Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Hijackthis logfile nach virenbedingter Systemwiederherstellung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.12.2010, 00:25   #1
ruthmeral
 
Hijackthis logfile nach virenbedingter Systemwiederherstellung - Standard

Hijackthis logfile nach virenbedingter Systemwiederherstellung



Liebes Forum,

ich hatte heute ein massives Virenproblem mit einem fake Antivirusprogramm, das meinen gesamten Computer lahmgelegt hat. Konnte zum Glück hier im Forum einen Beitrag dazu finden und habe dann mein System wiederherstellen lassen. Nun hieß es in dem Beitrag auch, dass man nach der Wiederherstellung sein HijackThis logfile posten soll. Könnt ihr mir bitte sagen, ob mein Rechner jetzt virenfrei und sicher ist?

Lieben Gruß,
Ruth
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:14:20, on 06.12.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Windows\system32\wuauclt.exe
c:\Users\ruthmeral\Downloads\HiJackThis204.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Windows\TEMP\E_SFAF7.tmp" /EF "HKCU"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\ruthmeral\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
 
--
End of file - 7642 bytes
         
--- --- ---

Alt 06.12.2010, 17:10   #2
rea
/// Helfer-Team
 
Hijackthis logfile nach virenbedingter Systemwiederherstellung - Standard

Hijackthis logfile nach virenbedingter Systemwiederherstellung



Hallo ruthmeral,

schauen wir besser etwas genauer nach


1.) Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.






2.) Gmer - Rootkitscan
Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    ATTFilter
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
             
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
__________________

__________________

Alt 06.12.2010, 20:08   #3
ruthmeral
 
Hijackthis logfile nach virenbedingter Systemwiederherstellung - Standard

Hijackthis logfile nach virenbedingter Systemwiederherstellung



Hi rea,

dake für deine Antwort!
Ich habe Schritt 1) komplett machen können, hier die Logfiles:
Code:
ATTFilter
OTL Extras logfile created on: 06.12.2010 20:00:17 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\ruthmeral\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,15 Gb Total Space | 48,82 Gb Free Space | 55,38% Space Free | Partition Type: NTFS
Drive D: | 50,89 Gb Total Space | 50,81 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
 
Computer Name: RUTHMERAL-PC | User Name: ruthmeral | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35022BA8-F78E-42E2-BCC6-86375ABF6664}" = lport=445 | protocol=6 | dir=in | app=system | 
"{37F940DD-853A-49DE-9213-22805D7B6842}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{39AD47B5-0668-4715-B1D1-F8FE2A6B2BF9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3BA9B1F6-410F-474E-9554-D37DDF1958DE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{54014D48-D0F2-44C2-A726-3805099F86B2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{62E8CE25-FB30-4987-88DF-D640C9C2C779}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7354BA13-D452-4572-B8F3-0010DC8B4423}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B17C4238-BFEE-4DC1-9417-6E7CF2AC0918}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C3B906ED-6F29-416D-9792-C5875AF87EB4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C726397B-2F22-45AC-8E9E-0B411B2A56C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{CCF3BD2A-BA0B-4741-893C-0DE9E20F573E}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CDE996-E1B6-437D-A120-34B59993EB25}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1958473D-E642-4CA1-BC96-5743F1606E7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{340E9C23-DE14-44A6-8125-7D130B271D4B}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{463BBACC-C624-49CD-957F-6BFCFA00F9CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8F7C56A6-F9C3-45A8-BB11-4E0A9BF92617}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{92D5E5CB-9840-46A3-B32F-EC801A2FB748}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AF554E26-FCB4-429F-A906-794A62BC151D}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{B991874F-400E-4268-8E0D-B006482C7524}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C0AAD67B-D63D-44FF-AA1F-F1C14E753317}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D078DE76-2038-44C8-B69B-B1AC2A43A1CA}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E65727EE-C5DD-43CC-87C1-2EE5BE582A5C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{824FBDCF-00EC-4E56-8DA3-0BA6B8B71AA5}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{A0CFD0B0-D893-4D81-8BA5-0632220FD1DD}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{CE8E0072-F404-41BA-8104-396ADB11BBFB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{F87D4B81-1442-4530-B3C7-8CA9538BF216}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"UDP Query User{4F870C1E-0002-4A52-A5F8-9EA0CF94F565}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"UDP Query User{60E61A42-762A-4B79-A6AF-28344763A6FF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{8D61CF19-B8F8-480A-90CC-DB4413E41B6C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{A4C5A896-BFD4-4B4A-9DB4-596BFFDD6325}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0795AE80-E3AD-C109-D0ED-127454F7947D}" = CCC Help Czech
"{09C07EA5-2B33-D6A8-82EE-96E2EFB50933}" = Catalyst Control Center Localization German
"{0BDD74BD-5919-45DC-8DBD-FD9A7FFBEE7D}" = Catalyst Control Center Localization Czech
"{0DA98A0B-E9AA-7D76-9FFB-09666B57B977}" = CCC Help Japanese
"{113784E4-001C-F3B0-BB12-30301C352D5A}" = CCC Help Chinese Standard
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{15343122-1A4C-84D1-F14C-19DAD9C3E170}" = Catalyst Control Center Localization Chinese Traditional
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1ABD9408-C1DC-EF1F-40E8-2D9A6531CDA3}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{230441A3-AEFA-1008-6874-E00CCD863C1B}" = ccc-utility
"{2376F2D7-47F6-7D31-454C-50B3E7B04D79}" = CCC Help English
"{26E0A023-F45C-F529-D820-180FDAFA2CF5}" = Catalyst Control Center Localization French
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{39B1744D-0561-20FD-10BC-462349B2CD17}" = Catalyst Control Center Core Implementation
"{3EA29C6A-F433-2CFA-9343-A30061A31D40}" = Catalyst Control Center Graphics Light
"{4818083E-ADDE-37BD-7C86-4B72C7D96692}" = CCC Help Greek
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4C4B9522-FD03-D17C-1A00-8EBC02CA5AC2}" = CCC Help French
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4E271D3B-6105-525A-885D-72330974AABF}" = Catalyst Control Center Localization Spanish
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{535D722D-3CD3-7B2B-0D2A-8205AB81702D}" = Catalyst Control Center Localization Italian
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{583ACB37-3139-562A-6279-0158480F2277}" = Catalyst Control Center Localization Japanese
"{59C4B635-2E5A-1141-C0E5-004FC4D196F4}" = CCC Help Thai
"{5CE3E15C-6E1D-A3FE-2E35-F40E83DDF68D}" = CCC Help German
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F6A4850-DDBE-DA71-0B73-10170D2A4E55}" = Catalyst Control Center Localization Korean
"{60B08761-8B36-4C10-51DC-C68AEA125612}" = CCC Help Turkish
"{640BBCC1-792B-8FF8-D5FF-EA185F1352BA}" = CCC Help Hungarian
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6B32EF07-8A23-4824-91BD-B0F24E50E974}" = Install McAfee
"{6D69A81D-B087-BFB2-DD8C-EF5FF34FBEC1}" = Catalyst Control Center Localization Norwegian
"{6EDE839E-B81A-28F0-5A7D-51A7128A1FD5}" = Catalyst Control Center Localization Greek
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{72F32AF2-2FA3-E6A0-D3D5-047691462436}" = CCC Help Danish
"{733D4DE8-14B8-EF66-CE77-160C0EC92913}" = CCC Help Swedish
"{74641F41-CE39-EA12-CD69-6903FD17544C}" = Catalyst Control Center Localization Turkish
"{74D5CF76-2DA9-7105-0BCB-3ACE774F478A}" = CCC Help Polish
"{76C1FD00-E569-A09E-E128-87B81203F6AA}" = CCC Help Portuguese
"{80574E0C-36A8-7974-0460-8B93A96A601E}" = Catalyst Control Center Graphics Full New
"{81E677EB-392F-FC88-7498-9506248689B4}" = CCC Help Italian
"{82310404-A89C-D870-769F-005031AFFD9B}" = CCC Help Spanish
"{861CD9E0-D0CE-00DA-20F7-DA8869E0954E}" = Catalyst Control Center Graphics Full Existing
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8B14B6B8-342F-9556-46CA-D948734245D6}" = Catalyst Control Center Localization Dutch
"{8BF358A1-F53D-FF72-C844-FC4A4CE79B97}" = Catalyst Control Center Localization Hungarian
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{92C8DAA6-A0FA-DBDE-0464-5BEFAB4AB1B4}" = Catalyst Control Center Localization Chinese Standard
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{997AEC5C-8E66-48A9-5149-E3E03F05710C}" = CCC Help Korean
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD4CEE8C-0AF0-B4B2-D64B-7CCF70BD60B6}" = Catalyst Control Center Localization Russian
"{AE5906D7-1980-EA3B-711E-4BA92F0B70AA}" = Catalyst Control Center Localization Swedish
"{AF2F91EE-EF88-DB9A-5A0F-6E8B8C8901EA}" = Catalyst Control Center Localization Thai
"{AF97A9E8-155E-25C3-AAC2-377E3C2F8CE1}" = CCC Help Dutch
"{B161098B-279B-399C-63AC-68D1AECA98B8}" = CCC Help Chinese Traditional
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BE52510A-0CC8-EB71-9405-07E2B369526E}" = Catalyst Control Center Localization Portuguese
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8167567-C053-7355-A2DE-DFD50B5E9F90}" = CCC Help Russian
"{C93F1C40-29E8-1351-3CAB-35DBBA6843F3}" = CCC Help Finnish
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC49762-9664-28B4-97F3-24DA91618CBC}" = CCC Help Norwegian
"{DF85F51D-6908-5B09-FA13-5B3376C640E1}" = Skins
"{E380FD9E-D9AD-A7FF-2986-6A906836D79E}" = Catalyst Control Center Graphics Previews Vista
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E63BD217-4154-3693-595B-0A6F38C611C1}" = Catalyst Control Center Localization Danish
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9EFEA79-C84D-45BA-7037-4DC356790BF8}" = ccc-core-static
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA340E1B-0840-8F61-32CF-7A5A99A2C854}" = Catalyst Control Center Localization Polish
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FE6D4D2B-154C-1485-81B8-D2F6F5C5CF30}" = Catalyst Control Center Localization Finnish
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"EPSON SX210 Series" = Druckerdeinstallation für EPSON SX210 Series
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Miranda IM" = Miranda IM 0.9.9
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Pidgin" = Pidgin
"PROHYBRIDR" = 2007 Microsoft Office system
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUpMedia" = TuneUp Companion 1.9.0
"Uninstall_is1" = Uninstall 1.0.0.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.12.2010 15:45:08 | Computer Name = ruthmeral-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3951 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 24c  Anfangszeit: 01cb94b3a580ab60  Zeitpunkt der Beendigung:
 32
 
Error - 05.12.2010 15:51:05 | Computer Name = ruthmeral-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3951, Zeitstempel
 0x4cc7add9, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00042e7b,  Prozess-ID 0xe78, Anwendungsstartzeit
 01cb94b4f55c96c0.
 
Error - 05.12.2010 15:51:11 | Computer Name = ruthmeral-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 7.0.8.218, Zeitstempel
 0x446abf60, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0c2eff4c,  Prozess-ID 0x15e4, Anwendungsstartzeit
 01cb94b5be7ec320.
 
Error - 05.12.2010 16:07:13 | Computer Name = ruthmeral-PC | Source = VSS | ID = 12289
Description = 
 
Error - 05.12.2010 16:18:17 | Computer Name = ruthmeral-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 05.12.2010 17:07:55 | Computer Name = ruthmeral-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 05.12.2010 18:22:40 | Computer Name = ruthmeral-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 05.12.2010 18:42:44 | Computer Name = ruthmeral-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 05.12.2010 20:13:30 | Computer Name = ruthmeral-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 06.12.2010 03:17:40 | Computer Name = ruthmeral-PC | Source = WerSvc | ID = 5007
Description = 
 
[ System Events ]
Error - 01.11.2010 09:11:41 | Computer Name = ruthmeral-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.11.2010 09:27:42 | Computer Name = ruthmeral-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 01.11.2010 10:51:09 | Computer Name = ruthmeral-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.11.2010 12:25:15 | Computer Name = ruthmeral-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 2, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.11.2010 12:25:15 | Computer Name = ruthmeral-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 5, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.11.2010 12:25:15 | Computer Name = ruthmeral-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.11.2010 12:25:16 | Computer Name = ruthmeral-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.11.2010 12:25:34 | Computer Name = ruthmeral-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
 
Error - 01.11.2010 12:27:16 | Computer Name = ruthmeral-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.11.2010 12:34:12 | Computer Name = ruthmeral-PC | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 06.12.2010 20:00:17 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\ruthmeral\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,15 Gb Total Space | 48,82 Gb Free Space | 55,38% Space Free | Partition Type: NTFS
Drive D: | 50,89 Gb Total Space | 50,81 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
 
Computer Name: RUTHMERAL-PC | User Name: ruthmeral | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.06 19:22:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ruthmeral\Downloads\OTL.exe
PRC - [2010.11.04 21:04:21 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.04 21:04:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.04 21:04:20 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.10.31 05:15:43 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.30 03:14:35 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.27 07:13:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.10.27 07:13:18 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.05.20 22:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 22:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.12.04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.08.08 00:01:08 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.06.29 00:15:06 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2007.06.28 10:57:52 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2007.06.13 05:11:30 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.01 11:36:00 | 000,684,032 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2007.04.26 03:20:48 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2007.04.24 13:49:02 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007.04.24 10:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.11.02 13:35:35 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Games\Solitaire\Solitaire.exe
PRC - [2006.10.05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.04.14 02:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.06 19:22:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ruthmeral\Downloads\OTL.exe
MOD - [2006.11.02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.04 21:04:21 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.04 21:04:20 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.08.08 00:01:07 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.28 10:54:42 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006.10.05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM)
DRV - [2010.11.23 18:24:56 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.04 21:04:21 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.08.07 23:41:48 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007.08.07 01:30:52 | 002,601,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.08.07 01:30:52 | 002,601,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.06.18 10:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.06.11 23:05:34 | 001,787,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.05.03 02:14:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.04.26 02:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007.03.29 19:46:22 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007.03.23 07:40:54 | 000,182,584 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.02.27 06:20:28 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007.02.27 06:20:24 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.08 08:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006.11.02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 20:07:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.31 20:07:57 | 000,000,000 | ---D | M]
 
[2010.10.29 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\ruthmeral\AppData\Roaming\mozilla\Extensions
[2010.12.06 01:24:40 | 000,000,000 | ---D | M] -- C:\Users\ruthmeral\AppData\Roaming\mozilla\Firefox\Profiles\9xtv64ye.default\extensions
[2010.11.01 23:16:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ruthmeral\AppData\Roaming\mozilla\Firefox\Profiles\9xtv64ye.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.10 16:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ruthmeral\AppData\Roaming\mozilla\Firefox\Profiles\9xtv64ye.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.30 13:31:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ruthmeral\AppData\Roaming\mozilla\Firefox\Profiles\9xtv64ye.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.10.29 21:55:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.29 21:55:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\ruthmeral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\ruthmeral\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.30 22:31:44 | 000,125,328 | ---- | C] (Deterministic Networks, Inc.) -- C:\Windows\System32\drivers\dne2000.sys
[2010.11.30 22:31:44 | 000,106,768 | ---- | C] (Deterministic Networks, Inc.) -- C:\Windows\System32\dneinobj.dll
[2010.11.30 22:30:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Deterministic Networks
[2010.11.30 22:30:21 | 000,000,000 | ---D | C] -- C:\Programme\Cisco Systems
[2010.11.11 22:35:03 | 000,000,000 | ---D | C] -- C:\Programme\TuneUpMedia
[2010.11.11 22:35:01 | 000,000,000 | ---D | C] -- C:\Users\ruthmeral\AppData\Roaming\TuneUpMedia
[2010.11.11 22:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010.11.11 22:34:24 | 000,000,000 | ---D | C] -- C:\Users\ruthmeral\AppData\Roaming\Azureus
[2010.11.11 22:31:59 | 000,000,000 | ---D | C] -- C:\Programme\Vuze
[2010.11.10 18:34:21 | 000,000,000 | ---D | C] -- C:\Users\ruthmeral\AppData\Roaming\DivX
[2010.11.10 18:33:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.11.10 18:33:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2010.11.10 18:32:47 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.11.10 18:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.11.10 17:13:12 | 000,000,000 | ---D | C] -- C:\Users\ruthmeral\Documents\Fachschaft
[2010.11.10 16:49:18 | 000,000,000 | ---D | C] -- C:\Users\ruthmeral\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.10 16:48:53 | 000,000,000 | ---D | C] -- C:\Users\ruthmeral\Documents\DVDVideoSoft
[2010.11.10 16:48:23 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.11.10 16:48:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.11.08 23:08:45 | 000,000,000 | ---D | C] -- C:\Users\ruthmeral\Documents\RadioQ
[2006.11.24 06:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 06:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.06 19:33:33 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.06 19:33:33 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.06 18:37:30 | 000,698,314 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.06 18:37:30 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.06 18:37:30 | 000,140,232 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.06 18:37:30 | 000,121,446 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.06 18:35:14 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6509F44F-A497-426E-B87F-BEFA32544932}.job
[2010.12.06 18:33:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.06 08:09:24 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.06 02:08:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.30 22:32:42 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010.11.30 22:30:29 | 000,001,982 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010.11.29 15:45:42 | 000,008,192 | ---- | M] () -- C:\Users\ruthmeral\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.23 18:24:56 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2010.11.30 22:30:29 | 000,001,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010.11.30 22:30:07 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2010.11.22 18:24:20 | 2145,566,720 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.01 23:01:09 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.11.01 17:43:00 | 000,008,192 | ---- | C] () -- C:\Users\ruthmeral\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.29 21:55:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007.08.07 23:50:59 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2007.08.07 23:50:59 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2007.08.07 06:06:44 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.08.07 06:06:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.04.24 10:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.02.15 08:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 09:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.09 02:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.11.13 03:30:27 | 000,000,000 | ---D | M] -- C:\Users\ruthmeral\AppData\Roaming\.purple
[2010.11.12 04:04:12 | 000,000,000 | ---D | M] -- C:\Users\ruthmeral\AppData\Roaming\Azureus
[2010.11.10 16:49:18 | 000,000,000 | ---D | M] -- C:\Users\ruthmeral\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.01 23:14:37 | 000,000,000 | ---D | M] -- C:\Users\ruthmeral\AppData\Roaming\Epson
[2010.10.29 22:03:41 | 000,000,000 | ---D | M] -- C:\Users\ruthmeral\AppData\Roaming\gtk-2.0
[2010.10.29 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\ruthmeral\AppData\Roaming\Miranda
[2010.10.29 20:08:33 | 000,000,000 | ---D | M] -- C:\Users\ruthmeral\AppData\Roaming\OpenOffice.org
[2010.10.29 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\ruthmeral\AppData\Roaming\TP
[2010.11.12 20:43:30 | 000,000,000 | ---D | M] -- C:\Users\ruthmeral\AppData\Roaming\TuneUpMedia
[2010.12.06 02:08:39 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.06 18:35:14 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6509F44F-A497-426E-B87F-BEFA32544932}.job
 
========== Purity Check ==========
 
 

< End of report >
         
Was Schritt 2) angeht:

Habe alles genau befolgt und den GMER scan gestartet, der lief auch anfangs glatt, bis zu einem bestimmten Punkt, wo unten links etwas angezeigt wurde, ich glaube es war \cfds oder \cdfs. Dann hängte sich der Computer auf, zweimal ist mir das passiert...

Ich habe ihn dann einfach ausgeschaltet und neu gestartet. Was hat das zu bedeuten? Hätte ich warten sollen, ob noch was passiert? Es funktionierte halt nix mehr, auch kein Strg Alt Entf...

Lieben Gruß,
Ruth
__________________

Alt 07.12.2010, 18:09   #4
rea
/// Helfer-Team
 
Hijackthis logfile nach virenbedingter Systemwiederherstellung - Standard

Hijackthis logfile nach virenbedingter Systemwiederherstellung



Hallo Ruthmeral,

habe oben vergessen, meine Hinweise zu posten. deswegen hier nochmal (Bitte beachten!):

  • Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.
  • Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst - doofe Fragen gibt es nicht.
  • Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.
  • Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.
  • Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.
  • Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.
  • Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.
  • Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis



Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen.



Deine Logs sehen okay aus, bis auf den Punkt Systemaktualität. Du hast da ein uraltes System mit lauter Sicherheitslöchern! Dir fehlen alle Vista-Servicepacks und dein Adobe Reader ist auch nicht aktuell, genau wie dein Internet Explorer. Du solltest das alles am besten noch aktualisieren, aber warte jetzt bitte noch ab, ich poste dir später dazu noch passende Anleitungen..

Weißt du noch, welches Fake-Antivirenprogramm du vor der Systemwiederherstellung auf dem System hattest, also den Namen? Ich sehe, dass du Malwarebytes installiert hast, hast du damit einen Scan gemacht und wurde etwas gefunden, poste mir bitte das Log/die Logs davon (Malwarebytes starten, Reiter Logdateien).
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Antwort

Themen zu Hijackthis logfile nach virenbedingter Systemwiederherstellung
adobe, antivir guard, avg, avira, bho, bonjour, computer, converter, defender, desktop, firefox, hijack, hijackthis, hijackthis logfile, internet, internet explorer, logfile, mozilla, mp3, problem, rundll, software, system, vista, windows



Ähnliche Themen: Hijackthis logfile nach virenbedingter Systemwiederherstellung


  1. langsamer pc nach systemwiederherstellung :(
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (21)
  2. run.dll fehlt nach systemwiederherstellung nach einem virus
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (22)
  3. Gvu trojaner nach systemwiederherstellung
    Log-Analyse und Auswertung - 07.11.2012 (15)
  4. GVU Trojaner - was tun nach Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (42)
  5. Virenfrei nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  6. javaw.exe will nach draussen - hijackthis logfile Auswertung in Ordnung?
    Log-Analyse und Auswertung - 13.06.2012 (2)
  7. Laptop friert nach dem starten sofort ein (nach Systemwiederherstellung)
    Alles rund um Windows - 15.05.2012 (2)
  8. BKA Trojaner nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (7)
  9. Bundespolizeiamt weg nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (7)
  10. Log nach Systemwiederherstellung
    Log-Analyse und Auswertung - 06.01.2011 (1)
  11. hijackthis logfile nach virusbekämpfung
    Log-Analyse und Auswertung - 22.07.2010 (1)
  12. HijackThis Logfile nach Trojaner "Security Tool"
    Log-Analyse und Auswertung - 18.01.2010 (1)
  13. HiJackThis + Malewarebytes Logfile nach Vierenbefall
    Log-Analyse und Auswertung - 27.09.2009 (20)
  14. HijackThis Logfile nach Formatierung
    Log-Analyse und Auswertung - 20.12.2008 (0)
  15. HijackThis-Logfile nach Trojanerentfernung - bitte mit draufschauen :-)
    Log-Analyse und Auswertung - 22.08.2008 (5)
  16. HijackThis-Logfile nach Entfernung Trojaner
    Mülltonne - 15.08.2008 (0)
  17. systemwiederherstellung nach virus
    Alles rund um Windows - 08.12.2007 (1)

Zum Thema Hijackthis logfile nach virenbedingter Systemwiederherstellung - Liebes Forum, ich hatte heute ein massives Virenproblem mit einem fake Antivirusprogramm, das meinen gesamten Computer lahmgelegt hat. Konnte zum Glück hier im Forum einen Beitrag dazu finden und habe - Hijackthis logfile nach virenbedingter Systemwiederherstellung...
Archiv
Du betrachtest: Hijackthis logfile nach virenbedingter Systemwiederherstellung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.