Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: nach Virus Desktop schwarz

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.09.2010, 19:38   #1
Franzi5385
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



Hey zusammen,

ich habe heute ahnungslos meinen Computer gestartet und war kurz auf der MSN Homepage als mir Antivir einen Haufen Trojanerwarnungen angab. Ich habe sie alle gelöscht und wollte einen Scan machen, aber der Virus hat wohl mein Antivir ausgesetzt, denn nichts geht mehr. Zudem funzte mein Internet nicht mehr. Ich habe also neugestartet. Er hat auch geladen und ich hatte auch den blauen Startbildschirm auf dem steht, dass er lädt und Willkommen bei Windows 7 blabla aber nach dem Laden wird der Bildschirm einfach schwarz. Ich kann nur meine Maus sehen und den Task-Manager öffnen. Also hab ich mir den CCleaner und Malwarebytes auf einen Stick gezogen und über den Task-Manager gestartet. Bei beiden Systemscans hat er ne Menge Sachen gefunden, die ich alle gelöscht habe. Nur ist mein Bildschirm immer noch schwarz....grrrrrrr....
Hat jemand eine Idee. Es gibt eine Menge ähnlicher Fälle in verschiedenen Foren, aber alle doch irgendwie anders als meiner.
Wäre super froh über einfache Hilfe, hab zwar ein bisschen Ahnung, bin aber trotzdem nur ein ahnungsloses Mädchen

Alt 11.09.2010, 19:40   #2
markusg
/// Malware-holic
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



öffne mal malwarebytes, logdateien und poste das scan log.
wie sieht es aus, kommst du in den abgesicherten modus? ist bei den meisten pcs die f8-taste drücken bei pc start, wenn ja, nutze dort combofix und poste das log.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________


Alt 11.09.2010, 19:47   #3
Franzi5385
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



ok hier ist die log datei vom ersten scan mit malewarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.09.2010 18:01:59
mbam-log-2010-09-11 (18-01-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 301158
Laufzeit: 6 Stunde(n), 30 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\cfdrive32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.




combofix kommt gleich nach. Danke für deine schnelle Antwort
__________________

Alt 11.09.2010, 19:53   #4
markusg
/// Malware-holic
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



kein problem :-)

Alt 11.09.2010, 20:13   #5
Franzi5385
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



mhhh also combofix scheint nicht richtig zu funktionieren. Er startet den scan und nach ein paar Minuten sagt er, dass er Rootaktivitäten entdeckt hat und neustarten muss. Das ganze Spiel hatten wir jetzt dreimal....
hab mal über HijackThis ein logfile gemacht, vll bringt das was:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:49, on 11.09.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\rundll32.exe
F:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=93&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=93&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 122.224.6.164 cao.iwillhavebigdick.com
O1 - Hosts: 173.192.153.178 www.888.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {60FB86A3-32C0-4A66-B5E0-45CA6EFF6137} - c:\windows\system32\dlo5ace.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [WinSat] winsat dwm -xml results.xml
O4 - HKCU\..\Run: [Google Update] "C:\Users\Franzi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HPADVISOR] c:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [a5x3tq] C:\Users\Franzi\AppData\Local\Temp\202fbh.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer CH DE\EFUploadSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

--
End of file - 9064 bytes
         
--- --- ---



grüsse,
franzi


Alt 11.09.2010, 20:15   #6
markusg
/// Malware-holic
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



ok versuche
Lade
http://filepony.de/download-defogger/
herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.

• Es öffnet sich das Programm-Fenster des Tools.
• Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
• Klicke Ja, um fortzufahren.
• Wenn die Nachricht 'Finished!' erscheint,
• klicke OK.
• DeFogger wird nun einen Reboot erfragen - klicke OK
• Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.

und danach combofix

Alt 11.09.2010, 20:26   #7
Franzi5385
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



defogger funktioniert bis "Finished", er fragt aber nicht nach einem Reboot...

Alt 11.09.2010, 20:34   #8
markusg
/// Malware-holic
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



dann führe ihn mal per hand aus. hast du combofix auch im abgesicherten modus ausgeführt?

Alt 11.09.2010, 20:37   #9
Franzi5385
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



öhh nein... aber ich komme nicht wirklich rein. Vorhin hats geklappt, aber jetzt grad nicht. Ich versuchs weiter...
Du meinst also, dass ich defogger starten soll und nach finish mache ich einen normalen Neustart, gehe aber in den abgesicherten modus? oder muss defogger auch im abgesicherten modus gestartet werden?

Alt 11.09.2010, 20:38   #10
markusg
/// Malware-holic
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



nein, nach defogger in den abgesicherten modus starten bitte.

Alt 11.09.2010, 20:48   #11
Franzi5385
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



keine chance, ich komme nicht in den verdammten abgesicherten modus... ich schmeisse´das ding gleich aus dem fenster...

Alt 11.09.2010, 20:50   #12
markusg
/// Malware-holic
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



ok versuchen wir was anderes.
1. öffne malwarebytes, registerkarte aktualisierung, programm updaten, mache dann nen komplett scan, funde löschen, log posten.
2.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide logs posten

Alt 11.09.2010, 20:54   #13
Franzi5385
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



ok bin im abgesicherten modus. allerdings war dazu ein kaltstart nötig und ich weiss nicht ob der defogger dann aktiv ist?! ich lass jetzt grad combofix durchlaufen. mal schauen was passiert...

Alt 11.09.2010, 20:56   #14
Franzi5385
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



gut hat wieder neugestartet... probiere jetzt die andere Variante...

Alt 11.09.2010, 21:48   #15
Franzi5385
 
nach Virus Desktop schwarz - Standard

nach Virus Desktop schwarz



Hier schonmal die logs von OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.09.2010 21:24:25 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = F:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451,64 Gb Total Space | 242,56 Gb Free Space | 53,71% Space Free | Partition Type: NTFS
Drive D: | 14,12 Gb Total Space | 1,96 Gb Free Space | 13,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,45 Gb Total Space | 2,86 Gb Free Space | 38,44% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7,46 Gb Total Space | 6,77 Gb Free Space | 90,73% Space Free | Partition Type: FAT32
 
Computer Name: FRANZI-PC
Current User Name: Franzi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Gizmo\gservice.exe (Arainia Solutions)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - c:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\ExtraFilm Designer CH DE\EFUploadSrv.exe (Textalk AB)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - F:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\dlo5ACE.dll (aglrqmtrat Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\winnsi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\slc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\RpcRtRemote.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ncrypt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mssign32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\IPHLPAPI.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\bcrypt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Programme\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Programme\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\Programme\Microsoft CAPICOM 2.1.0.2\Lib\X86\capicom.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (wlviqgbn) -- C:\Windows\System32\dlo5ACE.dll (aglrqmtrat Corporation)
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3746.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Gizmo Central) -- C:\Programme\Gizmo\gservice.exe (Arainia Solutions)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (EFUploadSrv) -- C:\Program Files\ExtraFilm Designer CH DE\EFUploadSrv.exe (Textalk AB)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Franzi\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (GizmoDrv) -- C:\Windows\System32\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2691724045-2314604569-2155052543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-2691724045-2314604569-2155052543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2691724045-2314604569-2155052543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.22 11:23:36 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010.09.11 19:43:12 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: () - {60FB86A3-32C0-4A66-B5E0-45CA6EFF6137} - C:\Windows\System32\dlo5ACE.dll (aglrqmtrat Corporation)
O3 - HKU\S-1-5-21-2691724045-2314604569-2155052543-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF14261.cfx File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Software] C:\Programme\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Programme\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\RunOnce: []  File not found
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF14261.cfx File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: a5x3tq = C:\Users\Franzi\AppData\Local\Temp\202fbh.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: TaskMan - (C:\Users\Franzi\AppData\Roaming\ohydy.exe) - C:\Users\Franzi\AppData\Roaming\ohydy.exe (wcwC)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\web\Wallpaper\img11.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ca88f6a1-adba-11df-82dc-0026189921df}\Shell - "" = AutoRun
O33 - MountPoints2\{ca88f6a1-adba-11df-82dc-0026189921df}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.11 20:52:46 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.09.11 20:52:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.09.11 19:59:22 | 002,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2010.09.11 19:59:22 | 002,744,800 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.09.11 19:59:22 | 001,265,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2010.09.11 19:59:22 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.09.11 19:59:22 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2010.09.11 19:59:22 | 000,052,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2010.09.11 19:59:21 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010.09.11 19:59:21 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010.09.11 19:59:21 | 000,266,240 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010.09.11 19:59:21 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2010.09.11 19:59:21 | 000,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2010.09.11 19:49:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.09.11 19:49:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.09.11 19:49:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.09.11 19:48:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.09.11 19:48:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.09.11 12:24:21 | 000,729,600 | ---- | C] (aglrqmtrat Corporation) -- C:\Windows\System32\dlo5ACE.dll
[2010.09.11 11:26:02 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.09.11 11:00:04 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2010.09.11 10:59:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.11 10:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.11 10:59:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.11 10:59:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.11 10:52:31 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.09.11 10:17:34 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Local\cnuygikyr
[2010.09.11 10:17:33 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\eaaygqwhe
[2010.09.11 10:17:33 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Local\eaaygqwhe
[2010.09.11 10:17:32 | 000,106,496 | RHS- | C] (wcwC) -- C:\Users\Franzi\AppData\Roaming\ohydy.exe
[2010.09.11 10:17:18 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.08.29 13:12:11 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2010.08.29 13:11:46 | 000,000,000 | ---D | C] -- C:\Programme\uTorrent
[2010.08.29 13:11:32 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3
[2010.08.29 13:11:32 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.08.29 13:11:07 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\uTorrent
[2010.08.29 13:10:51 | 000,327,472 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Franzi\Desktop\utorrent2.0.3.exe
[2010.08.29 12:34:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.08.22 18:07:27 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\vlc
[2010.08.22 18:05:08 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.08.22 10:28:37 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\TSR
[2010.08.21 08:57:22 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Neuer Ordner
[2010.08.14 07:10:41 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.14 07:10:41 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.14 07:10:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.14 07:10:29 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.14 07:10:29 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.14 07:10:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.14 07:10:23 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.14 07:10:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.14 07:10:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.14 07:10:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.14 07:10:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.14 07:10:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.14 07:10:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.14 07:10:05 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.11 21:25:16 | 000,841,728 | ---- | M] () -- C:\Windows\System32\drivers\ovfmoi.sys
[2010.09.11 21:24:25 | 003,407,872 | -HS- | M] () -- C:\Users\Franzi\NTUSER.DAT
[2010.09.11 21:05:16 | 000,006,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.11 21:05:16 | 000,006,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.11 21:04:08 | 001,536,104 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.11 21:04:08 | 000,669,780 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.11 21:04:08 | 000,628,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.11 21:04:08 | 000,136,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.11 21:04:08 | 000,111,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.11 20:56:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.11 20:56:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.11 20:56:08 | 2791,186,432 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.11 20:27:57 | 000,000,305 | ---- | M] () -- C:\Users\Franzi\Desktop\ComboFix - Verknüpfung.lnk
[2010.09.11 20:18:37 | 000,000,020 | ---- | M] () -- C:\Users\Franzi\defogger_reenable
[2010.09.11 20:16:40 | 000,050,477 | ---- | M] () -- C:\Users\Franzi\Desktop\Defogger.exe
[2010.09.11 19:48:23 | 000,018,122 | ---- | M] () -- C:\results.xml
[2010.09.11 19:44:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2691724045-2314604569-2155052543-1000UA.job
[2010.09.11 19:43:12 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.09.11 12:24:21 | 000,729,600 | ---- | M] (aglrqmtrat Corporation) -- C:\Windows\System32\dlo5ACE.dll
[2010.09.11 11:05:41 | 000,106,052 | ---- | M] () -- C:\Users\Franzi\Desktop\cc_20100911_110454.reg
[2010.09.11 10:59:37 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 10:52:44 | 000,000,971 | ---- | M] () -- C:\Users\Franzi\Desktop\CCleaner.lnk
[2010.09.11 10:17:20 | 000,106,496 | RHS- | M] (wcwC) -- C:\Users\Franzi\AppData\Roaming\ohydy.exe
[2010.09.11 09:44:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2691724045-2314604569-2155052543-1000Core.job
[2010.09.10 23:35:07 | 002,705,782 | -H-- | M] () -- C:\Users\Franzi\AppData\Local\IconCache.db
[2010.09.10 15:45:05 | 000,002,235 | ---- | M] () -- C:\Users\Franzi\Desktop\Google Chrome.lnk
[2010.09.10 14:03:37 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Gib Gas-Accessoires.lnk
[2010.09.10 11:51:29 | 000,668,422 | ---- | M] () -- C:\Users\Franzi\Documents\praes06.pdf
[2010.08.29 13:11:05 | 000,327,472 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Franzi\Desktop\utorrent2.0.3.exe
[2010.08.22 09:48:28 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\TSR Launcher.lnk
[2010.08.21 09:04:36 | 000,001,809 | ---- | M] () -- C:\Users\Franzi\Desktop\UseNeXT.lnk
[2010.08.15 03:20:23 | 002,365,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.11 20:27:57 | 000,000,305 | ---- | C] () -- C:\Users\Franzi\Desktop\ComboFix - Verknüpfung.lnk
[2010.09.11 20:27:16 | 000,050,477 | ---- | C] () -- C:\Users\Franzi\Desktop\Defogger.exe
[2010.09.11 20:18:22 | 000,000,020 | ---- | C] () -- C:\Users\Franzi\defogger_reenable
[2010.09.11 19:49:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.09.11 19:49:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.09.11 19:49:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.09.11 19:49:48 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.09.11 19:49:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.09.11 19:48:23 | 000,018,122 | ---- | C] () -- C:\results.xml
[2010.09.11 11:05:34 | 000,106,052 | ---- | C] () -- C:\Users\Franzi\Desktop\cc_20100911_110454.reg
[2010.09.11 10:59:37 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 10:52:44 | 000,000,971 | ---- | C] () -- C:\Users\Franzi\Desktop\CCleaner.lnk
[2010.09.11 10:18:00 | 000,841,728 | ---- | C] () -- C:\Windows\System32\drivers\ovfmoi.sys
[2010.09.10 14:03:37 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Gib Gas-Accessoires.lnk
[2010.09.10 11:51:29 | 000,668,422 | ---- | C] () -- C:\Users\Franzi\Documents\praes06.pdf
[2010.08.22 09:48:28 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\TSR Launcher.lnk
[2010.03.03 10:45:38 | 002,747,253 | ---- | C] () -- C:\Users\Franzi\AppData\Local\tmpBILDER 118.JPG
[2010.02.12 23:47:37 | 000,000,025 | ---- | C] () -- C:\Users\Franzi\AppData\Roaming\bdfvconp.ini
[2010.01.22 11:10:07 | 000,001,160 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.01.20 21:41:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.29 17:09:45 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009.06.29 17:09:45 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2008.07.26 15:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== LOP Check ==========
 
[2010.01.22 09:36:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\BitDefender
[2010.09.11 10:17:57 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\C2EC17786274D80DF27A2E69F8A4852F
[2010.01.20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DAEMON Tools Lite
[2010.09.11 10:17:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\eaaygqwhe
[2010.03.21 20:55:31 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ExtraFilm
[2010.02.13 23:22:04 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Gizmo
[2010.01.30 14:55:46 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Leadertech
[2010.07.18 09:28:20 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\MudTV
[2010.03.14 20:57:46 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ProtectDisc
[2010.08.22 10:28:37 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TSR
[2010.09.10 15:29:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\UseNeXT
[2010.09.11 10:21:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\uTorrent
[2010.03.03 09:44:39 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\WinBatch
[2010.07.31 13:11:06 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance-Delay.job
[2010.07.31 10:00:28 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010.09.08 09:47:36 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.26 12:13:19 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Adobe
[2010.01.20 22:03:55 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Apple Computer
[2010.01.22 09:36:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\BitDefender
[2010.09.11 10:17:57 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\C2EC17786274D80DF27A2E69F8A4852F
[2010.01.20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DAEMON Tools Lite
[2010.09.11 10:17:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\eaaygqwhe
[2010.03.21 20:55:31 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ExtraFilm
[2010.02.13 23:22:04 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Gizmo
[2010.01.20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Hewlett-Packard
[2010.01.28 18:43:10 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\HP
[2010.01.20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\HP TCS
[2010.05.09 15:00:50 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Identities
[2010.01.30 14:55:46 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Leadertech
[2010.01.20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Macromedia
[2010.09.11 11:00:04 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Media Center Programs
[2010.06.06 17:59:11 | 000,000,000 | --SD | M] -- C:\Users\Franzi\AppData\Roaming\Microsoft
[2010.03.05 09:02:26 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Mozilla
[2010.07.18 09:28:20 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\MudTV
[2010.03.14 20:57:46 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ProtectDisc
[2010.02.19 11:37:12 | 000,000,000 | RH-D | M] -- C:\Users\Franzi\AppData\Roaming\SecuROM
[2010.07.20 07:56:01 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Skype
[2010.07.20 07:12:35 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\skypePM
[2010.08.22 10:28:37 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TSR
[2010.09.10 15:29:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\UseNeXT
[2010.09.11 10:21:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\uTorrent
[2010.08.22 18:07:31 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\vlc
[2010.03.03 09:44:39 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\WinBatch
[2010.02.14 09:21:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.09.11 10:17:20 | 000,106,496 | RHS- | M] (wcwC) -- C:\Users\Franzi\AppData\Roaming\ohydy.exe
[2010.09.11 10:17:20 | 000,245,248 | ---- | M] (Security Suites Corporation) -- C:\Users\Franzi\AppData\Roaming\eaaygqwhe\ndwaajnuqiw.exe
[2010.07.17 08:38:44 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Franzi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.02.12 16:54:52 | 000,010,134 | R--- | M] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Qoobox\32788R22FWJFW\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.09.11 21:30:53 | 000,841,728 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\ovfmoi.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< End of report >
         
--- --- ---







und hier das Extra log:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.09.2010 21:24:25 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = F:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451,64 Gb Total Space | 242,56 Gb Free Space | 53,71% Space Free | Partition Type: NTFS
Drive D: | 14,12 Gb Total Space | 1,96 Gb Free Space | 13,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,45 Gb Total Space | 2,86 Gb Free Space | 38,44% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7,46 Gb Total Space | 6,77 Gb Free Space | 90,73% Space Free | Partition Type: FAT32
 
Computer Name: FRANZI-PC
Current User Name: Franzi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2691724045-2314604569-2155052543-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Franzi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Value error.
Drive [find] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{33cc8e60-d6db-45be-9276-b6698187688a}" = F2100
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773C485E-B148-45CB-BF38-84FC208D960A}" = TSR Merlin
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9082C257-9729-4009-8299-6916CD556EAC}" = TSR Launcher
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF202088-CF66-4DCA-B1C3-185E7044CEE6}" = HP MediaSmart SmartMenu
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Die Kunst des Mordens - Karten des Schicksals_is1" = Die Kunst des Mordens - Karten des Schicksals
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExtraFilmDesignerCH DE" = ExtraFilm Designer CH DE
"Gizmo Central" = Gizmo Central
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PC-Doctor for Windows" = Hardware Diagnose Tools
"PDF Blender" = PDF Blender
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSP Video 9" = PSP Video 9 5.04
"pywin32-py2.6" = Python 2.6 pywin32-212
"Shop for HP Supplies" = Shop for HP Supplies
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"UseNeXT_is1" = UseNeXT
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.9
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2691724045-2314604569-2155052543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---





Der Malwarescan läuft leider noch... schicke es sobald es fertig ist hinterher.
Danke für deine Mühen

Antwort

Themen zu nach Virus Desktop schwarz
ahnungslos, antivir, bildschirm, ccleaner, computer, desktop, desktop schwarz, einfach, foren, gelöscht, gen, homepage, internet, lädt, malwarebytes, maus, msn, nichts, scan, schwarz, startbildschirm, stick, super, task-manager, verschiedene, virus, windows, windows 7



Ähnliche Themen: nach Virus Desktop schwarz


  1. Desktop ist schwarz
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (1)
  2. Desktop bleibt nach Start Weiß oder Schwarz!
    Plagegeister aller Art und deren Bekämpfung - 26.05.2013 (22)
  3. Desktop bleibt nach Systemstart schwarz, alle Dateien ausgeblendet oder weg. Firefox Öffnung möglich. Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (5)
  4. Desktop schwarz und keine Datetein auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  5. Trojaner, Virus, HDD S.M.A.R.T., keine Programme und Daten mehr, Desktop schwarz
    Plagegeister aller Art und deren Bekämpfung - 31.03.2012 (3)
  6. Verknüpfungen von Desktop gelöscht/ Desktop schwarz und keinen Zugriff auf Dateien
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (1)
  7. Desktop schwarz!
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  8. Nach Trojaner Infektion ist der Desktop schwarz
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (1)
  9. dwl3gina.dll Desktop bleibt nach Login schwarz, aber trotzdem Zugriff auf alle Dateien/Programme...
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (5)
  10. Icons auf Desktop entfernt / Desktophintergrund schwarz / PC fährt nach einiger Zeit herunter
    Plagegeister aller Art und deren Bekämpfung - 29.10.2011 (39)
  11. Nach Virusmeldung Desktop schwarz & Dateien verschwunden
    Log-Analyse und Auswertung - 05.06.2011 (19)
  12. Nach Trojaner Desktop schwarz Programme und Dateien verschwunden
    Log-Analyse und Auswertung - 23.05.2011 (39)
  13. Nach Trojan desktop bleibt schwarz
    Mülltonne - 03.05.2011 (2)
  14. Private Daten weg, Desktop schwarz!
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (2)
  15. Bildschirm nach einer Zeit schwarz und hängt dann Virus?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2010 (1)
  16. VISTA!!! Desktop!! SCHWARZ!
    Log-Analyse und Auswertung - 22.09.2009 (1)
  17. Desktop schwarz!!
    Log-Analyse und Auswertung - 23.04.2005 (1)

Zum Thema nach Virus Desktop schwarz - Hey zusammen, ich habe heute ahnungslos meinen Computer gestartet und war kurz auf der MSN Homepage als mir Antivir einen Haufen Trojanerwarnungen angab. Ich habe sie alle gelöscht und wollte - nach Virus Desktop schwarz...
Archiv
Du betrachtest: nach Virus Desktop schwarz auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.