Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Nach Installation von Audiograbber RRSavings, ungewollte Verlinkungen auf Webseiten, Verlangsamung des gesamten Systems (https://www.trojaner-board.de/153426-windows-7-installation-audiograbber-rrsavings-ungewollte-verlinkungen-webseiten-verlangsamung-gesamten-systems.html)

merlesblume 04.05.2014 14:52
Windows 7: Nach Installation von Audiograbber RRSavings, ungewollte Verlinkungen auf Webseiten, Verlangsamung des gesamten Systems
 
Liebes Tronjaner Board Team,

nach der Installation von Audiograbber hat sich irgendwas (Trojaner?) auf mein System eingeschlichen. Neben dem ungewollten Internetbrowser "Bing", öffnete sich immer bei jeder Eingabe einer Internetseite eine weitere Seiter mit dem Titel "Loading...", unten Rechts erscheinen ständig kleine RRSavings Fenster und auf jeder Internetseit, so auch hier, sind mehrere Wörter oder Phrasen unterstrichen und verlinkt. Außerdem schließt sich Firefox auch ab uns zu automatisch oder Musik hört auf zu spielen.
Ich habe eure Ratschläge befolgt und mithilfe von Farbar und GMER Scans durchgeführt und diese abgespeichert. Gerade eben ist mein PC nach Erscheinen eines blauen Displays mit irgendwelchen Daten dann abgestürzt und brauchte sehr sehr lange Zeit, um wieder hochzufahren. Er ist deutlich langsamer und ich mache mir Sorgen. Ich bitte um Hilfe! Danke schon mal im Voraus! :)

Gruß, Lotte

schrauber 04.05.2014 17:34
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


merlesblume 08.05.2014 18:18
Hey,
ich habe den Farbar Scan jetzt einfach kopiert und hier eingefügt. Ich hoffe, du kannst was damit anfangen :).
LG, Lotte



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Charlotte (administrator) on LAPTOP on 04-05-2014 14:38:09
Running from C:\Users\Charlotte\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\002\bukgmhvrux64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files\RrFilter\RrFilterService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
() C:\Program Files (x86)\best-markit Corp\best-markit_wd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Spotify Ltd) C:\Users\Charlotte\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\to_be_deleted\nsk5F79.tmp
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\to_be_deleted\nsz6118.tmp
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Users\Charlotte\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [619392 2009-06-12] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-426371199-3567165711-1491004561-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-426371199-3567165711-1491004561-1000\...\Run: [Spotify Web Helper] => C:\Users\Charlotte\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-24] (Spotify Ltd)
HKU\S-1-5-21-426371199-3567165711-1491004561-1000\...\MountPoints2: {cb55852d-abe7-11e1-951f-485b3947e8a5} - E:\CDLaunch\shelexec.exe \SP1INST.HTM
Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x69C36B46773FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {1DC93D2C-3279-47A3-8549-F8EF22E6B326} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\lv2qrjdr.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*'))%20%7B%20return%20'PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\lv2qrjdr.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Protegere - C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\lv2qrjdr.default\Extensions\security@protegere.org [2014-04-27]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\lv2qrjdr.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-03-10]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\lv2qrjdr.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\lv2qrjdr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-31]
FF HKCU\...\Firefox\Extensions: [{07e403c0-41ac-420d-8d82-3a4d196059a8}] - C:\Program Files (x86)\best-markit Corp\158.xpi
FF Extension: best-markit - C:\Program Files (x86)\best-markit Corp\158.xpi [2014-04-27]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-11-23] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-26] (Avira Operations GmbH & Co. KG)
R2 bukgmhvrux64; C:\Program Files\002\bukgmhvrux64.exe [706560 2014-04-27] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 RrFilterService64; c:\Program Files\RrFilter\RrFilterService64.exe [171008 2014-03-06] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2012-06-03] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-04 14:38 - 2014-05-04 14:39 - 00014768 _____ () C:\Users\Charlotte\Downloads\FRST.txt
2014-05-04 14:37 - 2014-05-04 14:38 - 00000000 ____D () C:\FRST
2014-05-04 14:36 - 2014-05-04 14:36 - 02062336 _____ (Farbar) C:\Users\Charlotte\Downloads\FRST64.exe
2014-05-04 14:34 - 2014-05-04 14:34 - 00000480 _____ () C:\Users\Charlotte\Downloads\defogger_disable.log
2014-05-04 14:34 - 2014-05-04 14:34 - 00000000 _____ () C:\Users\Charlotte\defogger_reenable
2014-05-04 14:32 - 2014-05-04 14:32 - 00050477 _____ () C:\Users\Charlotte\Downloads\Defogger.exe
2014-05-04 14:12 - 2014-05-04 14:12 - 00283376 _____ (Mozilla) C:\Users\Charlotte\Downloads\Firefox Setup Stub 29.0.exe
2014-05-03 16:48 - 2014-05-03 16:50 - 00000000 ____D () C:\AdwCleaner
2014-05-03 16:46 - 2014-05-03 16:47 - 00613200 _____ (Chip Digital GmbH) C:\Users\Charlotte\Downloads\AdwCleaner - CHIP-Downloader.exe
2014-05-03 16:45 - 2014-05-03 16:45 - 00613200 _____ (Chip Digital GmbH) C:\Users\Charlotte\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-05-03 09:10 - 2014-05-03 09:10 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\DropboxMaster
2014-05-03 08:48 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 08:48 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 08:48 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 08:48 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 15:45 - 2014-05-02 16:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-27 17:50 - 2014-05-04 14:25 - 00000000 ____D () C:\Program Files\RrFilter
2014-04-27 17:50 - 2014-05-03 18:13 - 00000408 _____ () C:\Windows\Tasks\best-markit Update.job
2014-04-27 17:50 - 2014-05-03 18:12 - 00000410 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-04-27 17:50 - 2014-04-27 17:50 - 00003064 _____ () C:\Windows\System32\Tasks\best-markit Update
2014-04-27 17:50 - 2014-04-27 17:50 - 00003006 _____ () C:\Windows\System32\Tasks\best-markit_wd
2014-04-27 17:50 - 2014-04-27 17:50 - 00001123 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-04-27 17:50 - 2014-04-27 17:50 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-27 17:50 - 2014-04-27 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-04-27 17:50 - 2014-04-27 17:50 - 00000000 ____D () C:\Program Files (x86)\best-markit Corp
2014-04-27 17:50 - 2014-04-27 17:50 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-04-27 17:49 - 2014-04-27 17:49 - 00000000 ____D () C:\Program Files\rrsavings
2014-04-27 17:49 - 2014-04-27 17:49 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-04-27 17:48 - 2014-04-27 17:49 - 00000000 ____D () C:\Program Files\002
2014-04-27 17:48 - 2014-04-27 17:48 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Security System 2
2014-04-27 17:44 - 2014-04-27 17:44 - 00613200 _____ (Chip Digital GmbH) C:\Users\Charlotte\Downloads\Audiograbber - CHIP-Downloader.exe
2014-04-24 00:30 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-24 00:30 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-24 00:30 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-24 00:30 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-24 00:30 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-24 00:30 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-24 00:30 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-24 00:30 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-24 00:30 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-24 00:30 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-24 00:30 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-24 00:30 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-24 00:30 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-24 00:30 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-24 00:30 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-24 00:30 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-24 00:30 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-24 00:30 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-24 00:30 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-24 00:30 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-24 00:30 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-24 00:30 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-24 00:30 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-24 00:30 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-24 00:30 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-24 00:30 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-24 00:30 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-24 00:30 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-24 00:30 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-24 00:30 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-24 00:30 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-24 00:30 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-24 00:30 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-24 00:30 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-24 00:30 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-24 00:30 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-24 00:30 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-24 00:30 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-24 00:30 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-24 00:30 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-24 00:30 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-24 00:30 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-24 00:30 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-24 00:30 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-08 21:30 - 2014-05-04 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-08 20:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 20:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 20:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 20:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 20:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 20:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 20:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 20:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 20:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 20:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 20:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

==================== One Month Modified Files and Folders =======

2014-05-04 14:39 - 2014-05-04 14:38 - 00014768 _____ () C:\Users\Charlotte\Downloads\FRST.txt
2014-05-04 14:38 - 2014-05-04 14:37 - 00000000 ____D () C:\FRST
2014-05-04 14:36 - 2014-05-04 14:36 - 02062336 _____ (Farbar) C:\Users\Charlotte\Downloads\FRST64.exe
2014-05-04 14:35 - 2012-06-01 00:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-04 14:34 - 2014-05-04 14:34 - 00000480 _____ () C:\Users\Charlotte\Downloads\defogger_disable.log
2014-05-04 14:34 - 2014-05-04 14:34 - 00000000 _____ () C:\Users\Charlotte\defogger_reenable
2014-05-04 14:34 - 2012-05-31 23:41 - 00000000 ____D () C:\Users\Charlotte
2014-05-04 14:32 - 2014-05-04 14:32 - 00050477 _____ () C:\Users\Charlotte\Downloads\Defogger.exe
2014-05-04 14:25 - 2014-04-27 17:50 - 00000000 ____D () C:\Program Files\RrFilter
2014-05-04 14:14 - 2014-04-08 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-04 14:13 - 2012-05-31 23:52 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-04 14:13 - 2012-05-31 23:52 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-04 14:13 - 2012-05-31 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-04 14:12 - 2014-05-04 14:12 - 00283376 _____ (Mozilla) C:\Users\Charlotte\Downloads\Firefox Setup Stub 29.0.exe
2014-05-04 10:45 - 2012-05-31 23:35 - 01066838 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 18:20 - 2009-07-14 06:51 - 00066250 _____ () C:\Windows\setupact.log
2014-05-03 18:19 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 18:19 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 18:14 - 2013-12-10 23:14 - 00000000 ___RD () C:\Users\Charlotte\Dropbox
2014-05-03 18:14 - 2013-12-10 23:11 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Dropbox
2014-05-03 18:13 - 2014-04-27 17:50 - 00000408 _____ () C:\Windows\Tasks\best-markit Update.job
2014-05-03 18:12 - 2014-04-27 17:50 - 00000410 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-05-03 18:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 16:51 - 2010-11-21 05:47 - 00100188 _____ () C:\Windows\PFRO.log
2014-05-03 16:50 - 2014-05-03 16:48 - 00000000 ____D () C:\AdwCleaner
2014-05-03 16:47 - 2014-05-03 16:46 - 00613200 _____ (Chip Digital GmbH) C:\Users\Charlotte\Downloads\AdwCleaner - CHIP-Downloader.exe
2014-05-03 16:45 - 2014-05-03 16:45 - 00613200 _____ (Chip Digital GmbH) C:\Users\Charlotte\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-05-03 14:25 - 2012-06-01 15:24 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\vlc
2014-05-03 14:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-03 11:29 - 2011-04-12 09:43 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-05-03 11:29 - 2011-04-12 09:43 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-05-03 11:29 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-03 09:10 - 2014-05-03 09:10 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\DropboxMaster
2014-05-03 09:10 - 2012-05-31 23:42 - 00000000 ___RD () C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 09:09 - 2013-12-10 23:14 - 00001027 _____ () C:\Users\Charlotte\Desktop\Dropbox.lnk
2014-05-03 09:09 - 2013-12-10 23:12 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-03 08:47 - 2012-06-02 12:35 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Skype
2014-05-02 16:54 - 2012-06-04 19:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-02 16:50 - 2014-04-30 15:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 19:35 - 2012-06-01 00:07 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 19:35 - 2012-06-01 00:07 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 19:35 - 2012-06-01 00:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 16:01 - 2014-05-03 08:48 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 08:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 08:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 08:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-27 17:50 - 2014-04-27 17:50 - 00003064 _____ () C:\Windows\System32\Tasks\best-markit Update
2014-04-27 17:50 - 2014-04-27 17:50 - 00003006 _____ () C:\Windows\System32\Tasks\best-markit_wd
2014-04-27 17:50 - 2014-04-27 17:50 - 00001123 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-04-27 17:50 - 2014-04-27 17:50 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-27 17:50 - 2014-04-27 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-04-27 17:50 - 2014-04-27 17:50 - 00000000 ____D () C:\Program Files (x86)\best-markit Corp
2014-04-27 17:50 - 2014-04-27 17:50 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-04-27 17:50 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-27 17:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-27 17:49 - 2014-04-27 17:49 - 00000000 ____D () C:\Program Files\rrsavings
2014-04-27 17:49 - 2014-04-27 17:49 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-04-27 17:49 - 2014-04-27 17:48 - 00000000 ____D () C:\Program Files\002
2014-04-27 17:48 - 2014-04-27 17:48 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Security System 2
2014-04-27 17:44 - 2014-04-27 17:44 - 00613200 _____ (Chip Digital GmbH) C:\Users\Charlotte\Downloads\Audiograbber - CHIP-Downloader.exe
2014-04-24 11:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-24 09:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-17 20:49 - 2013-05-22 20:54 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\dvdcss
2014-04-08 23:00 - 2013-09-25 09:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-08 22:58 - 2012-06-01 14:30 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Charlotte\AppData\Local\Temp\AskSLib.dll
C:\Users\Charlotte\AppData\Local\Temp\avgnt.exe
C:\Users\Charlotte\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr9pfei.dll
C:\Users\Charlotte\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Charlotte\AppData\Local\Temp\mpegc.dll
C:\Users\Charlotte\AppData\Local\Temp\nsb6878.exe
C:\Users\Charlotte\AppData\Local\Temp\nsh631B.exe
C:\Users\Charlotte\AppData\Local\Temp\nsmA02F.exe
C:\Users\Charlotte\AppData\Local\Temp\nsw9B3E.exe
C:\Users\Charlotte\AppData\Local\Temp\oon9js7a.dll
C:\Users\Charlotte\AppData\Local\Temp\pcoancmo.dll
C:\Users\Charlotte\AppData\Local\Temp\Quarantine.exe
C:\Users\Charlotte\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Charlotte\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Charlotte\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Charlotte\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Charlotte\AppData\Local\Temp\_is61AC.exe
C:\Users\Charlotte\AppData\Local\Temp\_is9E5F.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 10:39

==================== End Of Log ============================
--- --- ---

--- --- ---


...und hier noch der Addition Scan:

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Charlotte at 2014-05-04 14:39:44
Running from C:\Users\Charlotte\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}) (Version: 1.2.17.25001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.25001 - Alcor Micro Corp.) Hidden
ArcSoft MediaImpression 2 (HKLM-x32\...\{81FC0476-9507-4CD3-95A7-2BE60E256D1D}) (Version: 2.0.27.846 - ArcSoft)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
best-markit (HKLM-x32\...\cec73dbc-cc47-471c-a2e7-288ad572cb41) (Version:  - best-markit Software)
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.9.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
ETDWare PS/2-x64 7.0.5.5_WHQL (HKLM\...\Elantech) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 29.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.4 - )
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Protegere (HKLM-x32\...\Protegere) (Version:  - )
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings) <==== ATTENTION
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden <==== ATTENTION
Scansoft PDF Professional (x32 Version:  - ) Hidden
Skype™ 5.9 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.9.115 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.6.72.ge389c074 - Spotify AB)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Restore Points  =========================

08-04-2014 18:45:35 Windows Update
08-04-2014 20:58:12 Windows Update
17-04-2014 18:09:50 Windows Update
23-04-2014 13:22:22 Windows Update
23-04-2014 22:29:51 Windows Update
29-04-2014 11:39:16 Windows Update
03-05-2014 06:48:09 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1DF0D168-79FD-4746-BB75-8A5C2D462BE9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {2E07D2FD-7C08-4795-AD60-C91F2C8CDD74} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2FD03207-979D-4FCE-856D-58393907B800} - System32\Tasks\best-markit_wd => C:\Program Files (x86)\best-markit Corp\best-markit_wd.exe [2014-04-27] ()
Task: {D38067BF-4827-4B31-854B-2AD0FA412E06} - System32\Tasks\best-markit Update => C:\Program Files (x86)\best-markit Corp\bestu.exe [2014-04-27] ()
Task: {EB163B48-11C8-4602-8D6F-55C462148E6A} - System32\Tasks\{266036D8-DDF0-4D37-9A18-64B52B7D93C3} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-04-30] (Mozilla Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\best-markit Update.job => C:\Program Files (x86)\best-markit Corp\bestu.exe
Task: C:\Windows\Tasks\best-markit_wd.job => C:\Program Files (x86)\best-markit Corp\best-markit_wd.exe

==================== Loaded Modules (whitelisted) =============

2014-04-27 17:49 - 2014-04-27 17:49 - 00706560 _____ () C:\Program Files\002\bukgmhvrux64.exe
2014-03-06 15:52 - 2014-03-06 15:52 - 00171008 _____ () c:\Program Files\RrFilter\RrFilterService64.exe
2014-03-04 13:25 - 2014-03-04 13:25 - 00110080 _____ () c:\Program Files\RrFilter\nfapi.dll
2014-03-04 13:25 - 2014-03-04 13:25 - 00317952 _____ () c:\Program Files\RrFilter\ProtocolFilters.dll
2014-04-27 17:50 - 2014-04-27 17:50 - 00077312 _____ () C:\Program Files (x86)\best-markit Corp\best-markit_wd.exe
2012-06-01 17:18 - 2009-05-07 16:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-06-01 17:18 - 2009-05-07 16:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-06-01 17:18 - 2008-01-18 14:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2012-06-01 17:18 - 2009-07-06 14:37 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-05-04 14:32 - 2014-05-04 14:32 - 00050477 _____ () C:\Users\Charlotte\Downloads\Defogger.exe
2013-10-13 18:11 - 2013-10-11 17:58 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-05-03 18:13 - 2014-05-03 18:13 - 00041984 _____ () C:\Users\Charlotte\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr9pfei.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\libcef.dll
2012-11-13 14:02 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-04-08 21:30 - 2014-04-22 11:25 - 03845232 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-30 19:35 - 2014-04-30 19:35 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
2014-04-30 15:45 - 2014-04-30 15:45 - 03019888 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-04-30 15:45 - 2014-04-30 15:45 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-04-30 15:45 - 2014-04-30 15:45 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/04/2014 02:11:50 PM) (Source: Application Hang) (User: )
Description: Programm audiograbber.exe, Version 1.83.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1464

Startzeit: 01cf678e1b3d2e00

Endzeit: 124

Anwendungspfad: C:\Program Files (x86)\Audiograbber\audiograbber.exe

Berichts-ID: 3f4f0c59-d385-11e3-956a-485b3947e8a5

Error: (05/03/2014 06:12:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 04:53:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 02:44:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: best-markit158.exe, Version: 1.158.0.0, Zeitstempel: 0x5337d154
Name des fehlerhaften Moduls: best-markit158.dll, Version: 0.0.0.0, Zeitstempel: 0x5337d15e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000098f0
ID des fehlerhaften Prozesses: 0xf64
Startzeit der fehlerhaften Anwendung: 0xbest-markit158.exe0
Pfad der fehlerhaften Anwendung: best-markit158.exe1
Pfad des fehlerhaften Moduls: best-markit158.exe2
Berichtskennung: best-markit158.exe3

Error: (05/03/2014 01:42:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: best-markit158.exe, Version: 1.158.0.0, Zeitstempel: 0x5337d154
Name des fehlerhaften Moduls: best-markit158.dll, Version: 0.0.0.0, Zeitstempel: 0x5337d15e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000098f0
ID des fehlerhaften Prozesses: 0x13cc
Startzeit der fehlerhaften Anwendung: 0xbest-markit158.exe0
Pfad der fehlerhaften Anwendung: best-markit158.exe1
Pfad des fehlerhaften Moduls: best-markit158.exe2
Berichtskennung: best-markit158.exe3

Error: (05/03/2014 01:42:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: best-markit158.exe, Version: 1.158.0.0, Zeitstempel: 0x5337d154
Name des fehlerhaften Moduls: best-markit158.dll, Version: 0.0.0.0, Zeitstempel: 0x5337d15e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000098f0
ID des fehlerhaften Prozesses: 0x630
Startzeit der fehlerhaften Anwendung: 0xbest-markit158.exe0
Pfad der fehlerhaften Anwendung: best-markit158.exe1
Pfad des fehlerhaften Moduls: best-markit158.exe2
Berichtskennung: best-markit158.exe3

Error: (05/03/2014 01:37:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 09:07:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 08:48:00 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (05/02/2014 06:21:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/04/2014 07:00:53 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.

Error: (05/03/2014 06:11:59 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/03/2014 04:55:16 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (05/03/2014 04:53:06 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/03/2014 02:44:17 PM) (Source: Service Control Manager) (User: )
Description: Dienst "best-markit" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (05/03/2014 01:42:22 PM) (Source: Service Control Manager) (User: )
Description: Dienst "best-markit" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (05/03/2014 01:42:17 PM) (Source: Service Control Manager) (User: )
Description: Dienst "best-markit" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/03/2014 01:37:00 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/03/2014 00:16:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WerSvc" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1352

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/03/2014 09:06:49 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (05/04/2014 02:11:50 PM) (Source: Application Hang)(User: )
Description: audiograbber.exe1.83.0.1146401cf678e1b3d2e00124C:\Program Files (x86)\Audiograbber\audiograbber.exe3f4f0c59-d385-11e3-956a-485b3947e8a5

Error: (05/03/2014 06:12:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 04:53:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 02:44:17 PM) (Source: Application Error)(User: )
Description: best-markit158.exe1.158.0.05337d154best-markit158.dll0.0.0.05337d15ec0000005000098f0f6401cf66cd23390f40C:\Program Files (x86)\best-markit Corp\best-markit158.exeC:\Program Files (x86)\best-markit Corp\best-markit158.dlla3225a21-d2c0-11e3-87ed-485b3947e8a5

Error: (05/03/2014 01:42:22 PM) (Source: Application Error)(User: )
Description: best-markit158.exe1.158.0.05337d154best-markit158.dll0.0.0.05337d15ec0000005000098f013cc01cf66c4be89d644C:\Program Files (x86)\best-markit Corp\best-markit158.exeC:\Program Files (x86)\best-markit Corp\best-markit158.dllfcb8c030-d2b7-11e3-87ed-485b3947e8a5

Error: (05/03/2014 01:42:15 PM) (Source: Application Error)(User: )
Description: best-markit158.exe1.158.0.05337d154best-markit158.dll0.0.0.05337d15ec0000005000098f063001cf66c3d67950b4C:\Program Files (x86)\best-markit Corp\best-markit158.exeC:\Program Files (x86)\best-markit Corp\best-markit158.dllf8ef0d91-d2b7-11e3-87ed-485b3947e8a5

Error: (05/03/2014 01:37:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 09:07:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 08:48:00 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (05/02/2014 06:21:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 4061.09 MB
Available physical RAM: 2070.63 MB
Total Pagefile: 8120.35 MB
Available Pagefile: 5848.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:177.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1BAB5A54)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 09.05.2014 15:55
Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131