11 - 00000000 ____D C:\FRST
2014-01-21 14:10 - 2014-01-21 14:11 - 02077184 _____ (Farbar) C:\Users\wmannheim\Downloads\FRST64.exe
2014-01-21 13:49 - 2014-01-21 13:49 - 00002826 _____ C:\WINDOWS\PFRO.log
2014-01-21 13:36 - 2014-01-21 13:36 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-21 13:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-21 13:34 - 2014-01-19 05:56 - 00000000 ____D C:\Users\wmannheim\Desktop\KEYGEN
2014-01-21 13:34 - 2014-01-17 23:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\wmannheim\Desktop\Malwarebytes Anti-Malware 1.75.0.1300.exe
2014-01-21 13:34 - 2014-01-17 23:22 - 00003741 _____ C:\Users\wmannheim\Desktop\NFO.nfo
2014-01-21 13:34 - 2014-01-17 23:22 - 00000026 _____ C:\Users\wmannheim\Desktop\Serial.txt
2014-01-21 13:16 - 2014-01-21 13:16 - 10463324 _____ C:\Users\wmannheim\Downloads\Malwarebytes.AntiMalware.1.75.0.1300.Final.incl.Keygen.rar
2014-01-21 13:16 - 2014-01-21 13:16 - 04608872 _____ C:\Users\wmannheim\Downloads\Malwarebytes.AntiMalware.1.75.0.1300.Final.incl.Keygen.vol0+1.par2
2014-01-21 13:16 - 2014-01-21 13:16 - 00003724 _____ C:\Users\wmannheim\Downloads\Malwarebytes.AntiMalware.1.75.0.1300.Final.incl.Keygen.nfo
2014-01-21 13:16 - 2014-01-21 13:16 - 00000804 _____ C:\Users\wmannheim\Downloads\Malwarebytes.AntiMalware.1.75.0.1300.Final.incl.Keygen.par2
2014-01-21 13:15 - 2014-01-21 13:15 - 00005275 _____ C:\Users\wmannheim\Downloads\Malwarebytes.AntiMalware.1.75.0.1300.Final.incl.Keygen.nfo.nzb
2014-01-21 11:03 - 2014-01-12 18:42 - 1463605248 _____ C:\Users\wmannheim\Desktop\junge.ac3ld.xvid-IND.avi
2014-01-20 12:03 - 2014-01-20 12:03 - 440762041 _____ C:\WINDOWS\MEMORY.DMP
2014-01-20 12:03 - 2014-01-20 12:03 - 00296440 _____ C:\WINDOWS\Minidump\012014-23078-01.dmp
2014-01-19 18:53 - 2014-01-19 18:57 - 00000000 __SHD C:\Users\wmannheim\wc
2014-01-19 18:53 - 2014-01-19 18:53 - 00000000 __SHD C:\Users\wmannheim\AppData\Roaming\wyUpdate AU
2014-01-19 18:52 - 2014-01-21 13:57 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-19 18:52 - 2014-01-19 18:56 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\Cyberduck
2014-01-19 18:52 - 2014-01-19 18:52 - 00000000 ____D C:\ProgramData\Apple
2014-01-19 18:37 - 2014-01-19 18:37 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2014-01-19 17:55 - 2014-01-19 18:01 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\FileZilla
2014-01-19 17:25 - 2014-01-19 17:25 - 00000000 ____D C:\Users\wmannheim\AppData\Local\SmartFTP
2014-01-19 17:19 - 2014-01-19 17:19 - 00000000 ____D C:\Users\wmannheim\AppData\Local\SmartFTP Client 5.0 Setup
2014-01-19 00:34 - 2014-01-19 00:34 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-19 00:08 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-19 00:08 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-19 00:08 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-19 00:08 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-19 00:08 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-19 00:08 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 00:08 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-19 00:08 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 00:08 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-19 00:08 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-19 00:08 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-09 22:49 - 2014-01-09 22:49 - 00001551 _____ C:\Users\wmannheim\Desktop\Foto.lnk
2014-01-09 16:53 - 2014-01-10 13:52 - 00000000 ____D C:\Users\wmannheim\Desktop\Neuer Ordner
2014-01-08 12:49 - 2014-01-08 12:49 - 00000000 ____D C:\Users\wmannheim\AppData\Local\Software
2014-01-08 12:49 - 2014-01-08 12:49 - 00000000 ____D C:\Users\wmannheim\AppData\Local\NikLicenseFiles
2014-01-08 12:33 - 2014-01-08 12:33 - 00000000 ____D C:\Program Files (x86)\KONAMI
2014-01-08 09:04 - 2014-01-21 13:51 - 00000000 __RDO C:\Users\wmannheim\SkyDrive
2014-01-07 15:24 - 2014-01-08 09:04 - 00000000 __RDO C:\Users\wmannheim\SkyDrive (2).old
2014-01-05 14:40 - 2014-01-05 14:41 - 00000000 ____D C:\Users\wmannheim\AppData\Local\CrashDumps
2014-01-05 13:53 - 2014-01-05 13:53 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\Corel
2014-01-04 16:45 - 2014-01-04 16:45 - 00000000 ____D C:\Users\wmannheim\restore
2014-01-04 16:33 - 2014-01-04 16:46 - 00000000 ____D C:\ProgramData\hps
2014-01-04 16:33 - 2014-01-04 16:34 - 00000000 ____D C:\ProgramData\tmp
2014-01-04 16:08 - 2014-01-04 16:08 - 00000000 ____D C:\Users\wmannheim\Documents\Steuer-Sparbuch
2014-01-04 15:59 - 2014-01-04 16:01 - 00000380 _____ C:\WINDOWS\wiso.ini
2014-01-04 15:59 - 2014-01-04 15:59 - 00000503 _____ C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-01-04 15:59 - 2014-01-04 15:59 - 00000000 ____D C:\Users\wmannheim\AppData\Local\Buhl
2014-01-04 15:58 - 2014-01-04 15:58 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\Buhl Data Service
2014-01-04 15:58 - 2014-01-04 15:58 - 00000000 ____D C:\Users\wmannheim\AppData\Local\Buhl Data Service
2014-01-04 15:45 - 2014-01-04 15:59 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2014-01-03 17:20 - 2014-01-03 17:20 - 00000000 ____D C:\Users\wmannheim\AppData\Local\PhotoGenie
2014-01-03 17:20 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2014-01-03 17:17 - 2014-01-03 17:20 - 00037184 _____ C:\WINDOWS\DirectX.log
2014-01-02 19:29 - 2014-01-02 21:53 - 00000657 _____ C:\Users\wmannheim\AppData\Roaming\01_01_2014_WAR
2014-01-02 10:55 - 2014-01-19 12:12 - 00011130 _____ C:\WINDOWS\setupact.log
2014-01-02 10:55 - 2014-01-02 10:55 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-28 17:36 - 2013-12-28 17:36 - 00003512 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wmannheim@live.de
2013-12-28 13:39 - 2013-12-28 13:39 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-12-28 12:58 - 2013-12-28 13:02 - 00000000 ____D C:\Users\wmannheim\AppData\Local\PassbildPro
2013-12-28 12:58 - 2013-12-28 12:58 - 00000000 ____D C:\Users\wmannheim\AppData\Local\vsmedia.de
2013-12-27 22:46 - 2013-12-28 17:30 - 00000000 ____D C:\Program Files\Adobe
2013-12-27 21:33 - 2014-01-21 14:03 - 01414818 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-27 18:03 - 2013-12-27 18:03 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\No Company Name
2013-12-26 12:02 - 2013-12-26 12:02 - 00000000 ____D C:\Users\wmannheim\Documents\Alcohol 120%
2013-12-26 11:04 - 2014-01-19 00:34 - 00000000 ____D C:\ProgramData\Google
2013-12-26 11:04 - 2013-12-26 11:04 - 00000000 ____D C:\Program Files (x86)\GUMC1B4.tmp
2013-12-26 10:57 - 2013-12-26 13:05 - 00000000 ____D C:\Program Files\Alien Skin
2013-12-26 10:57 - 2013-12-26 13:05 - 00000000 ____D C:\Program Files (x86)\Alien Skin
2013-12-26 10:57 - 2013-12-26 10:57 - 00000000 ____D C:\ProgramData\Alien Skin
2013-12-25 11:40 - 2014-01-06 17:16 - 00007336 _____ C:\Users\wmannheim\AppData\Roaming\24_12_2013_warez
2013-12-22 19:46 - 2013-12-27 17:46 - 00000000 ____D C:\Users\wmannheim\Documents\Adobe
2013-12-22 19:00 - 2013-12-28 17:30 - 00000000 ____D C:\Program Files\Common Files\Adobe

==================== One Month Modified Files and Folders =======

2014-01-21 14:13 - 2014-01-21 14:11 - 00012092 _____ C:\Users\wmannheim\Downloads\FRST.txt
2014-01-21 14:12 - 2014-01-21 14:12 - 00022149 _____ C:\Users\wmannheim\Downloads\Addition.txt
2014-01-21 14:12 - 2013-09-18 17:40 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\NetSpeedMonitor
2014-01-21 14:11 - 2014-01-21 14:11 - 00000000 ____D C:\FRST
2014-01-21 14:11 - 2014-01-21 14:10 - 02077184 _____ (Farbar) C:\Users\wmannheim\Downloads\FRST64.exe
2014-01-21 14:03 - 2013-12-27 21:33 - 01414818 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-21 14:03 - 2013-09-17 23:51 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-820760318-1677416201-769512288-1001
2014-01-21 14:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-21 13:57 - 2014-01-19 18:52 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-21 13:53 - 2013-10-05 13:27 - 00000000 ____D C:\Users\wmannheim\AppData\Local\Adobe
2014-01-21 13:51 - 2014-01-08 09:04 - 00000000 __RDO C:\Users\wmannheim\SkyDrive
2014-01-21 13:51 - 2013-09-19 23:01 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\Foxmail7
2014-01-21 13:51 - 2013-09-16 21:29 - 00000000 ____D C:\Users\wmannheim\.rainlendar2
2014-01-21 13:50 - 2013-09-21 17:15 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 13:50 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-21 13:49 - 2014-01-21 13:49 - 00002826 _____ C:\WINDOWS\PFRO.log
2014-01-21 13:49 - 2013-09-18 15:55 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2014-01-21 13:49 - 2013-09-17 23:21 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-21 13:36 - 2014-01-21 13:36 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-21 13:36 - 2013-10-13 12:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 13:30 - 2013-09-21 17:15 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 13:16 - 2014-01-21 13:16 - 10463324 _____ C:\Users\wmannheim\Downloads\Malwarebytes.AntiMalware.1.75.0.1300.Final.incl.Keygen.rar
2014-01-21 13:16 - 2014-01-21 13:16 - 04608872 _____ C:\Users\wmannheim\Downloads\Malwarebytes.AntiMalware.1.75.0.1300.Final.incl.Keygen.vol0+1.par2
2014-01-21 13:16 - 2014-01-21 13:16 - 00003724 _____ C:\Users\wmannheim\Downloads\Malwarebytes.AntiMalware.1.75.0.1300.Final.incl.Keygen.nfo
2014-01-21 13:16 - 2014-01-21 13:16 - 00000804 _____ C:\Users\wmannheim\Downloads\Malwarebytes.AntiMalware.1.75.0.1300.Final.incl.Keygen.par2
2014-01-21 13:15 - 2014-01-21 13:15 - 00005275 _____ C:\Users\wmannheim\Downloads\Malwarebytes.AntiMalware.1.75.0.1300.Final.incl.Keygen.nfo.nzb
2014-01-21 11:45 - 2013-09-18 00:54 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\NewsLeecher
2014-01-21 11:04 - 2013-12-18 10:14 - 00282624 ___SH C:\Users\wmannheim\Downloads\Thumbs.db
2014-01-21 11:04 - 2013-12-17 11:44 - 00550400 ___SH C:\Users\wmannheim\Desktop\Thumbs.db
2014-01-21 10:48 - 2013-09-17 23:27 - 00000000 ____D C:\Users\wmannheim
2014-01-21 10:40 - 2013-09-24 00:39 - 00000000 __SHD C:\Users\wmannheim\AppData\Roaming\.#
2014-01-21 10:40 - 2013-09-18 16:33 - 06338800 _____ (bureau23 gmbh) C:\Users\wmannheim\Desktop\safey.exe
2014-01-20 13:06 - 2013-09-17 23:33 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-20 13:06 - 2013-09-01 07:21 - 00764340 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-20 13:06 - 2013-09-01 07:21 - 00159160 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-20 13:04 - 2013-10-14 19:19 - 00000000 ____D C:\ProgramData\Zoom Player
2014-01-20 12:03 - 2014-01-20 12:03 - 440762041 _____ C:\WINDOWS\MEMORY.DMP
2014-01-20 12:03 - 2014-01-20 12:03 - 00296440 _____ C:\WINDOWS\Minidump\012014-23078-01.dmp
2014-01-20 12:03 - 2013-09-18 02:56 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-19 23:24 - 2013-09-18 00:50 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\Skype
2014-01-19 18:57 - 2014-01-19 18:53 - 00000000 __SHD C:\Users\wmannheim\wc
2014-01-19 18:56 - 2014-01-19 18:52 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\Cyberduck
2014-01-19 18:53 - 2014-01-19 18:53 - 00000000 __SHD C:\Users\wmannheim\AppData\Roaming\wyUpdate AU
2014-01-19 18:52 - 2014-01-19 18:52 - 00000000 ____D C:\ProgramData\Apple
2014-01-19 18:52 - 2010-10-14 16:43 - 00000000 ___RD C:\Internet
2014-01-19 18:39 - 2013-09-18 03:11 - 00000000 ____D C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2014-01-19 18:37 - 2014-01-19 18:37 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2014-01-19 18:01 - 2014-01-19 17:55 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\FileZilla
2014-01-19 17:25 - 2014-01-19 17:25 - 00000000 ____D C:\Users\wmannheim\AppData\Local\SmartFTP
2014-01-19 17:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-19 17:19 - 2014-01-19 17:19 - 00000000 ____D C:\Users\wmannheim\AppData\Local\SmartFTP Client 5.0 Setup
2014-01-19 14:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-19 12:12 - 2014-01-02 10:55 - 00011130 _____ C:\WINDOWS\setupact.log
2014-01-19 11:12 - 2013-09-18 17:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-19 11:12 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini
2014-01-19 10:58 - 2012-02-03 12:17 - 00000000 ____D C:\calibre portable
2014-01-19 08:38 - 2013-09-18 01:31 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 05:56 - 2014-01-21 13:34 - 00000000 ____D C:\Users\wmannheim\Desktop\KEYGEN
2014-01-19 00:37 - 2013-09-18 00:09 - 00000000 ____D C:\Users\wmannheim\AppData\Local\Google
2014-01-19 00:37 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-19 00:34 - 2014-01-19 00:34 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-19 00:34 - 2013-12-26 11:04 - 00000000 ____D C:\ProgramData\Google
2014-01-17 23:23 - 2014-01-21 13:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\wmannheim\Desktop\Malwarebytes Anti-Malware 1.75.0.1300.exe
2014-01-17 23:22 - 2014-01-21 13:34 - 00003741 _____ C:\Users\wmannheim\Desktop\NFO.nfo
2014-01-17 23:22 - 2014-01-21 13:34 - 00000026 _____ C:\Users\wmannheim\Desktop\Serial.txt
2014-01-12 18:42 - 2014-01-21 11:03 - 1463605248 _____ C:\Users\wmannheim\Desktop\junge.ac3ld.xvid-IND.avi
2014-01-10 13:52 - 2014-01-09 16:53 - 00000000 ____D C:\Users\wmannheim\Desktop\Neuer Ordner
2014-01-09 22:49 - 2014-01-09 22:49 - 00001551 _____ C:\Users\wmannheim\Desktop\Foto.lnk
2014-01-09 14:06 - 2013-12-21 18:57 - 00000238 _____ C:\Users\wmannheim\Documents\ax_files.xml
2014-01-08 12:49 - 2014-01-08 12:49 - 00000000 ____D C:\Users\wmannheim\AppData\Local\Software
2014-01-08 12:49 - 2014-01-08 12:49 - 00000000 ____D C:\Users\wmannheim\AppData\Local\NikLicenseFiles
2014-01-08 12:33 - 2014-01-08 12:33 - 00000000 ____D C:\Program Files (x86)\KONAMI
2014-01-08 12:32 - 2010-10-14 16:43 - 00000000 ____D C:\Spiele
2014-01-08 09:04 - 2014-01-07 15:24 - 00000000 __RDO C:\Users\wmannheim\SkyDrive (2).old
2014-01-07 15:24 - 2013-09-26 01:02 - 00000000 __RDO C:\Users\wmannheim\SkyDrive.old
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 17:16 - 2013-12-25 11:40 - 00007336 _____ C:\Users\wmannheim\AppData\Roaming\24_12_2013_warez
2014-01-05 15:34 - 2010-10-14 16:43 - 00000000 ____D C:\Grafik
2014-01-05 14:41 - 2014-01-05 14:40 - 00000000 ____D C:\Users\wmannheim\AppData\Local\CrashDumps
2014-01-05 13:53 - 2014-01-05 13:53 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\Corel
2014-01-05 10:36 - 2013-09-17 23:45 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\Adobe
2014-01-04 16:46 - 2014-01-04 16:33 - 00000000 ____D C:\ProgramData\hps
2014-01-04 16:45 - 2014-01-04 16:45 - 00000000 ____D C:\Users\wmannheim\restore
2014-01-04 16:34 - 2014-01-04 16:33 - 00000000 ____D C:\ProgramData\tmp
2014-01-04 16:08 - 2014-01-04 16:08 - 00000000 ____D C:\Users\wmannheim\Documents\Steuer-Sparbuch
2014-01-04 16:01 - 2014-01-04 15:59 - 00000380 _____ C:\WINDOWS\wiso.ini
2014-01-04 15:59 - 2014-01-04 15:59 - 00000503 _____ C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-01-04 15:59 - 2014-01-04 15:59 - 00000000 ____D C:\Users\wmannheim\AppData\Local\Buhl
2014-01-04 15:59 - 2014-01-04 15:45 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2014-01-04 15:58 - 2014-01-04 15:58 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\Buhl Data Service
2014-01-04 15:58 - 2014-01-04 15:58 - 00000000 ____D C:\Users\wmannheim\AppData\Local\Buhl Data Service
2014-01-04 15:46 - 2013-09-18 02:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-04 08:52 - 2013-08-22 15:44 - 06417520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-03 17:20 - 2014-01-03 17:20 - 00000000 ____D C:\Users\wmannheim\AppData\Local\PhotoGenie
2014-01-03 17:20 - 2014-01-03 17:17 - 00037184 _____ C:\WINDOWS\DirectX.log
2014-01-03 17:18 - 2012-09-15 19:38 - 00000000 ____D C:\bilder
2014-01-02 21:53 - 2014-01-02 19:29 - 00000657 _____ C:\Users\wmannheim\AppData\Roaming\01_01_2014_WAR
2014-01-02 10:55 - 2014-01-02 10:55 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-28 17:36 - 2013-12-28 17:36 - 00003512 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wmannheim@live.de
2013-12-28 17:30 - 2013-12-27 22:46 - 00000000 ____D C:\Program Files\Adobe
2013-12-28 17:30 - 2013-12-22 19:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-28 17:28 - 2013-10-05 13:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-28 17:27 - 2013-10-05 13:27 - 00000000 ____D C:\ProgramData\Adobe
2013-12-28 13:39 - 2013-12-28 13:39 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-12-28 13:12 - 2013-10-05 13:32 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-12-28 13:02 - 2013-12-28 12:58 - 00000000 ____D C:\Users\wmannheim\AppData\Local\PassbildPro
2013-12-28 12:58 - 2013-12-28 12:58 - 00000000 ____D C:\Users\wmannheim\AppData\Local\vsmedia.de
2013-12-27 22:46 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-27 21:08 - 2013-11-14 21:32 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\Vso
2013-12-27 18:03 - 2013-12-27 18:03 - 00000000 ____D C:\Users\wmannheim\AppData\Roaming\No Company Name
2013-12-27 17:46 - 2013-12-22 19:46 - 00000000 ____D C:\Users\wmannheim\Documents\Adobe
2013-12-26 16:21 - 2011-08-17 08:16 - 00000000 ____D C:\Datenrettung
2013-12-26 16:19 - 2013-10-14 18:29 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2013-12-26 13:05 - 2013-12-26 10:57 - 00000000 ____D C:\Program Files\Alien Skin
2013-12-26 13:05 - 2013-12-26 10:57 - 00000000 ____D C:\Program Files (x86)\Alien Skin
2013-12-26 12:02 - 2013-12-26 12:02 - 00000000 ____D C:\Users\wmannheim\Documents\Alcohol 120%
2013-12-26 11:04 - 2013-12-26 11:04 - 00000000 ____D C:\Program Files (x86)\GUMC1B4.tmp
2013-12-26 10:57 - 2013-12-26 10:57 - 00000000 ____D C:\ProgramData\Alien Skin

Some content of TEMP:
====================
C:\Users\wmannheim\AppData\Local\Temp\AAMHelper.exe
C:\Users\wmannheim\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\wmannheim\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\wmannheim\AppData\Local\Temp\readSTILog.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 18:05

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014
Ran by wmannheim at 2014-01-21 14:13:27
Running from C:\Users\wmannheim\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x32 Version: - )
AC3Filter 2.5b (x32 Version: 2.5b - Alexander Vigovsky)
Adobe Bridge CC (64 Bit) (x32 Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (x32 Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Extension Manager CC (x32 Version: 7.1.1 - Adobe Systems Incorporated)
Adobe Photoshop CC (x32 Version: 14.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (x32 Version: 6.2 - PainteR)
Albert 2.3 (x32 Version: - )
AVS Video Editor 6 (x32 Version: 6.3.2.234 - Online Media Technologies Ltd.)
Banking 4W (x32 Version: - Subsembly GmbH)
Bass Audio Decoder (remove only) (x32 Version: - )
CD Audio Reader Filter (remove only) (x32 Version: - )
DCoder Image Source (remove only) (x32 Version: - )
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (Version: - Microsoft)
DirectVobSub (remove only) (x32 Version: - )
DScaler 5 Mpeg Decoders (x32 Version: - )
Eisenbahn.exe Professional 9.0 Expert (x32 Version: 9.00.0000 - Trend)
Eisenbahn-X (EEP 10.0 Expert) (x32 Version: 10.00.0000 - Trend)
ffdshow v1.2.4453 [2012-05-21] (x32 Version: 1.2.4453.0 - )
FFMPEG Core Files (remove only) (x32 Version: - )
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
Foxit PhantomPDF (x32 Version: 6.0.4.619 - Foxit Corporation)
Gabest MPEG Splitter (remove only) (x32 Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Haali Media Splitter (x32 Version: - )
HDPlayer (x32 Version: 2.1 Build 26473 - HDPlayer)
Java 7 Update 40 (x32 Version: 7.0.400 - Oracle)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LAV Filters 0.55.3 (x32 Version: 0.55.3 - Hendrik Leppkes)
Macromedia Dreamweaver 8 (x32 Version: 8.0.0.2751 - Macromedia)
Macromedia Extension Manager (x32 Version: 1.7.270 - Ihr Firmenname)
MadVR (remove only) (x32 Version: - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
NetSpeedMonitor 2.5.4.0 x64 (Version: 2.5.4.0 - Florian Gilles)
Nik Collection (x32 Version: 1.0.0.7 - Google)
Nitro Pro 9 (Version: 9.0.3.2 - Nitro)
NVIDIA 3D Vision Controller-Treiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9 - NVIDIA Corporation)
OpenSource AVI Splitter (remove only) (x32 Version: - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (x32 Version: - )
OpenSource Flash Video Splitter (remove only) (x32 Version: - )
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Rainlendar2 (remove only) (x32 Version: - )
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SmartFTP Client (Version: 4.0.1231.0 - SmartSoft Ltd.)
SmartFTP Client Setup Files 4.0 (x64) (remove only) (x32 Version: 4.0 - SmartSoft Ltd)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version: - Microsoft)
WISO Steuer-Sparbuch 2014 (x32 Version: 21.01.8499 - Buhl Data Service GmbH)
Zoom Player (remove only) (x32 Version: - )
Zoom Player deutsche Sprachdateien (entfernen) (x32 Version: - )

==================== Restore Points =========================

04-01-2014 14:46:38 Installiert WISO Steuer-Sparbuch 2014
18-01-2014 23:33:34 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
18-01-2014 23:34:12 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
21-01-2014 12:56:25 Before uninstalling Bonjour
21-01-2014 12:56:52 Removed Bonjour

==================== Hosts content: ==========================

2013-08-22 14:25 - 2013-12-22 19:11 - 00000852 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B2968E1-97FE-4927-9B83-3298A2104C26} - System32\Tasks\Update Media Center Control => C:\ProgramData\MCC_Service\update\MCC Installer.exe
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A39D32-A144-4EE6-A812-836809E494BC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {28E286EE-30C6-4B03-93E6-B5A675143715} - System32\Tasks\Update Media Center Control (Server only) => C:\ProgramData\MCC_Service\update\MCC Installer.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {339BB62F-A106-44FE-A297-B2B9126C1AF1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-02] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {39E43490-6965-45CC-A3DA-6349E6718139} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {60F1EE87-A316-4CDC-826A-146BBF90637F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9D73CD0F-961E-411D-A61E-4A47F17BD6D6} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wmannheim@live.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BC7B0B06-64EB-4C8C-95B1-E2618BB4414D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {C2258DBC-72AB-43B0-8AB5-E99E59034AED} - System32\Tasks\Run Media Center Control => C:\Netzwerk\MCC\MCC Server.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F8A43FDA-AD2F-484F-8D4D-B087A2F0799F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2013-12-15] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-17 23:21 - 2013-11-11 16:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Internet\FileZilla FTP Client\fzshellext_64.dll
2012-05-16 20:12 - 2012-05-16 20:12 - 00179200 _____ () C:\Tools\Rainlendar2\lua52.dll
2014-01-04 18:35 - 2014-01-04 18:35 - 00323584 _____ () C:\Tools\Rainlendar2\libical.dll
2014-01-20 08:48 - 2014-01-20 08:48 - 00275040 _____ () C:\Tools\Rainlendar2\plugins\GooglePlugin.dll
2014-01-04 18:35 - 2014-01-04 18:35 - 00080384 _____ () C:\Tools\Rainlendar2\libicalss.dll
2012-06-17 14:21 - 2012-06-17 14:21 - 00015360 _____ () C:\Tools\Rainlendar2\lfs.dll
2008-07-06 04:39 - 2008-07-06 04:39 - 00116736 _____ () C:\Tools\ClipX\plugins\autoupdate.wac
2008-07-06 03:42 - 2008-07-06 03:42 - 00060928 _____ () C:\Tools\ClipX\plugins\ColorPicker.wac
2008-07-06 03:43 - 2008-07-06 03:43 - 00043520 _____ () C:\Tools\ClipX\plugins\stickies.wac
2013-09-20 00:00 - 2013-05-28 12:46 - 00103480 _____ () C:\Internet\Foxmail 7\IE8Dll.dll
2013-09-20 00:00 - 2013-08-07 19:32 - 00097848 _____ () C:\Internet\Foxmail 7\Skin\TXScrollbar.dll
2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Internet\FileZilla FTP Client\fzshellext.dll
2014-01-19 00:31 - 2014-01-11 11:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-19 00:31 - 2014-01-11 11:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-19 00:31 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-19 00:31 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-19 00:31 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2014-01-19 00:31 - 2014-01-11 11:29 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\Users\wmannheim\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\wmannheim\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\wmannheim\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 4094.05 MB
Available physical RAM: 2200.73 MB
Total Pagefile: 8190.05 MB
Available Pagefile: 6001.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:361.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:298.06 GB) (Free:61.52 GB) NTFS
Drive e: (FREECOM HDD) (Fixed) (Total:931.28 GB) (Free:839.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 03920391)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298 GB) (Disk ID: CC666AE2)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: A2557FE6)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================

Alt 21.01.2014, 14:49   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]


hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________
Alt 21.01.2014, 16:05   #3
wmannheim
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]


Hallo Schrauber,

danke für die Hinweise zu den Antimalwareprogrammen!
Habe das Problem inzwischen wie folgt gelöst:

Im Verzeichnis Users\Benutzer\AppData\Local\Google den kompletten Ordner Chrome gelöscht.
Danach Chrome neu gestartet und alle Einstellungen von Google importiert.
__________________
Alt 22.01.2014, 10:30   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - Standard

Text Link doppelt markiert mit Popup im Browser [Holen Media Player]


ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Text Link doppelt markiert mit Popup im Browser [Holen Media Player]
adblock, adobe, browser, defender, entfernen, excel, google, hdvid codec v6.0, helper, holen media player, homepage, installation, minidump, netzwerk, outlook 2013, photoshop, popup, realtek, registry, rundll, security, services.exe, software, svchost.exe, system, temp, tencent, updates, usb, windows xp, wma


« Windows 7 - BKA Trojaner erscheint nach der Anmeldung | GVU Trojana oder nur falscher Alarm? »


Ähnliche Themen: Text Link doppelt markiert mit Popup im Browser [Holen Media Player]


  1. Im Browser sehe ich doppelt unterstrichene Wörter die ein Link sind
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (9)
  2. Firefox erscheinen doppelt unterstichene Wörter und es erschein ein Verweis auf "MediaPlayerTotal" Holen Mediaplayer
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (18)
  3. Holen Media Player, doppelt unterstrichene Wörter in Mozilla
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (7)
  4. Firefox erscheinen doppelt unterstichene Wörter; es erschein ein Verweis auf "MediaPlayerTotal" Holen Mediaplayer
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (23)
  5. Text Link doppelt markiert mit Popup im Browser [Holen Media Player]
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (8)
  6. Datenleck im Browser-Plug-in des Windows Media Player
    Nachrichten - 16.07.2013 (0)
  7. rechner scrollt automatisch runter im browser bei spielen im media player überall...
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (19)
  8. Automatischer Start von Media Player sowie Media Center + Zeitumstellung
    Log-Analyse und Auswertung - 20.04.2011 (1)
  9. Windows Media Player
    Mülltonne - 18.11.2008 (2)
  10. Windows Media Player
    Plagegeister aller Art und deren Bekämpfung - 13.11.2008 (0)
  11. web media player
    Log-Analyse und Auswertung - 17.07.2008 (6)
  12. Thunderbird Text mit Link hinterlegen
    Alles rund um Windows - 05.01.2008 (2)
  13. Problem mit dem Media Player 10
    Alles rund um Windows - 08.05.2006 (3)
  14. Media Player
    Alles rund um Windows - 23.10.2005 (14)
  15. Windows Media Player
    Alles rund um Windows - 04.09.2005 (12)
  16. media player 10
    Alles rund um Windows - 21.02.2005 (2)
  17. welcher media-player?
    Alles rund um Windows - 19.02.2003 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Text Link doppelt markiert mit Popup im Browser [Holen Media Player] - bekomme doppelt unterstrichenen grünen Link mit Popup Holen Media Player im Chrome Browser nicht weg. Bitte um Hilfe! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014 Ran - Text Link doppelt markiert mit Popup im Browser [Holen Media Player]...
Archiv
Du betrachtest: Text Link doppelt markiert mit Popup im Browser [Holen Media Player] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54