| |
| |||||||
Log-Analyse und Auswertung: Vista - viele iexplore.exe-Prozesse, Rechner wird langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.08.2014, 22:13
| #1 |
 |  Vista - viele iexplore.exe-Prozesse, Rechner wird langsam Hallo. Ich fürchte, ich habe mir einen Virus, Trojaner oder was es da so alles gibt eingefangen und hoffe auf Eure Hilfe. Der Rechner wird ab dem Hochfahren immer langsamer. Wenn ich den Task-Manager öffne, finde ich dort mehrere (nicht von mir gestartete) iexplore.exe-Prozesse. Auch der rundll32.exe-Prozess ist doppelt: Avira fand in Scans nacheinander: > HTML/Infected.WebPage.Gen6 > TR/Agent.CHYZ.1 > TR/ShoeLoader.A.181 ... 2mal Alle wurden in die Quarantäne verschoben. Keine weiteren Funde nach 2 weiteren Scans. Beim Herunterfahren blitzt der Bildschirmhintergrung mehrfach auf. Ich konnte defogger und FRST ausführen. Bei GMER gabs einen Bluescreen auch nach Entfernen des Häkchens bei Devices und auch im abgesicherten Modus jeweils bevor ich "Scan" klicken konnte. Hier die Logs: defogger_disable.log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:08 on 06/08/2014 (********************)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by ******************** (administrator) on C-NOTEBOOK on 06-08-2014 22:12:27
Running from F:\
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\********************\AppData\Roaming\Nawuka\yvigi.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3632521496-3224529923-2213790140-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)
HKU\S-1-5-21-3632521496-3224529923-2213790140-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3632521496-3224529923-2213790140-1003\...\Run: [Ryagyna] => C:\Users\********************\AppData\Roaming\Nawuka\yvigi.exe [374784 2010-01-29] ()
HKU\S-1-5-21-3632521496-3224529923-2213790140-1003\...\MountPoints2: {034cbb8a-316e-11e2-b4dd-001377ac244d} - F:\AutoRun.exe
HKU\S-1-5-21-3632521496-3224529923-2213790140-1003\...\MountPoints2: {6fc87f4d-3166-11e2-b445-001377ac244d} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
SearchScopes: HKCU - DefaultScope {FC6615C8-41BA-4D79-90FC-33DC7E42EDBA} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {5FFBB15E-0974-4A15-B630-10695677353F} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {606E1179-D5C1-4BDE-9402-FDD915F92834} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7A598ED0-35EC-4423-970E-835672F06B02} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {B1708A82-0D53-46BD-A543-872339238259} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {FC6615C8-41BA-4D79-90FC-33DC7E42EDBA} URL = hxxp://www.google.de/search?q={searchTerms}
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 83.169.185.161 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-25]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [819200 2008-05-23] (Intel(R) Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-05-23] (Intel(R) Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] (SAMSUNG ELECTRONICS CO., LTD.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-30] (Avira GmbH)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2008-04-05] (Vimicro Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-06 22:12 - 2014-08-06 22:12 - 00000000 ____D () C:\FRST
2014-08-06 22:08 - 2014-08-06 22:08 - 00000000 _____ () C:\Users\********************\defogger_reenable
2014-08-06 09:03 - 2014-08-06 09:03 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-06 08:56 - 2014-08-06 09:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-02 00:41 - 2014-08-02 00:41 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-08-02 00:04 - 2014-08-04 21:25 - 00000680 _____ () C:\Users\********************\AppData\Local\d3d9caps.dat
2014-08-01 20:53 - 2014-08-06 22:00 - 00000856 _____ () C:\Windows\Tasks\Security Center Update - 2437663260.job
2014-08-01 20:53 - 2014-08-01 20:53 - 00000000 ____D () C:\Users\********************\AppData\Roaming\Nawuka
2014-07-31 21:58 - 2014-07-31 21:58 - 00002082 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-07-30 22:56 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-30 22:56 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-30 22:56 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-07 20:54 - 2014-07-07 20:54 - 00000000 ____D () C:\Users\********************\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-06 22:12 - 2014-08-06 22:12 - 00000000 ____D () C:\FRST
2014-08-06 22:08 - 2014-08-06 22:08 - 00000000 _____ () C:\Users\********************\defogger_reenable
2014-08-06 22:08 - 2009-01-10 17:17 - 00000000 ___HD () C:\Users\********************
2014-08-06 22:00 - 2014-08-01 20:53 - 00000856 _____ () C:\Windows\Tasks\Security Center Update - 2437663260.job
2014-08-06 21:58 - 2006-11-02 14:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 21:58 - 2006-11-02 14:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 21:51 - 2006-11-02 12:33 - 01714928 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-06 21:49 - 2008-07-08 16:39 - 00191289 _____ () C:\ProgramData\nvModes.dat
2014-08-06 21:49 - 2008-07-08 16:39 - 00191289 _____ () C:\ProgramData\nvModes.001
2014-08-06 20:40 - 2008-10-11 04:47 - 01252280 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 09:31 - 2014-08-06 08:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 09:03 - 2014-08-06 09:03 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-06 09:03 - 2013-05-30 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-06 09:03 - 2013-05-30 21:30 - 00000000 ____D () C:\Program Files\Avira
2014-08-06 08:56 - 2013-05-30 21:30 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 08:50 - 2009-01-10 17:17 - 00000000 ____D () C:\Users\********************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-08-06 08:49 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-06 08:48 - 2008-07-09 08:09 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-06 08:48 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-06 07:49 - 2013-03-09 23:38 - 00101608 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-08-05 22:58 - 2008-01-21 04:47 - 00077770 _____ () C:\Windows\PFRO.log
2014-08-04 21:42 - 2013-05-21 21:56 - 00000000 ____D () C:\Users\********************\Documents\Steuerfälle
2014-08-04 21:25 - 2014-08-02 00:04 - 00000680 _____ () C:\Users\********************\AppData\Local\d3d9caps.dat
2014-08-02 00:41 - 2014-08-02 00:41 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-08-01 20:53 - 2014-08-01 20:53 - 00000000 ____D () C:\Users\********************\AppData\Roaming\Nawuka
2014-08-01 13:56 - 2006-11-02 14:47 - 00374280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-31 22:15 - 2013-05-21 21:45 - 00000000 ____D () C:\ProgramData\AAV
2014-07-31 21:58 - 2014-07-31 21:58 - 00002082 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-07-31 21:58 - 2013-05-21 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2014-07-31 21:55 - 2013-05-21 21:46 - 00000000 ____D () C:\Program Files\Akademische Arbeitsgemeinschaft
2014-07-31 09:01 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-30 23:00 - 2013-08-16 22:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-30 22:58 - 2008-07-08 16:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-30 22:58 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-23 10:52 - 2009-10-11 19:11 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-07 20:54 - 2014-07-07 20:54 - 00000000 ____D () C:\Users\********************\AppData\Local\Adobe
Some content of TEMP:
====================
C:\Users\********************\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\********************\AppData\Local\Temp\AskSLib.dll
C:\Users\********************\AppData\Local\Temp\avgnt.exe
C:\Users\********************\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\********************\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\********************\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\********************\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\********************\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\********************\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\********************\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\********************\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\********************\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\********************\AppData\Local\Temp\install_reader10_de_gtbd_chrd_dn_aaa_aih.exe
C:\Users\********************\AppData\Local\Temp\jinstaller142_19.exe
C:\Users\********************\AppData\Local\Temp\ResetDevice.exe
C:\Users\********************\AppData\Local\Temp\WEB.DE_Sicherheitsupdate_Sep2012_Setup.exe
C:\Users\********************\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
C:\Users\********************\AppData\Local\Temp\WEB.DE_Toolbar_IE_Special.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-06 10:24
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:5-08-2014
Ran by ******************** at 2014-08-06 22:13:04
Running from F:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
Avira (HKLM\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CVE-2012-4969 (HKLM\...\{777afb2a-98e5-4f14-b455-378a925cae15}.sdb) (Version: - )
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2403 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.0.3825 - CyberLink Corp.)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 2 Runtime Environment, SE v1.4.2_19 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142190}) (Version: 1.4.2_19 - Sun Microsystems, Inc.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: .2406 - CyberLink Corp.)
LightScribe System Software 1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.300.05.00.382 - Huawei Technologies Co.,Ltd)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Ihr Firmenname)
Play AVStation (Version: 4.1.20.50 - Ihr Firmenname) Hidden
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - )
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 5.0.3927 - CyberLink Corp.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corp.)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 085120(3.7)_Vista_SSPC - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.5 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden
Saturn Fotoservice (HKLM\...\Saturn Fotoservice) (Version: - )
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
04-08-2014 22:40:52 Geplanter Prüfpunkt
05-08-2014 18:42:08 Geplanter Prüfpunkt
05-08-2014 19:21:14 TestHF
06-08-2014 06:42:54 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3048F55A-A266-40E3-8960-C82CC5E9F0A2} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-05] (Samsung Electronics Co., Ltd.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3E21E1AC-D61F-4D06-85AE-7BA3CE25479D} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {56FC5C7B-173D-4CF6-8A5E-EACC301EBB6F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics)
Task: {5EED903F-59ED-47CB-AE85-86E979AD1AFE} - System32\Tasks\Security Center Update - 2437663260 => C:\Users\********************\AppData\Roaming\Nawuka\yvigi.exe [2010-01-29] ()
Task: {A942CD87-3FE4-4614-8EAE-D88F98E2D3EB} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {CE3C7B64-1AB7-4FA9-83BD-864EC211E4D1} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Security Center Update - 2437663260.job => C:\Users\********************\AppData\Roaming\Nawuka\yvigi.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2008-07-08 16:26 - 2006-12-19 15:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-07-08 16:32 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2008-07-08 16:31 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-07-08 16:31 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2007-07-12 06:55 - 2007-07-12 06:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 06:59 - 2007-08-14 06:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 06:55 - 2007-07-12 06:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-08-06 08:56 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\********************\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-01-29 16:30 - 2010-01-29 16:30 - 00374784 _____ () C:\Users\********************\AppData\Roaming\Nawuka\yvigi.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/06/2014 10:09:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung SynTPEnh.exe, Version 10.1.2.0, Zeitstempel 0x472258c9, fehlerhaftes Modul SynTPEnh.exe, Version 10.1.2.0, Zeitstempel 0x472258c9, Ausnahmecode 0xc0000409, Fehleroffset 0x00028ffc,
Prozess-ID 0xd24, Anwendungsstartzeit SynTPEnh.exe0.
Error: (08/06/2014 01:10:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16464, Zeitstempel 0x50ec971b, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fd1e,
Prozess-ID 0x1958, Anwendungsstartzeit iexplore.exe0.
Error: (08/06/2014 08:51:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/06/2014 08:34:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16464, Zeitstempel 0x50ec971b, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fd1e,
Prozess-ID 0x172c, Anwendungsstartzeit iexplore.exe0.
Error: (08/06/2014 08:18:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16464, Zeitstempel 0x50ec971b, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fd1e,
Prozess-ID 0x13c4, Anwendungsstartzeit iexplore.exe0.
Error: (08/05/2014 11:16:45 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{ebd4c5ad-973d-11dd-87de-806e6f6e6963} - 00000144,0x0053c028,00808AF0,0,00807AE8,4096,[0])". hr = 0x8007045d.
Vorgang:
Maximale Größe des Vergleichsbereichs wird geändert
Kontext:
Volumename: \\?\Volume{ebd4c5ad-973d-11dd-87de-806e6f6e6963}\
Vergleichsbereichvolume: \\?\Volume{ebd4c5ad-973d-11dd-87de-806e6f6e6963}\
Maximale Vergleichsbereichgröße: 23207293132
Error: (08/05/2014 11:16:45 PM) (Source: System Restore) (EventID: 8199) (User: )
Description: Fehler beim Initiieren der Systemwiederherstellung (SteuerSparErklärung 2014 wurde installiert.).
Error: (08/05/2014 11:16:45 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{ebd4c5ad-973d-11dd-87de-806e6f6e6963} - 00000144,0x0053c06c,00808AF0,0,00807AE8,4096,[0])". hr = 0x8007045d.
Vorgang:
Maximale Größe des Vergleichsbereichs wird geändert
Kontext:
Volumename: \\?\Volume{ebd4c5ad-973d-11dd-87de-806e6f6e6963}\
Vergleichsbereichvolume: \\?\Volume{ebd4c5ad-973d-11dd-87de-806e6f6e6963}\
Maximale Vergleichsbereichgröße: 18446744073709551615
Error: (08/05/2014 10:59:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/05/2014 09:42:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000008, Fehleroffset 0x000744cc,
Prozess-ID 0x2c4, Anwendungsstartzeit Explorer.EXE0.
System errors:
=============
Error: (08/06/2014 08:57:30 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/06/2014 08:51:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (08/06/2014 08:49:14 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error: (08/06/2014 08:49:14 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error: (08/06/2014 08:49:14 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error: (08/06/2014 08:49:14 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error: (08/06/2014 08:49:14 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error: (08/06/2014 08:49:14 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error: (08/06/2014 08:49:14 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error: (08/06/2014 08:49:14 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Microsoft Office Sessions:
=========================
Error: (11/08/2010 10:51:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15828 seconds with 7320 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2008-07-25 13:44:09.879
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2008-07-25 13:44:09.864
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2008-07-25 13:44:09.864
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2008-07-25 13:44:09.848
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3065.88 MB
Available physical RAM: 1606.52 MB
Total Pagefile: 6354.91 MB
Available Pagefile: 4312.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1874.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:144.09 GB) (Free:85.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144 GB) (Free:143.88 GB) NTFS
Drive f: (PKBACK# 001) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: B6394A61)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 489 MB) (Disk ID: A9194E25)
Partition 1: (Active) - (Size=489 MB) - (Type=06)
==================== End Of Log ============================
Ich hoffe sehr, Ihr könnt helfen. Ich habe zwar ein "Systemwiederherstellungsmedium" von Samsung, weiß aber nicht damit umzugehen, z.B. ob da das ganze Betriebssystem drauf ist und auch die Office-Produkte ... Weitere DVDs gabs beim Kauf nicht dazu. Viele Grüße, Heinz. |
| Themen zu Vista - viele iexplore.exe-Prozesse, Rechner wird langsam |
| adware, antivir, antivirus, bluescreen, desktop, device driver, email, entfernen, excel, home, langsam, port, realtek, registry, rundll, security, server, services.exe, software, svchost.exe, system, trojaner, virus, vista, windows, wlan |
Baum-Darstellung