Netz-Treff

Nachricht aus dem Archiv

Christina [Gast] schrieb am 25.April.2010, 23:20:05 in der Kategorie pc.security

ave.exe Virus - getarnt als Windows Firewall / Vorgehen

> Das hier:
> http://sicher-ins-netz.info/analyse/otl.html

bitteschön, hier ist mal teil 1:

OTL logfile created on: 25.04.2010 22:05:36 - Run 2
OTL by OldTimer - Version 3.2.1.2 Folder = C:\\Users\\tina.moi-PC
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files
Drive C: | 149,04 Gb Total Space | 79,30 Gb Free Space | 53,21% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 93,83 Gb Free Space | 68,33% Space Free | Partition Type: NTFS
Drive E: | 7,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOI-PC
Current User Name: moi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.25 22:04:44 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\\Users\\tina.moi-PC\\lichtinsdunkel.exe
PRC - [2010.02.04 20:29:18 | 000,584,704 | ---- | M] (http://kmeleon.sf.net/) -- C:\\Program Files\\K-Meleon\\k-meleon.exe
PRC - [2010.01.11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe
PRC - [2009.10.20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\avp.exe
PRC - [2009.09.10 16:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Windows Media Player\\wmplayer.exe
PRC - [2009.08.07 21:59:30 | 000,033,136 | ---- | M] () -- C:\\Windows\\ASScrPro.exe
PRC - [2009.08.07 21:15:26 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe
PRC - [2008.10.21 17:57:30 | 000,307,200 | -H-- | M] (DeviceVM) -- C:\\ASUS.SYS\\DVMExportService.exe
PRC - [2008.07.19 03:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\\Program Files\\CyberLink\\Power2Go\\CLMLSvc.exe
PRC - [2008.07.16 12:00:59 | 006,253,088 | ---- | M] (Realtek Semiconductor) -- C:\\Windows\\RtHDVCpl.exe
PRC - [2008.07.15 19:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\\Program Files\\ASUS\\ATKOSD2\\ATKOSD2.exe
PRC - [2008.07.10 01:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\\Program Files\\P4G\\BatteryLife.exe
PRC - [2008.06.25 03:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\\Program Files\\ASUS\\ATK Media\\DMedia.exe
PRC - [2008.06.19 20:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\\Program Files\\ASUS\\ASUS CopyProtect\\aspg.exe
PRC - [2008.06.04 01:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\\Program Files\\ASUS\\Splendid\\ACMON.exe
PRC - [2008.04.01 07:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\\Program Files\\ASUS\\ASUS Data Security Manager\\ADSMTray.exe
PRC - [2008.03.31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\\Program Files\\ASUS\\ASUS Data Security Manager\\ADSMSrv.exe
PRC - [2008.02.01 23:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\\Program Files\\ATK Hotkey\\Hcontrol.exe
PRC - [2008.01.23 18:51:28 | 000,151,552 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\WDC.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Windows Defender\\MSASCui.exe
PRC - [2008.01.12 06:40:10 | 000,098,304 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\HControlUser.exe
PRC - [2007.12.04 18:57:06 | 002,486,272 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\ATKOSD.exe
PRC - [2007.11.05 03:48:06 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\MsgTranAgt.exe
PRC - [2007.10.12 05:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\\Windows\\System32\\ASUSTPE.exe
PRC - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\ASLDRSrv.exe
PRC - [2007.08.15 19:20:16 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\KBFiltr.exe
PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe
PRC - [2007.07.06 00:53:44 | 001,040,384 | ---- | M] () -- C:\\Program Files\\Wireless Console 2\\wcourier.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\\Program Files\\Alcohol Soft\\Alcohol 120\\StarWind\\StarWindServiceAE.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\\Windows\\System32\\ACEngSvr.exe

========== Modules (SafeList) ==========

MOD - [2010.04.25 22:04:44 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\\Users\\tina.moi-PC\\lichtinsdunkel.exe
MOD - [2009.11.07 00:04:36 | 000,109,072 | ---- | M] (Kaspersky Lab) -- C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll
MOD - [2009.11.07 00:04:24 | 000,017,936 | ---- | M] (Kaspersky Lab) -- C:\\PROGRA~1\\KASPER~1\\KASPER~1\\kloehk.dll
MOD - [2008.01.21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2009.10.20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\avp.exe -- (AVP)
SRV - [2008.12.08 17:01:58 | 000,533,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Live\\Family Safety\\fsssvc.exe -- (fsssvc)
SRV - [2008.10.21 17:57:30 | 000,307,200 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\\ASUS.SYS\\DVMExportService.exe -- (MDES)
SRV - [2008.03.31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\\Program Files\\ASUS\\ASUS Data Security Manager\\ADSMSrv.exe -- (ADSMService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\\Program Files\\ATK Hotkey\\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\\Program Files\\Alcohol Soft\\Alcohol 120\\StarWind\\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - [2010.02.15 13:52:18 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\\Windows\\System32\\drivers\\klif.sys -- (KLIF)
DRV - [2010.01.30 21:41:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\Drivers\\sptd.sys -- (sptd)
DRV - [2009.11.03 17:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\klim6.sys -- (KLIM6)
DRV - [2009.10.14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\\Windows\\system32\\drivers\\klbg.sys -- (klbg)
DRV - [2009.10.02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\klmouflt.sys -- (klmouflt)
DRV - [2009.09.01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\kl1.sys -- (kl1)
DRV - [2008.12.08 17:01:52 | 000,055,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\fssfltr.sys -- (fssfltr)
DRV - [2008.12.01 10:14:33 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atikmdag.sys -- (atikmdag)
DRV - [2008.08.11 03:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.07.16 11:50:59 | 002,156,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.06.03 07:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 18:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\\Windows\\system32\\DRIVERS\\lullaby.sys -- (lullaby)
DRV - [2008.05.02 09:07:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\SiSGB6.sys -- (SiSGbeLH)
DRV - [2008.04.27 19:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\athr.sys -- (athr)
DRV - [2008.04.07 07:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\CRFILTER.sys -- (CRFILTER)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\aliide.sys -- (aliide)
DRV - [2007.12.06 11:12:47 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\SynTP.sys -- (SynTP)
DRV - [2007.08.11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\\Windows\\System32\\drivers\\AsDsm.sys -- (AsDsm)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\\Program Files\\ATKGFNEX\\ASMMAP.sys -- (ASMMAP)
DRV - [2006.12.14 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\system32\\drivers\\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\system32\\drivers\\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\system32\\drivers\\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\smserial.sys -- (smserial)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\\Windows\\system32\\drivers\\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\yk60x86.sys -- (yukonwlh)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = %SystemRoot%\\system32\\blank.htm
IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,StartPageCache = 1
IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,XMLHTTP_UUID_Default = 31 F2 54 0F 63 DE 7C 48 A3 C7 DC 69 E8 17 F2 D2 [binary data]
IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: \"http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS\"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117

FF - HKLM\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components [2010.04.03 09:37:40 | 000,000,000 | ---D | M]
FF - HKLM\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins [2010.04.03 09:37:40 | 000,000,000 | ---D | M]
FF - HKLM\\software\\mozilla\\Thunderbird\\Extensions\\\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\THBExt [2010.02.15 13:53:19 | 000,000,000 | ---D | M]

[2009.10.11 11:47:48 | 000,000,000 | ---D | M] -- C:\\Users\\moi\\AppData\\Roaming\\mozilla\\Extensions
[2010.04.25 11:05:53 | 000,000,000 | ---D | M] -- C:\\Users\\moi\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\qolinp6l.default\\extensions
[2010.04.25 11:05:43 | 000,000,000 | ---D | M] -- C:\\Users\\moi\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\qolinp6l.default\\extensions\\toolbar@ask.com
[2010.04.25 17:01:19 | 000,000,000 | ---D | M] -- C:\\Program Files\\mozilla firefox\\extensions
[2010.02.15 13:54:26 | 000,000,000 | ---D | M] -- C:\\Program Files\\mozilla firefox\\extensions\\linkfilter@kaspersky.ru
[2010.02.02 00:25:24 | 000,001,538 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\searchplugins\\amazon-en-GB.xml
[2010.02.02 00:25:24 | 000,000,947 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\searchplugins\\chambers-en-GB.xml
[2010.02.02 00:25:24 | 000,000,769 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\searchplugins\\eBay-en-GB.xml
[2010.02.02 00:25:25 | 000,000,831 | ---- | M] () -- C:\\Program Files\\mozilla firefox\\searchplugins\\yahoo-en-GB.xml

ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 12:29:55 - (pc.security)
- @ Admins!!!ave.exe Virus - getarnt als Windows Firewall Hausdoc - 27.April.2010, 16:50:26
  - @ Admins!!!ave.exe Virus - getarnt als Windows Firewall schnake - 27.April.2010, 21:41:28
- ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 00:15:47
  - ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 00:21:45
    - ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 00:26:17
      - ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 00:38:03
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 01:00:00
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 01:06:42
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 01:24:37
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 01:27:01
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 01:30:23
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 01:34:39
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 01:42:22
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 01:43:11
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 02:11:53
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 02:40:41
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 02:54:16
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 03:16:30
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 15:33:55
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 21:42:49
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 26.April.2010, 22:43:17
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 27.April.2010, 06:15:06
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 27.April.2010, 14:04:20
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 28.April.2010, 04:37:07
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 27.April.2010, 16:01:18
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 28.April.2010, 04:26:24
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 28.April.2010, 11:46:29
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 27.April.2010, 14:03:25
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 28.April.2010, 05:03:37
        Achtung!!!!!!!! Hausdoc - 26.April.2010, 19:10:34
        Achtung!!!!!!!! Christina [Gast] - 26.April.2010, 19:38:22
- ave.exe Virus - getarnt als Windows Firewall WernerB. [Gast] - 25.April.2010, 13:27:05
- ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 12:39:19
  - ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 13:04:03
  - ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 12:59:39
- ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 12:32:33
  - ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 13:10:46
    - ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 14:35:19
    - ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 13:13:27
      - ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 14:11:29
      - ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 13:45:56
      - ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 13:23:27
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 13:35:44
        ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 13:54:17
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:15:27
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:09:14
        ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 14:18:59
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:32:05
        ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 14:39:55
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:40:51
        ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 14:47:16
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:59:29
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 15:39:10
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 21:41:57
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 21:20:37
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 22:09:17
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 18:48:12
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 18:36:25
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 21:57:14
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 22:05:06
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 22:11:02
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 22:51:15
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 22:54:55
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 23:21:02
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 26.April.2010, 00:10:36
        ave.exe Virus - getarnt als Windows Firewall / Wichtig Markus - 25.April.2010, 23:53:02
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 23:35:25
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 23:54:59
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 23:56:49
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Christina [Gast] - 25.April.2010, 23:20:05
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 15:45:15
        ave.exe Virus - getarnt als Windows Firewall / Vorgehen Markus - 25.April.2010, 15:51:16
        ave.exe Virus - getarnt als Windows Firewall Markus - 25.April.2010, 15:03:11
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 15:05:58
        ave.exe Virus - getarnt als Windows Firewall Christina [Gast] - 25.April.2010, 14:31:20
        ave.exe Virus - getarnt als Windows Firewall Hausdoc - 25.April.2010, 13:45:43