Hallo Matthias,
hat funktioniert. Aaaaber, ich habe einen Fehler gemacht und aus Versehen JRT zweimal ausgeführt, einmal wie vorgesehen als Schritt 2 und dann noch einmal nach Malware Bytes, keine Ahnung was mich da geritten hat. Sorry. Die Logdatei ist nun überschrieben, ich weiß nicht, ob es eine Möglichkeit gibt die ursprüngliche wiederzufinden / wiederherzustellen...
Hier dennoch alle Logs: Code:
# AdwCleaner v3.211 - Bericht erstellt am 31/05/2014 um 10:36:51
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Besitzer - ****-PC
# Gestartet von : C:\Users\Besitzer\Desktop\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : bupService
[#] Dienst Gelöscht : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Dienst Gelöscht : SystemkService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\systemk
Ordner Gelöscht : C:\Program Files (x86)\Settings Manager
Ordner Gelöscht : C:\Users\Besitzer\AppData\LocalLow\DataMngr
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\BupSystem
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SystemK
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\SystemK
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v
*************************
AdwCleaner[R1].txt - [6259 octets] - [31/05/2014 10:36:23]
AdwCleaner[S1].txt - [5261 octets] - [31/05/2014 10:36:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5321 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Besitzer on 31.05.2014 at 11:10:27,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2014 at 11:15:24,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 31.05.2014
Suchlauf-Zeit: 10:52:51
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.05.31.02
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Besitzer
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 256173
Verstrichene Zeit: 6 Min, 7 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 4
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, In Quarantäne, [ea047ddafb801422974b91b2a75bbc44],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, In Quarantäne, [ea047ddafb801422974b91b2a75bbc44],
Trojan.BHO, HKU\S-1-5-21-2182719459-1125525397-2391316247-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, In Quarantäne, [ea047ddafb801422974b91b2a75bbc44],
Trojan.BHO, HKU\S-1-5-21-2182719459-1125525397-2391316247-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, In Quarantäne, [ea047ddafb801422974b91b2a75bbc44],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 3
Trojan.BHO, C:\Users\Besitzer\AppData\LocalLow\systems ie bho\bho.dll, Löschen bei Neustart, [ea047ddafb801422974b91b2a75bbc44],
PUP.Optional.Softonic.A, C:\$Recycle.Bin\S-1-5-21-2182719459-1125525397-2391316247-1000\$RJNC2A8.exe, In Quarantäne, [638ba1b6a1da52e4d27581a0df228a76],
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, In Quarantäne, [27c787d0fb8090a689099b03bb474fb1],
Physische Sektoren: 0
(No malicious items detected)
(end) Code:
Zoek.exe v5.0.0.0 Updated 21-05-2014
Tool run by Besitzer on 31.05.2014 at 11:20:21,30.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Besitzer\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
31.05.2014 11:20:57 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Besitzer\AppData\Roaming\Thunderbird\Profiles\kuv1i8jj.default\prefs.js:
Added to C:\Users\Besitzer\AppData\Roaming\Thunderbird\Profiles\kuv1i8jj.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\Besitzer\AppData\Roaming\Thunderbird\Profiles\kuv1i8jj.default_ALT\prefs.js:
Added to C:\Users\Besitzer\AppData\Roaming\Thunderbird\Profiles\kuv1i8jj.default_ALT\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF" [15.02.2014 11:03]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx[28.04.2014 14:52]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.t-online.de/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.t-online.de/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{741FB912-EA03-40D0-91DA-3BB3090D4147}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{741FB912-EA03-40D0-91DA-3BB3090D4147} Google Url="hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== Empty Temp Folders ======================
C:\Users\Besitzer\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Besitzer\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 31.05.2014 at 11:31:18,30 ======================
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Besitzer (administrator) on ****-PC on 31-05-2014 11:34:15
Running from C:\Users\Besitzer\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB685C1105423CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2014-02-15]
==================== Services (Whitelisted) =================
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-15] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20140528.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140529.003\ENG64.SYS [126040 2014-05-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140529.003\EX64.SYS [2099288 2014-05-29] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-31 11:34 - 2014-05-31 11:34 - 00009108 _____ () C:\Users\Besitzer\Desktop\FRST.txt
2014-05-31 11:29 - 2014-05-31 11:20 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-31 11:20 - 2014-05-31 11:31 - 00006391 _____ () C:\Users\Besitzer\Desktop\zoek-results.log
2014-05-31 11:16 - 2014-05-31 11:16 - 00000000 ____D () C:\zoek_backup
2014-05-31 11:15 - 2014-05-31 11:15 - 00000628 _____ () C:\Users\Besitzer\Desktop\JRT.txt
2014-05-31 11:08 - 2014-05-31 11:08 - 00002390 _____ () C:\Users\Besitzer\Desktop\mbam.txt
2014-05-31 10:51 - 2014-05-31 11:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 10:51 - 2014-05-31 10:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 10:51 - 2014-05-31 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 10:51 - 2014-05-31 10:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-31 10:51 - 2014-05-31 10:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 10:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-31 10:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-31 10:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-31 10:41 - 2014-05-31 10:41 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 10:39 - 2014-05-31 10:39 - 00005409 _____ () C:\Users\Besitzer\Desktop\AdwCleaner[S1].txt
2014-05-29 18:16 - 2014-05-29 18:16 - 00000000 ____D () C:\N360_BACKUP
2014-05-29 15:16 - 2014-05-29 15:37 - 00000000 ____D () C:\Users\Besitzer\Desktop\Trojaner
2014-05-29 15:13 - 2014-05-31 10:36 - 00000000 ____D () C:\AdwCleaner
2014-05-29 15:11 - 2014-05-29 15:11 - 01285120 _____ () C:\Users\Besitzer\Desktop\zoek.exe
2014-05-29 15:10 - 2014-05-29 15:10 - 01016261 _____ (Thisisu) C:\Users\Besitzer\Desktop\JRT.exe
2014-05-29 15:09 - 2014-05-29 15:09 - 01327971 _____ () C:\Users\Besitzer\Desktop\adwcleaner_3.211.exe
2014-05-29 13:22 - 2014-05-29 13:22 - 00020113 _____ () C:\Users\Besitzer\VerlaufNorton.zip
2014-05-29 13:11 - 2014-05-29 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-29 13:11 - 2014-05-29 13:11 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-29 12:48 - 2014-05-29 12:48 - 00223476 _____ () C:\Users\Besitzer\VerlaufNorton.txt
2014-05-29 12:47 - 2014-05-29 12:47 - 00223476 _____ () C:\Users\Besitzer\Documents\VerlaufNortonm.txt
2014-05-29 12:13 - 2014-05-29 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-29 12:13 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-29 12:13 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-29 12:13 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-29 12:13 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-29 12:12 - 2014-05-29 12:13 - 00004534 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-29 12:03 - 2014-05-29 12:03 - 00380416 _____ () C:\Users\Besitzer\Desktop\Gmer-19357.exe
2014-05-29 12:00 - 2014-05-31 11:34 - 00000000 ____D () C:\FRST
2014-05-29 11:59 - 2014-05-29 11:59 - 02066944 _____ (Farbar) C:\Users\Besitzer\Desktop\FRST64.exe
2014-05-29 11:57 - 2014-05-29 11:57 - 00000000 _____ () C:\Users\Besitzer\defogger_reenable
2014-05-25 17:06 - 2014-05-25 17:10 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\NPE
2014-05-23 19:06 - 2014-05-23 19:06 - 00290504 _____ () C:\Windows\Minidump\052314-26988-01.dmp
2014-05-22 09:14 - 2014-05-22 09:14 - 00290568 _____ () C:\Windows\Minidump\052214-26364-01.dmp
2014-05-22 08:46 - 2014-05-22 08:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-19 14:00 - 2014-05-25 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-17 13:02 - 2014-05-17 13:06 - 00000000 ____D () C:\Users\Besitzer\Immo NMS
2014-05-15 14:54 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 14:54 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 14:54 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 14:54 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 14:54 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 14:54 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 13:53 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 13:53 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 13:53 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:53 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:52 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:52 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:52 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:52 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:52 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:52 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:52 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:52 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:52 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:52 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:52 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:52 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:52 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:52 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:52 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:52 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:52 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:52 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:52 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:52 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:52 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:52 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:52 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:52 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:52 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:52 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:52 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:52 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:52 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 13:52 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-07 18:23 - 2014-05-07 18:23 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Rüschi
2014-05-07 18:18 - 2014-05-07 18:25 - 00000808 _____ () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\RüSchi (Rückenschilder).lnk
2014-05-07 18:18 - 2014-05-07 18:19 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Security Systems
2014-05-07 18:18 - 2014-05-07 18:18 - 00000000 ____D () C:\Applikationen
2014-05-06 23:26 - 2014-05-15 22:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 22:34 - 2014-05-07 14:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-05 18:10 - 2014-05-05 18:10 - 00001779 _____ () C:\Users\Besitzer\Desktop\Rainlendar2 - Verknüpfung.lnk
2014-05-04 13:34 - 2014-05-04 13:34 - 00231952 _____ () C:\Users\Besitzer\Downloads\DriverTurboSetup.exe
==================== One Month Modified Files and Folders =======
2014-05-31 11:34 - 2014-05-31 11:34 - 00009108 _____ () C:\Users\Besitzer\Desktop\FRST.txt
2014-05-31 11:34 - 2014-05-29 12:00 - 00000000 ____D () C:\FRST
2014-05-31 11:34 - 2014-02-06 16:46 - 01354310 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 11:31 - 2014-05-31 11:20 - 00006391 _____ () C:\Users\Besitzer\Desktop\zoek-results.log
2014-05-31 11:31 - 2014-02-10 10:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-31 11:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 11:31 - 2009-07-14 06:51 - 00061854 _____ () C:\Windows\setupact.log
2014-05-31 11:30 - 2010-11-21 05:47 - 00037712 _____ () C:\Windows\PFRO.log
2014-05-31 11:21 - 2014-02-06 18:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-31 11:20 - 2014-05-31 11:29 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-31 11:16 - 2014-05-31 11:16 - 00000000 ____D () C:\zoek_backup
2014-05-31 11:15 - 2014-05-31 11:15 - 00000628 _____ () C:\Users\Besitzer\Desktop\JRT.txt
2014-05-31 11:13 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 11:13 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 11:08 - 2014-05-31 11:08 - 00002390 _____ () C:\Users\Besitzer\Desktop\mbam.txt
2014-05-31 11:07 - 2014-05-31 10:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 10:51 - 2014-05-31 10:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 10:51 - 2014-05-31 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 10:51 - 2014-05-31 10:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-31 10:51 - 2014-05-31 10:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 10:41 - 2014-05-31 10:41 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 10:39 - 2014-05-31 10:39 - 00005409 _____ () C:\Users\Besitzer\Desktop\AdwCleaner[S1].txt
2014-05-31 10:36 - 2014-05-29 15:13 - 00000000 ____D () C:\AdwCleaner
2014-05-29 18:16 - 2014-05-29 18:16 - 00000000 ____D () C:\N360_BACKUP
2014-05-29 15:37 - 2014-05-29 15:16 - 00000000 ____D () C:\Users\Besitzer\Desktop\Trojaner
2014-05-29 15:14 - 2014-03-11 23:41 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\CrashDumps
2014-05-29 15:11 - 2014-05-29 15:11 - 01285120 _____ () C:\Users\Besitzer\Desktop\zoek.exe
2014-05-29 15:10 - 2014-05-29 15:10 - 01016261 _____ (Thisisu) C:\Users\Besitzer\Desktop\JRT.exe
2014-05-29 15:09 - 2014-05-29 15:09 - 01327971 _____ () C:\Users\Besitzer\Desktop\adwcleaner_3.211.exe
2014-05-29 13:22 - 2014-05-29 13:22 - 00020113 _____ () C:\Users\Besitzer\VerlaufNorton.zip
2014-05-29 13:22 - 2014-02-06 17:05 - 00000000 ____D () C:\Users\Besitzer
2014-05-29 13:11 - 2014-05-29 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-29 13:11 - 2014-05-29 13:11 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-29 12:49 - 2014-02-24 22:04 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-05-29 12:48 - 2014-05-29 12:48 - 00223476 _____ () C:\Users\Besitzer\VerlaufNorton.txt
2014-05-29 12:47 - 2014-05-29 12:47 - 00223476 _____ () C:\Users\Besitzer\Documents\VerlaufNortonm.txt
2014-05-29 12:13 - 2014-05-29 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-29 12:13 - 2014-05-29 12:12 - 00004534 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-29 12:13 - 2014-02-06 18:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-29 12:03 - 2014-05-29 12:03 - 00380416 _____ () C:\Users\Besitzer\Desktop\Gmer-19357.exe
2014-05-29 11:59 - 2014-05-29 11:59 - 02066944 _____ (Farbar) C:\Users\Besitzer\Desktop\FRST64.exe
2014-05-29 11:57 - 2014-05-29 11:57 - 00000000 _____ () C:\Users\Besitzer\defogger_reenable
2014-05-25 17:10 - 2014-05-25 17:06 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\NPE
2014-05-25 17:06 - 2014-02-14 18:32 - 00000000 ____D () C:\ProgramData\Norton
2014-05-25 15:44 - 2014-05-19 14:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-25 15:44 - 2014-02-06 18:04 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Mozilla
2014-05-23 19:06 - 2014-05-23 19:06 - 00290504 _____ () C:\Windows\Minidump\052314-26988-01.dmp
2014-05-23 19:06 - 2014-02-07 14:17 - 00000000 ____D () C:\Windows\Minidump
2014-05-23 19:05 - 2014-02-07 14:16 - 503703429 _____ () C:\Windows\MEMORY.DMP
2014-05-22 09:14 - 2014-05-22 09:14 - 00290568 _____ () C:\Windows\Minidump\052214-26364-01.dmp
2014-05-22 08:47 - 2014-05-22 08:46 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-22 08:47 - 2014-04-22 11:17 - 00000000 ____D () C:\Users\Besitzer\.rainlendar2
2014-05-22 08:46 - 2014-02-14 18:33 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-22 08:46 - 2014-02-14 18:33 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-05-22 08:46 - 2014-02-14 18:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-22 08:46 - 2014-02-14 18:33 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-05-21 15:29 - 2014-02-15 14:50 - 00000000 ____D () C:\Users\Besitzer\Feuerwehr
2014-05-20 23:51 - 2014-02-06 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 13:06 - 2014-05-17 13:02 - 00000000 ____D () C:\Users\Besitzer\Immo NMS
2014-05-15 22:50 - 2014-02-06 17:05 - 00000000 ___RD () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 22:50 - 2014-02-06 17:05 - 00000000 ___RD () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 22:48 - 2014-05-06 23:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:52 - 2014-02-06 18:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 13:49 - 2014-02-06 18:20 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 23:21 - 2014-02-06 18:14 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 23:21 - 2014-02-06 18:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 23:21 - 2014-02-06 18:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-05-31 10:51 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-31 10:51 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-31 10:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:14 - 2014-05-15 13:53 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 13:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 18:35 - 2014-02-10 10:36 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\NVIDIA
2014-05-07 18:25 - 2014-05-07 18:18 - 00000808 _____ () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\RüSchi (Rückenschilder).lnk
2014-05-07 18:23 - 2014-05-07 18:23 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Rüschi
2014-05-07 18:19 - 2014-05-07 18:18 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Security Systems
2014-05-07 18:18 - 2014-05-07 18:18 - 00000000 ____D () C:\Applikationen
2014-05-07 15:02 - 2014-05-29 12:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-07 14:59 - 2014-05-29 12:13 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-07 14:59 - 2014-05-29 12:13 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-07 14:58 - 2014-05-29 12:13 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-07 14:51 - 2014-05-06 22:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-06 06:40 - 2014-05-15 14:54 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 14:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 14:54 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 14:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 14:54 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 14:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 18:10 - 2014-05-05 18:10 - 00001779 _____ () C:\Users\Besitzer\Desktop\Rainlendar2 - Verknüpfung.lnk
2014-05-05 17:39 - 2010-11-21 08:50 - 00713134 _____ () C:\Windows\system32\perfh007.dat
2014-05-05 17:39 - 2010-11-21 08:50 - 00153250 _____ () C:\Windows\system32\perfc007.dat
2014-05-05 17:39 - 2009-07-14 07:13 - 01645692 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-05 16:36 - 2014-02-06 18:05 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Thunderbird
2014-05-04 13:34 - 2014-05-04 13:34 - 00231952 _____ () C:\Users\Besitzer\Downloads\DriverTurboSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-10 16:55
==================== End Of Log ============================ --- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Besitzer at 2014-05-31 11:34:59
Running from C:\Users\Besitzer\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton 360 Online (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Online (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Online (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140117 - Landesfinanzdirektion Thüringen)
Foxy Security (HKLM-x32\...\Foxy Security) (Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0 (HKLM-x32\...\{6E5A086F-F05E-428D-B2AE-A05566B989A5}) (Version: 9.0 - Star Finanz GmbH)
==================== Restore Points =========================
10-04-2014 22:29:56 Windows Update
15-04-2014 00:07:57 Windows Update
15-04-2014 10:55:47 Windows Update
17-04-2014 01:00:10 Windows Update
02-05-2014 21:32:57 Windows Update
06-05-2014 21:26:41 Windows Update
15-05-2014 11:46:52 Windows Update
15-05-2014 12:53:24 Windows Update
17-05-2014 11:25:30 Windows Update
17-05-2014 21:59:43 Windows Update
25-05-2014 15:00:50 Norton 360 Registry Clean
31-05-2014 09:20:45 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {3B4A4C3C-F4A8-4DF5-9ED1-25E00EDA7F9A} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {51DF2970-BE71-41A1-9C9F-2887CECEBE70} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {5918FE5E-BBE4-4BA1-9625-860D499ED863} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D11C6936-7432-4802-8496-48A86BB819DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-02-10 10:34 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-05 19:38 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2014-02-24 22:05 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Besitzer\Downloads\Lieferinformationen_f_r.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/31/2014 11:32:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/31/2014 11:32:18 AM) (Source: MsiInstaller) (EventID: 1024) (User: ****-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/31/2014 11:30:03 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
System errors:
=============
Error: (05/31/2014 11:27:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/31/2014 11:27:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/31/2014 11:27:54 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/31/2014 11:27:53 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/31/2014 11:27:53 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Microsoft Office Sessions:
=========================
Error: (05/31/2014 11:32:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/31/2014 11:32:18 AM) (Source: MsiInstaller) (EventID: 1024) (User: ****-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/31/2014 11:30:03 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 4094.49 MB
Available physical RAM: 2439.98 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 6615.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.54 GB) (Free:450.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: CB89CB89)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
==================== End Of Log ============================ |