Netz-Treff

Nachricht aus dem Archiv

Christina [Gast] schrieb am 25.April.2010, 13:10:46 in der Kategorie pc.security

ave.exe Virus - getarnt als Windows Firewall

und hier habe ich das OTL-LogFile, ich muss es allerdings auf 2 posts verteilen, weil es zu viele zeichen sind

hier mal teil 1:

OTL logfile created on: 25.04.2010 12:05:17 - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = C:\\Users\\moi\\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files
Drive C: | 149,04 Gb Total Space | 82,57 Gb Free Space | 55,40% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 93,83 Gb Free Space | 68,33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOI-PC
Current User Name: moi
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.25 12:05:12 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\\Users\\moi\\Downloads\\lichtinsdunkel.exe
PRC - [2009.08.07 21:15:26 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.04.25 12:05:12 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\\Users\\moi\\Downloads\\lichtinsdunkel.exe
MOD - [2008.01.21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2009.10.20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\avp.exe -- (AVP)
SRV - [2008.12.08 17:01:58 | 000,533,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Live\\Family Safety\\fsssvc.exe -- (fsssvc)
SRV - [2008.10.21 17:57:30 | 000,307,200 | -H-- | M] (DeviceVM) [Auto | Stopped] -- C:\\ASUS.SYS\\DVMExportService.exe -- (MDES)
SRV - [2008.03.31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Stopped] -- C:\\Program Files\\ASUS\\ASUS Data Security Manager\\ADSMSrv.exe -- (ADSMService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\\Program Files\\ATK Hotkey\\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\\Program Files\\Alcohol Soft\\Alcohol 120\\StarWind\\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - [2010.02.15 13:52:18 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\\Windows\\System32\\drivers\\klif.sys -- (KLIF)
DRV - [2010.01.30 21:41:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\Drivers\\sptd.sys -- (sptd)
DRV - [2009.11.03 17:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\klim6.sys -- (KLIM6)
DRV - [2009.10.14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\\Windows\\system32\\drivers\\klbg.sys -- (klbg)
DRV - [2009.10.02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\klmouflt.sys -- (klmouflt)
DRV - [2009.09.01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\\Windows\\System32\\drivers\\kl1.sys -- (kl1)
DRV - [2008.12.08 17:01:52 | 000,055,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\fssfltr.sys -- (fssfltr)
DRV - [2008.12.01 10:14:33 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\atikmdag.sys -- (atikmdag)
DRV - [2008.08.11 03:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.07.16 11:50:59 | 002,156,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.06.03 07:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 18:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\\Windows\\system32\\DRIVERS\\lullaby.sys -- (lullaby)
DRV - [2008.05.02 09:07:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\SiSGB6.sys -- (SiSGbeLH)
DRV - [2008.04.27 19:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\athr.sys -- (athr)
DRV - [2008.04.07 07:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\CRFILTER.sys -- (CRFILTER)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\aliide.sys -- (aliide)
DRV - [2007.12.06 11:12:47 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\SynTP.sys -- (SynTP)
DRV - [2007.08.11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\\Windows\\System32\\drivers\\AsDsm.sys -- (AsDsm)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Stopped] -- C:\\Program Files\\ATKGFNEX\\ASMMAP.sys -- (ASMMAP)
DRV - [2006.12.14 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\system32\\drivers\\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\system32\\drivers\\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\system32\\drivers\\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\smserial.sys -- (smserial)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\yk60x86.sys -- (yukonwlh)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = %SystemRoot%\\system32\\blank.htm
IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,StartPageCache = 1
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,XMLHTTP_UUID_Default = 31 F2 54 0F 63 DE 7C 48 A3 C7 DC 69 E8 17 F2 D2 [binary data]
IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: \"http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS\"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117

FF - HKLM\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components [2010.04.03 09:37:40 | 000,000,000 | ---D | M]
FF - HKLM\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins [2010.04.03 09:37:40 | 000,000,000 | ---D | M]
FF - HKLM\\software\\mozilla\\Thunderbird\\Extensions\\\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\THBExt [2010.02.15 13:53:19 | 000,000,000 | ---D | M]

[2009.10.11 11:47:48 | 000,000,000 | ---D | M] -- C:\\Users\\moi\\AppData\\Roaming\\mozilla\\Extensions
[2010.04.25 11:05:53 | 000,000,000 | ---D | M] -- C:\\Users\\moi\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\qolinp6l.default\\extensions
[2010.04.25 11:05:43 | 000,000,000 | ---D | M] -- C:\\Users\\moi\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\qolinp6l.default\\extensions\\toolbar@ask.com
[2010.04.25 11:05:53 | 000,000,000 | ---D | M] -- C:\\Program Files\\mozilla firefox\\extensions
[2010.04.25 01:02:02 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\\Program Files\\mozilla firefox\\extensions\\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2010.02.15 13:54:26 | 000,000,000 | ---D | M] -- C:\\Program Files\\mozilla firefox\\extensions\\linkfilter@kaspersky.ru
[2010.02.02 00:25:24 | 000,001,538 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\searchplugins\\amazon-en-GB.xml
[2010.02.02 00:25:24 | 000,000,947 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\searchplugins\\chambers-en-GB.xml
[2010.02.02 00:25:24 | 000,000,769 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\searchplugins\\eBay-en-GB.xml
[2010.02.02 00:25:25 | 000,000,831 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\searchplugins\\yahoo-en-GB.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0F54F231-DE63-487C-A3C7-DC69E817F2D2} - C:\\ProgramData\\CertEnrollUI32.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.4.4525.1752\\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files\\Ask.com\\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\\..\\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\\..\\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\\..\\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files\\Ask.com\\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\\..\\Toolbar\\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\\Run: [ADSMTray] C:\\Program Files\\ASUS\\ASUS Data Security Manager\\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\\Run: [ASUS Camera ScreenSaver] C:\\Windows\\AsScrProlog.exe ()
O4 - HKLM..\\Run: [ASUS Screen Saver Protector] C:\\Windows\\ASScrPro.exe ()
O4 - HKLM..\\Run: [ASUSTPE] C:\\Windows\\System32\\ASUSTPE.exe (ASUS)
O4 - HKLM..\\Run: [ATKMEDIA] C:\\Program Files\\ASUS\\ATK Media\\DMedia.exe (ASUS)
O4 - HKLM..\\Run: [ATKOSD2] C:\\Program Files\\ASUS\\ATKOSD2\\ATKOSD2.exe (ASUS)
O4 - HKLM..\\Run: [AVP] C:\\PROGRAM FILES\\KASPERSKY LAB\\KASPERSKY INTERNET SECURITY 2010\\AVP.EXE (Kaspersky Lab)
O4 - HKLM..\\Run: [CLMLServer] C:\\Program Files\\CyberLink\\Power2Go\\CLMLSvc.exe (CyberLink)
O4 - HKLM..\\Run: [DisableS3S4] c:\\DisableS3S4.cmd File not found
O4 - HKLM..\\Run: [HControlUser] C:\\Program Files\\ATK Hotkey\\HcontrolUser.exe ()
O4 - HKLM..\\Run: [RtHDVCpl] C:\\Windows\\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\\Run: [StartCCC] C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\\Run: [UpdateLBPShortCut] C:\\Program Files\\CyberLink\\LabelPrint\\MUITransfer\\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\\Run: [UpdateP2GoShortCut] C:\\Program Files\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\\Run: [Windows Defender] C:\\Program Files\\Windows Defender\\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\\Run: [AlcoholAutomount] C:\\Program Files\\Alcohol Soft\\Alcohol 120\\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\\Run: [RTHDBPL] C:\\Windows\\System32\\atiumdva32.dll ()
O4 - HKCU..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\\Users\\moi\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.1.lnk = C:\\Program Files\\OpenOffice.org 3\\program\\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\\Windows\\System32\\GPhotos.scr (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra \'Tools\' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\klwtbbho.dll (Kaspersky Lab)
O9 - Extra \'Tools\' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000007 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 134.219.101.211 134.219.101.212
O18 - Protocol\\Handler\\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\WI1F86~1\\MESSEN~1\\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\\Handler\\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll (Microsoft Corporation)
O18 - Protocol\\Handler\\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\WI1F86~1\\MESSEN~1\\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\\Handler\\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WEBCOM~1\\10\\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\\Handler\\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\\Program Files\\Windows Live\\Mail\\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\\Filter\\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll) - C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\\PROGRA~1\\KASPER~1\\KASPER~1\\kloehk.dll) - C:\\PROGRA~1\\KASPER~1\\KASPER~1\\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\\Windows\\system32\\comuid32.dll) - C:\\Windows\\System32\\comuid32.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)
O20 - Winlogon\\Notify\\klogon: DllName - C:\\Windows\\system32\\klogon.dll - C:\\Windows\\System32\\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\\Users\\moi\\AppData\\Roaming\\Microsoft\\Windows Photo Gallery\\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\\Users\\moi\\AppData\\Roaming\\Microsoft\\Windows Photo Gallery\\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\\{91b6026d-fba7-11de-ba1d-002618a3d0a0}\\Shell\\AutoRun\\command - \"\" = setup.exe
O33 - MountPoints2\\{f7084762-22f3-11df-b131-002618a3d0a0}\\Shell - \"\" = AutoRun
O33 - MountPoints2\\{f7084762-22f3-11df-b131-002618a3d0a0}\\Shell\\AutoRun\\command - \"\" = K:\\LaunchU3.exe -- File not found
O33 - MountPoints2\\F\\Shell\\AutoRun\\command - \"\" = setup.exe
O33 - MountPoints2\\G\\Shell\\AutoRun\\command - \"\" = setup.exe
O33 - MountPoints2\\H\\Shell\\AutoRun\\command - \"\" = setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\\..comfile [open] -- \"%1\" %*
O35 - HKLM\\..exefile [open] -- \"%1\" %*
O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*
O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 12:29:55 - (pc.security)
- @ Admins!!!ave.exe Virus - getarnt als Windows Firewall Hausdoc - 27.April.2010, 16:50:26
  - @ Admins!!!ave.exe Virus - getarnt als Windows Firewall schnake - 27.April.2010, 21:41:28
- ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 00:15:47
  - ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 00:21:45
    - ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 00:26:17
      - ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 00:38:03
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 01:00:00
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 01:06:42
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 01:24:37
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 01:27:01
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 01:30:23
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 01:34:39
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 01:42:22
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 01:43:11
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 02:11:53
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 02:40:41
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 02:54:16
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 03:16:30
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 15:33:55
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 21:42:49
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 22:43:17
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 27.April.2010, 06:15:06
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 27.April.2010, 14:04:20
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 28.April.2010, 04:37:07
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 27.April.2010, 16:01:18
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 28.April.2010, 04:26:24
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 28.April.2010, 11:46:29
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 27.April.2010, 14:03:25
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 28.April.2010, 05:03:37
        Achtung!!!!!!!! Hausdoc - 26.April.2010, 19:10:34
        Achtung!!!!!!!! Christina [Gast] - 26.April.2010, 19:38:22
- ave.exe Virus - getarnt als Windows Firewall WernerB. [Gast] - 25.April.2010, 13:27:05
- ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 12:39:19
  - ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 13:04:03
  - ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 12:59:39
- ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 12:32:33
  - ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 13:10:46
    - ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 14:35:19
    - ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 13:13:27
      - ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 14:11:29
      - ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 13:45:56
      - ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 13:23:27
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 13:35:44
        ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 13:54:17
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:15:27
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:09:14
        ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 14:18:59
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:32:05
        ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 14:39:55
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:40:51
        ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 14:47:16
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:59:29
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 15:39:10
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 21:41:57
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 21:20:37
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 22:09:17
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 18:48:12
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 18:36:25
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 21:57:14
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 22:05:06
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 22:11:02
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 22:51:15
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 22:54:55
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 23:21:02
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 00:10:36
        ave.exe Virus - getarnt als Windows Firewall / Wichtig Markus - 25.April.2010, 23:53:02
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 23:35:25
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 23:54:59
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 23:56:49
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 23:20:05
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 15:45:15
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 15:51:16
        ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 15:03:11
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 15:05:58
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:31:20
        ave.exe Virus - getarnt als Windows Firewall Hausdoc - 25.April.2010, 13:45:43