Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 05.11.2011, 16:27   #1
TreeOne
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



Schönen guten Tag.

Ich habe seit vorhin diesen hier im Forum bereits vorhandenen Trojaner auf meinem Rechner. Bildschirm ist schwarz, alle Dateien wurden versteckt, Startmenü ist leer und das Fehlermeldungsfenster wurde Zig mal geöffnet.

Ich habe Windows 7 auf dem PC.

Die Systemwiederherstellung finde ich im Windowsordner nicht und das Startmenü ist leer.

Und das letzte als funktionierend bekannte Konfigurtion starten wird ebenfalls nicht angezeigt beim Starten.

Deshalb hier direkt das OTL:

HTML-Code:
OTL logfile created on: 05.11.2011 15:59:09 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Sven\Documents
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 55,43% Memory free
7,71 Gb Paging File | 6,07 Gb Available in Paging File | 78,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 1,89 Gb Free Space | 1,62% Space Free | Partition Type: NTFS
Drive D: | 332,72 Gb Total Space | 241,79 Gb Free Space | 72,67% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-BOARD | User Name: Sven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011.11.05 15:51:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sven\Documents\OTL.exe
PRC - [2011.11.05 14:34:27 | 000,349,184 | -H-- | M] (Recover Inc) -- C:\ProgramData\6DSS92c31Apgjk.exe
PRC - [2011.11.05 14:17:51 | 000,459,776 | -HS- | M] (Recover Inc) -- C:\ProgramData\GNMdXaDCqs.exe
PRC - [2011.10.05 16:56:14 | 000,167,960 | -H-- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011.10.05 16:56:11 | 001,543,704 | -H-- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011.09.27 12:25:58 | 000,099,864 | -H-- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011.03.14 13:31:36 | 000,494,616 | -H-- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2011.03.14 13:31:35 | 000,232,472 | -H-- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010.01.05 01:43:36 | 001,597,440 | -H-- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.11.24 21:45:36 | 000,053,888 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.11.10 03:20:36 | 000,096,896 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.10.27 04:29:32 | 006,998,656 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009.10.26 18:10:42 | 000,174,720 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009.10.01 03:34:22 | 002,314,240 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 03:33:08 | 000,262,144 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.08.20 04:31:48 | 000,170,624 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.06.19 18:29:42 | 000,105,016 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 18:29:26 | 002,488,888 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.17 12:44:11 | 000,085,160 | -H-- | M] (Elaborate Bytes AG) -- D:\Programme\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.05.18 23:58:38 | 000,305,720 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.04.20 16:20:40 | 002,327,552 | -H-- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009.04.20 16:20:30 | 000,009,216 | -H-- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008.12.23 01:15:34 | 000,174,648 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011.10.14 02:54:33 | 000,997,888 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011.10.14 02:44:22 | 000,212,992 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cabd75d4716ede2fed948cbff94dcc38\System.ServiceProcess.ni.dll
MOD - [2011.10.14 02:43:55 | 000,771,584 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 02:43:52 | 000,627,200 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\834be57d8ab824b4ebcbf01161791d70\System.Transactions.ni.dll
MOD - [2011.10.14 02:43:51 | 006,618,624 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011.10.14 02:43:03 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.14 02:42:51 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.14 02:42:20 | 000,680,960 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\9b8dcad25a3be7d4a3f3b8b384f3190a\System.Security.ni.dll
MOD - [2011.10.14 02:42:15 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.14 02:42:08 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.14 02:42:07 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.14 02:41:53 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010.01.05 01:43:36 | 001,597,440 | -H-- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.24 21:45:36 | 000,053,888 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009.08.04 10:49:47 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.08.04 10:49:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 02:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009.07.14 02:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.06.10 22:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2010.09.06 11:09:44 | 000,859,712 | -H-- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:[b]64bit:[/b] - [2010.01.22 02:01:11 | 000,202,752 | -H-- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009.12.08 00:16:34 | 000,379,520 | -H-- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:[b]64bit:[/b] - [2009.11.27 04:39:45 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2009.09.29 17:32:31 | 000,570,632 | -H-- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:[b]64bit:[/b] - [2009.09.29 17:32:29 | 000,917,768 | -H-- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011.10.05 16:56:14 | 000,167,960 | -H-- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011.10.05 16:56:11 | 001,543,704 | -H-- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011.09.27 12:25:58 | 000,099,864 | -H-- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.03.14 13:31:35 | 000,232,472 | -H-- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.10 03:20:36 | 000,096,896 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.10.01 03:34:22 | 002,314,240 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 03:33:08 | 000,262,144 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.06.16 01:30:42 | 000,084,536 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.20 16:20:30 | 000,009,216 | -H-- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011.10.05 16:56:13 | 000,144,672 | -H-- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:[b]64bit:[/b] - [2011.09.27 12:25:53 | 000,026,104 | -H-- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:[b]64bit:[/b] - [2011.09.27 12:25:50 | 000,025,608 | -H-- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:[b]64bit:[/b] - [2011.03.11 07:22:41 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 07:22:40 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.08.29 14:28:09 | 000,314,016 | -H-- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:[b]64bit:[/b] - [2010.08.29 14:28:09 | 000,043,680 | -H-- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:[b]64bit:[/b] - [2010.07.30 18:30:26 | 000,309,840 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:[b]64bit:[/b] - [2010.07.30 18:30:20 | 000,042,576 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:[b]64bit:[/b] - [2010.07.30 18:24:14 | 001,988,176 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:[b]64bit:[/b] - [2010.04.28 07:57:50 | 000,061,288 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2010.01.22 02:13:23 | 006,233,088 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2010.01.22 02:13:23 | 006,233,088 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2010.01.22 01:07:55 | 000,161,280 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010.01.18 13:37:57 | 000,128,512 | -H-- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2009.12.17 23:25:17 | 000,034,472 | -H-- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2009.11.27 04:39:45 | 000,505,344 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2009.11.13 10:47:35 | 000,067,072 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2009.10.05 02:33:59 | 001,542,656 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009.09.30 02:34:31 | 000,121,872 | -H-- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009.09.29 17:33:17 | 000,107,536 | -H-- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:[b]64bit:[/b] - [2009.09.17 20:54:54 | 000,056,344 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:[b]64bit:[/b] - [2009.08.21 07:48:17 | 000,044,032 | -H-- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:[b]64bit:[/b] - [2009.08.12 04:38:01 | 001,799,680 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:[b]64bit:[/b] - [2009.08.09 22:25:45 | 000,036,352 | -H-- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:[b]64bit:[/b] - [2009.08.06 22:24:13 | 000,408,600 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009.07.20 10:29:39 | 000,015,416 | -H-- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2009.07.14 02:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 02:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 02:47:48 | 000,077,888 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009.07.14 02:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 21:35:57 | 000,056,832 | -H-- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 21:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.05.13 17:07:20 | 000,015,928 | -H-- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009.04.09 12:38:26 | 000,167,424 | -H-- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:[b]64bit:[/b] - [2009.04.09 12:38:26 | 000,150,784 | -H-- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:[b]64bit:[/b] - [2009.04.09 12:38:26 | 000,150,784 | -H-- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:[b]64bit:[/b] - [2009.04.09 12:38:26 | 000,150,656 | -H-- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:[b]64bit:[/b] - [2009.04.09 12:38:26 | 000,150,656 | -H-- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:[b]64bit:[/b] - [2009.04.09 12:38:26 | 000,011,776 | RH-- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:[b]64bit:[/b] - [2008.05.24 01:27:28 | 000,154,168 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | -H-- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Firefox\components [2011.10.06 19:48:01 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Firefox\plugins [2011.04.03 13:17:15 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: D:\Programme\Thunderbird\components [2011.10.06 15:11:27 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: D:\Programme\Thunderbird\plugins
 
[2010.08.14 17:43:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Sven\AppData\Roaming\mozilla\Extensions
[2011.04.03 12:29:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\48u4ccih.default\extensions
[2011.03.12 21:57:49 | 000,000,000 | -H-D | M] (Modify Headers) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\48u4ccih.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
 
[color=#E56717]========== Chrome  ==========[/color]
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Limited)
O2:[b]64bit:[/b] - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [GNMdXaDCqs.exe] C:\ProgramData\GNMdXaDCqs.exe (Recover Inc)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2BB58AB-63FA-450D-9ED1-0AE51B0AE820}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1C7B536-E58F-4EBF-801F-2E05EDFAE7E9}: NameServer = 137.193.10.34,137.193.10.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E918C3F8-9948-43DE-8750-2C7DA2E3DEE4}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{17e7e328-a7bb-11df-9fe3-485b39e6c158}\Shell - "" = AutoRun
O33 - MountPoints2\{17e7e328-a7bb-11df-9fe3-485b39e6c158}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{17e7e335-a7bb-11df-9fe3-485b39e6c158}\Shell - "" = AutoRun
O33 - MountPoints2\{17e7e335-a7bb-11df-9fe3-485b39e6c158}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{afd7ac68-be6d-11df-97cc-485b39e6c158}\Shell - "" = AutoRun
O33 - MountPoints2\{afd7ac68-be6d-11df-97cc-485b39e6c158}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
 
[2011.11.05 15:56:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sven\Documents\OTL.exe
[2011.11.05 14:25:53 | 000,000,000 | -H-D | C] -- C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.11.05 14:25:51 | 000,000,000 | -H-D | C] -- C:\Users\Sven\AppData\Local\Sophos
[2011.11.05 14:20:50 | 000,349,184 | -H-- | C] (Recover Inc) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.11.05 14:18:08 | 000,459,776 | -HS- | C] (Recover Inc) -- C:\ProgramData\GNMdXaDCqs.exe
[2011.11.05 14:17:00 | 000,000,000 | ---D | C] -- C:\Windows\system64
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
 
[2011.11.05 15:59:00 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.05 15:59:00 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.05 15:51:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sven\Documents\OTL.exe
[2011.11.05 15:51:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.05 15:51:11 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.05 14:36:31 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.11.05 14:34:27 | 000,349,184 | -H-- | M] (Recover Inc) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.11.05 14:29:57 | 001,507,342 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.05 14:29:57 | 000,657,910 | -H-- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.05 14:29:57 | 000,619,146 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.05 14:29:57 | 000,131,250 | -H-- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.05 14:29:57 | 000,107,466 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.05 14:25:53 | 000,000,659 | -H-- | M] () -- C:\Users\Sven\Desktop\System Restore.lnk
[2011.11.05 14:24:45 | 000,001,892 | -H-- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.11.05 14:17:51 | 000,459,776 | -HS- | M] (Recover Inc) -- C:\ProgramData\GNMdXaDCqs.exe
[2011.11.02 12:49:44 | 000,001,359 | -H-- | M] () -- C:\Users\Sven\Desktop\RZ_Drucker.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.11.05 14:34:46 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.11.05 14:25:53 | 000,000,659 | -H-- | C] () -- C:\Users\Sven\Desktop\System Restore.lnk
[2011.07.06 22:38:11 | 000,033,631 | -H-- | C] () -- C:\Windows\DIIUnin.dat
[2011.06.26 20:38:22 | 000,007,605 | -H-- | C] () -- C:\Users\Sven\AppData\Local\Resmon.ResmonCfg
[2011.03.05 23:09:44 | 000,043,520 | -H-- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.03.05 21:58:21 | 000,021,840 | -H-- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.03.05 21:58:21 | 000,017,212 | -H-- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.03.05 21:58:21 | 000,012,067 | -H-- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.01.04 20:06:01 | 000,000,495 | -H-- | C] () -- C:\Windows\SIERRA.INI
[2010.12.27 15:52:59 | 000,000,040 | -H-- | C] () -- C:\ProgramData\ra3.ini
[2010.12.26 23:17:27 | 000,000,996 | -H-- | C] () -- C:\Windows\eReg.dat
[2010.08.28 11:52:11 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.08.14 22:04:59 | 000,000,024 | -H-- | C] () -- C:\Windows\ATKPF.ini
[2010.08.14 18:20:09 | 000,004,608 | -H-- | C] () -- C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.14 17:01:26 | 007,122,826 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.21 21:19:47 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010.05.21 20:58:57 | 000,001,035 | -H-- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.05.21 20:40:49 | 000,131,368 | -H-- | C] () -- C:\ProgramData\FullRemove.exe
[2010.05.21 19:46:56 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2009.10.26 04:38:22 | 000,000,176 | -H-- | C] () -- C:\Windows\explorer.exe.config
[2009.08.19 09:33:09 | 000,020,480 | -H-- | C] () -- C:\Windows\OOBEPlayer.exe
[2009.08.19 09:33:09 | 000,000,232 | -H-- | C] () -- C:\Windows\OOBEPlayer.ini
[2009.07.29 06:20:40 | 000,000,010 | -H-- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.09 12:44:42 | 000,108,066 | RH-- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2006.05.19 04:39:57 | 000,015,497 | -H-- | C] () -- C:\Windows\snp2uvc.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.08.14 13:27:28 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\Asus WebStorage
[2010.12.29 16:57:09 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\bizarre creations
[2011.06.23 18:13:27 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.05.28 17:14:23 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\ICQ
[2010.10.07 18:45:48 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\OpenOffice.org
[2010.11.28 12:39:42 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\PhotoFiltre
[2011.10.11 21:05:23 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\SpinTop
[2011.04.29 16:40:12 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\Subversion
[2011.10.06 15:11:55 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\Thunderbird
[2010.08.29 15:44:48 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\Ubisoft
[2010.08.14 16:51:33 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\Vodafone
[2011.10.04 09:25:09 | 000,000,000 | -H-D | M] -- C:\Users\Sven\AppData\Roaming\Xerox
[2011.08.21 21:46:44 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:7D6EC5BE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:115CEE00
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:196FC0A6

< End of report >

Hier das Extras:

HTML-Code:
OTL Extras logfile created on: 05.11.2011 15:59:09 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Sven\Documents
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 55,43% Memory free
7,71 Gb Paging File | 6,07 Gb Available in Paging File | 78,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 1,89 Gb Free Space | 1,62% Space Free | Partition Type: NTFS
Drive D: | 332,72 Gb Total Space | 241,79 Gb Free Space | 72,67% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-BOARD | User Name: Sven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{489F2C5A-83B9-79D5-714C-1DEF32A898E5}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{74E85F31-573F-45BF-8939-4D2BCDCC2083}" = LEGO MINDSTORMS NXT Driver for x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{AA5A2780-10FC-913C-B8AA-FE42DFDBAA42}" = ccc-utility64
"{D0528577-31BF-2ABC-D7FC-E443EBF8B40A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"ASUS USB2.0 UVC VGA WebCam" = ASUS USB2.0 UVC VGA WebCam
"ASUS WebStorage" = ASUS WebStorage
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{182A1405-9660-F35E-4910-2F4804EF9CD1}" = Catalyst Control Center Core Implementation
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1E9165D4-D1BB-A8FF-4D81-4769904075BE}" = CCC Help Spanish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2271DC83-BDCA-B742-0F66-51C548D83878}" = CCC Help Hungarian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{2458E345-90BF-A135-A9F6-7B79E5A1B034}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2801377C-AED0-9DF8-8C13-DE5B8A255E01}" = CCC Help Italian
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2944D228-BD9D-293C-9207-36F3F83200C7}" = Catalyst Control Center Graphics Full Existing
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2BE54333-0A35-B568-B9B6-BBAC93363F07}" = CCC Help Polish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{321CA409-D308-D275-FD2E-07745286F7B1}" = CCC Help Portuguese
"{394B8A28-0984-B687-DC3D-600A83E3D8AB}" = ccc-core-static
"{3C168069-602E-D4DE-AAEA-C83395FD7CBB}" = CCC Help German
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{507BF84D-922E-367A-1B91-2C92A8626627}" = CCC Help Finnish
"{56670C91-F1BA-86BC-0AAE-8605B726EF2F}" = CCC Help Russian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57CB36B6-4884-535F-9379-34560046C912}" = CCC Help Dutch
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5E6ACA2E-60D5-461C-8FD3-04BA9C174B27}_is1" = Mouse Recorder Pro 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{611ED207-22E5-4543-B9D3-E73096759A4F}" = LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698E45C8-5054-554F-51CB-68847E4B0BA5}" = CCC Help Greek
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{719C5E05-B9B2-EBBB-766D-2A1245147DF9}" = Catalyst Control Center Graphics Previews Common
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77498F29-4EFE-159E-DB0E-8E36C3E2B473}" = CCC Help Danish
"{788A7564-40B9-4993-78AF-1852D423781E}" = CCC Help Chinese Traditional
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{91D02903-7EDB-2A1F-C19F-8EBB335BA708}" = CCC Help Chinese Standard
"{95F1EE6A-2C0E-5CE9-8042-287E11DFA089}" = Catalyst Control Center InstallProxy
"{9933221A-32B7-75A8-A496-713191B260CC}" = CCC Help Norwegian
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C28D1FA-B33F-AA17-9A87-FA556C5B6C2D}" = CCC Help English
"{9C976EB6-3C08-3B82-0162-26513153E347}" = CCC Help French
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9EC8C2B7-74F5-EEDC-E3F2-3E13564ABF8D}" = Catalyst Control Center Graphics Light
"{A0306AD8-1D8C-A5BB-6311-81A42370EEB9}" = Catalyst Control Center Graphics Previews Vista
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB77649D-25F2-EC99-67CD-A1B2F9862199}" = CCC Help Turkish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0474B6D-9508-9D4F-694A-9C78F06BB037}" = CCC Help Swedish
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{B5529701-E380-06B7-14A8-D24EC95B5CD2}" = CCC Help Japanese
"{BA32FA50-7D3C-F111-9E79-619774EDB517}" = Catalyst Control Center Localization All
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD9CA010-1B74-B806-F4B7-C2175EE3AC2C}" = CCC Help Korean
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}" = LEGO MINDSTORMS NXT Software v2.0
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F5E5DFE5-37AC-61A7-1A57-6741C243C96F}" = CCC Help Czech
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF250E8C-2925-C0C8-71EF-C456BE470759}" = CCC Help Thai
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ASUS AP Bank_is1" = ASUS AP Bank
"CCleaner" = CCleaner (remove only)
"Diablo II" = Diablo II
"DivX Setup.divx.com" = DivX-Setup
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"Plants vs. Zombies" = Plants vs. Zombies
"PlugY, The Survival Kit" = PlugY, The Survival Kit
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"PhotoFiltre" = PhotoFiltre
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Und hier noch meine installierten Dateien:

HTML-Code:
AC3Filter 1.63b	Alexander Vigovsky	13.12.2010		1.63b
Acrobat.com	Adobe Systems Incorporated	20.05.2010	1,61MB	1.6.65
Adobe AIR	Adobe Systems Inc.	20.05.2010		1.5.0.7220
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	20.05.2010		10.0.32.18
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	21.10.2011	6,00MB	11.0.1.152
Adobe Reader 9.2 MUI	Adobe Systems Incorporated	11.09.2011	653MB	9.2.0
Alcor Micro USB Card Reader	Alcor Micro Corp.	20.05.2010	2,89MB	1.5.17.25482
ANNO 1404	Ubisoft	04.09.2010		1.02.0000
Apple Application Support	Apple Inc.	11.02.2011	52,8MB	1.4.1
Apple Software Update	Apple Inc.	11.02.2011	2,16MB	2.1.1.116
ASUS AI Recovery	ASUS	20.05.2010	2,76MB	1.0.9
ASUS AP Bank	ASUSTEK	20.05.2010		1.0.0.0
ASUS FancyStart	ASUSTeK Computer Inc.	20.05.2010	12,1MB	1.0.8
ASUS LifeFrame3	ASUS	20.05.2010	27,7MB	3.0.20
ASUS Live Update	ASUS	20.05.2010		2.5.9
ASUS MultiFrame	ASUS	20.05.2010		1.0.0019
ASUS Power4Gear Hybrid	ASUS	20.05.2010	12,2MB	1.1.33
ASUS SmartLogon	ASUS	20.05.2010	10,9MB	1.0.0007
ASUS Splendid Video Enhancement Technology	ASUS	20.05.2010	24,4MB	1.02.0028
ASUS USB2.0 UVC VGA WebCam	Sonix	20.05.2010		5.8.53120.202
ASUS Virtual Camera	asus	20.05.2010	3,12MB	1.0.19
ASUS WebStorage	eCareme Technologies, Inc.	20.05.2010		2.0.40.1319
ATI Catalyst Install Manager	ATI Technologies, Inc.	20.05.2010	22,1MB	3.0.758.0
ATK Package	ASUS	20.05.2010	13,5MB	1.0.0001
CCleaner	Piriform	04.11.2011		3.12
CodeBlocks	The Code::Blocks Team	09.10.2011		10.05
Command & Conquer 3	Ihr Firmenname	22.06.2011	1.000MB	1.00.0000
ControlDeck	ASUS	20.05.2010	1,87MB	1.0.5
Diablo II		05.07.2011		
DivX-Setup	DivX, Inc. 	29.10.2010		2.1.2.2
EE-ZDE		03.01.2011		
Empire Earth		03.01.2011		
ETDWare PS/2-x64 7.0.5.10_WHQL	ELAN Microelectronics Corp.	20.05.2010		7.0.5.10
Fast Boot	ASUS	20.05.2010	1,47MB	1.0.5
ICQ7.5	ICQ	19.04.2011		7.5
IDT Audio	IDT	20.05.2010		1.0.6259.0
Intel(R) Management Engine Components	Intel Corporation	21.05.2010		6.0.0.1179
Java(TM) 6 Update 23	Oracle	11.03.2010	95,0MB	6.0.230
K_Series_ScreenSaver_EN		20.05.2010		
LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket	The LEGO Group	24.02.2011	43,4MB	2.0.100.0
LEGO MINDSTORMS NXT Driver for x64	LEGO	24.02.2011	1,55MB	1.17.770
LEGO MINDSTORMS NXT Migration Package	LEGO	24.02.2011	0,72MB	1.2.8.0
LEGO MINDSTORMS NXT Software v2.0	LEGO	24.02.2011	296MB	2.0.108.0
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.11.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	24.11.2010	2,94MB	4.0.30319
Microsoft Silverlight	Microsoft Corporation	13.10.2011	200MB	4.0.60831.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	13.08.2010	1,72MB	3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	13.08.2010	0,61MB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	13.08.2010	1,45MB	1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	14.08.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	29.05.2011	0,20MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	14.04.2011	0,77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	06.10.2010	1,71MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	20.05.2010	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	28.05.2011	2,06MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,59MB	9.0.30729.6161
Mouse Recorder Pro 1.3	Nemex	13.03.2011		
Mozilla Firefox 7.0.1 (x86 de)	Mozilla	05.10.2011	51,4MB	7.0.1
Mozilla Thunderbird (7.0.1)	Mozilla	05.10.2011		7.0.1 (de)
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	20.05.2010	1,53MB	4.30.2107.0
OpenOffice.org 3.2	OpenOffice.org	06.10.2010	363MB	3.2.9502
PhotoFiltre		27.11.2010		
Plants vs. Zombies	Spintop Media, Inc	10.10.2011		
PlugY, The Survival Kit		05.07.2011		10.00
QuickTime	Apple Inc.	11.02.2011	73,7MB	7.69.80.9
Skype™ 5.3	Skype Technologies S.A.	22.06.2011	16,6MB	5.3.120
Sophos Anti-Virus	Sophos Limited	01.11.2011	27,1MB	9.7.6
Sophos AutoUpdate	Sophos Limited	26.09.2011	9,01MB	2.5.10
Trend Micro Internet Security	Trend Micro Inc.	20.05.2010	94,2MB	17.50
VirtualCloneDrive	Elaborate Bytes	28.08.2010		
VLC media player 1.1.4	VideoLAN	12.10.2010		1.1.4
Vodafone Mobile Connect Lite	Vodafone	13.08.2010	22,7MB	9.4.2.14731
Windows Live Essentials	Microsoft Corporation	13.08.2010		14.0.8117.0416
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	24.10.2010	10,0MB	6.500.3165.0
Windows Live OneCare safety scanner	Microsoft Corporation	30.10.2010		
Windows Live Sync	Microsoft Corporation	13.08.2010	2,79MB	14.0.8117.416
Windows Live-Uploadtool	Microsoft Corporation	13.08.2010	0,22MB	14.0.8014.1029
WinFlash	ASUS	20.05.2010	1,29MB	2.29.0
WinRAR archiver		25.08.2010		
Wireless Console 3	ASUS	20.05.2010	2,43MB	3.0.15

Alt 05.11.2011, 16:36   #2
markusg
/// Malware-holic
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



hiho
bitte keine reinigungsversuche mehr selbst unternehmen, nur nach anleitung.
achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
:Files
C:\ProgramData\6DSS92c31Apgjk.exe
C:\ProgramData\6DSS92c31Apgjk.exe
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


lade unhide:
http://www.trojaner-board.de/54791-a...ner-board.html
__________________

__________________

Alt 05.11.2011, 16:50   #3
TreeOne
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



Wo befindet ´sich das Textdokument? Lade jetzt das MovedFiles.rar hoh...
__________________

Alt 05.11.2011, 16:51   #4
markusg
/// Malware-holic
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



da ists dann drinn, passt schon.
symbole wieder sichtbar? wie siehts im start menü aus?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.11.2011, 17:01   #5
TreeOne
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



Soeben Hochgeladen.

Die Programme werden im Startmenü jetzt wieder angezeigt. Desktop immernoch schwarz. Symbole sind noch weg.


Alt 05.11.2011, 17:08   #6
markusg
/// Malware-holic
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



das machen wir schon :-)
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
--> Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428

Alt 05.11.2011, 17:32   #7
TreeOne
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



Sooo, das Programm läuft, aber trotz deaktiviertem Sophos hat es noch "Verdächtiges Verhalten" festgestellt und HIPS/RegMod-021 in Quarantäne verschoben.

Nur als Zwischeninformation.

Alt 05.11.2011, 18:37   #8
TreeOne
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



So durchgelaufen.
Auf dem Rechner habe ich jetzt leider kein Internet mehr und im Leitfaden fehlt die erklärung, wie ich ds behebe. Da hört der Satz mittendrin auf..


Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-05.02 - Sven 05.11.2011  17:33:36.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3949.2130 [GMT 1:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AV: Trend Micro Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Trend Micro Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\6DSS92c31Apgjk.exe
c:\programdata\FullRemove.exe
c:\programdata\GNMdXaDCqs.exe
c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\security\Database\tmp.edb
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-05 bis 2011-11-05  ))))))))))))))))))))))))))))))
.
.
2011-11-05 17:06 . 2011-11-05 17:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-05 17:06 . 2011-11-05 17:06	--------	d-----w-	c:\users\Baum\AppData\Local\temp
2011-11-05 15:41 . 2011-11-05 15:48	--------	d-----w-	C:\_OTL
2011-11-05 14:33 . 2011-11-05 17:13	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC656691-AF03-4D1E-8E71-DCD0961E5532}\offreg.dll
2011-11-05 14:12 . 2011-11-05 15:50	1536322	----a-w-	c:\windows\system32\PerfStringBackup.TMP
2011-11-05 13:25 . 2011-11-05 13:25	--------	d-----w-	c:\users\Sven\AppData\Local\Sophos
2011-11-05 00:18 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC656691-AF03-4D1E-8E71-DCD0961E5532}\mpengine.dll
2011-10-22 07:49 . 2011-10-22 07:49	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-22 07:49 . 2011-10-22 07:49	--------	d-----w-	c:\programdata\McAfee
2011-10-22 07:48 . 2011-10-22 07:48	--------	d-----w-	c:\windows\system32\Macromed
2011-10-16 17:40 . 2011-10-16 17:43	--------	d-----w-	c:\users\Sven\Citrix
2011-10-13 04:27 . 2011-09-06 03:07	3134976	----a-w-	c:\windows\system32\win32k.sys
2011-10-13 04:26 . 2011-08-17 05:32	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-13 04:26 . 2011-08-17 05:27	288256	----a-w-	c:\windows\system32\MSNP.ax
2011-10-13 04:26 . 2011-08-17 05:27	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-13 04:26 . 2011-08-17 05:27	104960	----a-w-	c:\windows\system32\Mpeg2Data.ax
2011-10-13 04:26 . 2011-08-17 04:26	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-10-13 04:26 . 2011-08-17 04:22	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-10-13 04:26 . 2011-08-17 04:22	204288	----a-w-	c:\windows\SysWow64\MSNP.ax
2011-10-13 04:26 . 2011-08-17 05:27	75776	----a-w-	c:\windows\system32\MSDvbNP.ax
2011-10-13 04:26 . 2011-08-17 04:22	72704	----a-w-	c:\windows\SysWow64\Mpeg2Data.ax
2011-10-13 04:26 . 2011-08-17 04:22	59904	----a-w-	c:\windows\SysWow64\MSDvbNP.ax
2011-10-13 04:25 . 2011-08-27 05:40	861184	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-13 04:25 . 2011-08-27 05:40	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-10-13 04:25 . 2011-08-27 04:43	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-10-13 04:25 . 2011-08-27 04:43	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-10-11 20:06 . 2011-10-11 20:06	--------	d-----w-	c:\programdata\SpinTop Games
2011-10-11 20:05 . 2011-10-11 20:05	--------	d-----w-	c:\program files (x86)\Plants vs. Zombies
2011-10-11 20:05 . 2011-10-11 20:05	--------	d-----w-	c:\users\Sven\AppData\Roaming\SpinTop
2011-10-10 13:18 . 2011-10-25 08:46	--------	d-----w-	c:\users\Sven\AppData\Roaming\codeblocks
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 15:56 . 2011-10-05 15:56	144672	----a-w-	c:\windows\system32\drivers\savonaccess.sys
2011-09-27 11:25 . 2011-09-27 11:26	37400	----a-w-	c:\windows\system32\SophosBootTasks.exe
2011-09-27 11:25 . 2011-09-27 11:25	26104	----a-w-	c:\windows\system32\drivers\sdcfilter.sys
2011-09-27 11:25 . 2011-09-27 11:25	183024	----a-w-	c:\windows\system32\sdccoinstaller.dll
2011-09-27 11:25 . 2011-09-27 11:25	25608	----a-w-	c:\windows\system32\drivers\SophosBootDriver.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
"VirtualCloneDrive"="d:\programme\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2011-03-14 494616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-5-21 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-29 917768]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-10-05 167960]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-09-27 99864]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-10-05 1543704]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-27 487424]
"combofix"="c:\combofix\CF27265.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\programme\ICQ\ICQ7.5\ICQ.exe
TCP: Interfaces\{C1C7B536-E58F-4EBF-801F-2E05EDFAE7E9}: NameServer = 137.193.10.34,137.193.10.21
FF - ProfilePath - c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\48u4ccih.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-GNMdXaDCqs.exe - c:\programdata\GNMdXaDCqs.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3196232079-2252133149-874781267-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,fc,2f,92,5d,17,44,82,90,eb,32,30,95,5d,a5,9a,8d,8c,18,d5,ee,ca,6e,
   40,52,d2,26,27,43,92,b7,93,ef,d7,d0,51,59,f5,59,36,fd,98,c1,f9,2b,03,4c,85,\
"??"=hex:d2,8a,3d,7f,d6,ee,ff,ab,38,51,7b,8c,dc,d7,d2,0c
.
[HKEY_USERS\S-1-5-21-3196232079-2252133149-874781267-1000\Software\SecuROM\License information*]
"datasecu"=hex:b4,8b,a6,33,e8,cd,1d,31,99,ef,6a,cb,b3,3c,8d,5d,bf,cb,4f,be,ce,
   60,d7,dc,2a,e0,40,b6,cd,1b,11,22,ec,a3,ef,3c,8e,37,e6,19,76,90,4a,a9,16,d0,\
"rkeysecu"=hex:9c,0c,d1,33,2c,54,52,e0,ce,ad,c9,40,a8,7b,93,84
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-05  18:32:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-05 17:31
.
Vor Suchlauf: 1.636.003.840 Bytes frei
Nach Suchlauf: 2.047.213.568 Bytes frei
.
- - End Of File - - FE6D7A5FB4AC07572C0F51144C6E04B6
         
--- --- ---

Alt 05.11.2011, 18:39   #9
markusg
/// Malware-holic
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



öffne mal computer, c: qoobox, quarantain mit rechtsklick, und dann packen, und im upload channel hochladen bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.11.2011, 18:48   #10
TreeOne
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



Hochgeladen über USB Stick und 2tem PC da mein internet gekillt wurde.

Alt 05.11.2011, 18:49   #11
markusg
/// Malware-holic
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



ist das inet auch nach neustart inaktiev?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.11.2011, 18:55   #12
TreeOne
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



Ok, nach weiterem Neustart geht Internet jetzt wieder.

Alt 05.11.2011, 18:59   #13
markusg
/// Malware-holic
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



nutze mal den tdss killer, nichts löschen nur log posten
http://www.trojaner-board.de/82358-t...entfernen.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.11.2011, 19:05   #14
TreeOne
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



Gesagt, getan

HTML-Code:
19:04:01.0558 4416	TDSS rootkit removing tool 2.6.15.0 Nov  3 2011 17:15:49
19:04:01.0636 4416	============================================================
19:04:01.0636 4416	Current date / time: 2011/11/05 19:04:01.0636
19:04:01.0636 4416	SystemInfo:
19:04:01.0636 4416	
19:04:01.0636 4416	OS Version: 6.1.7600 ServicePack: 0.0
19:04:01.0636 4416	Product type: Workstation
19:04:01.0636 4416	ComputerName: ASUS-BOARD
19:04:01.0636 4416	UserName: Sven
19:04:01.0636 4416	Windows directory: C:\Windows
19:04:01.0636 4416	System windows directory: C:\Windows
19:04:01.0636 4416	Running under WOW64
19:04:01.0636 4416	Processor architecture: Intel x64
19:04:01.0636 4416	Number of processors: 4
19:04:01.0636 4416	Page size: 0x1000
19:04:01.0636 4416	Boot type: Normal boot
19:04:01.0636 4416	============================================================
19:04:02.0213 4416	Initialize success
19:04:19.0155 5664	============================================================
19:04:19.0155 5664	Scan started
19:04:19.0155 5664	Mode: Manual; SigCheck; TDLFS; 
19:04:19.0155 5664	============================================================
19:04:19.0451 5664	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:04:19.0545 5664	1394ohci - ok
19:04:19.0670 5664	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:04:19.0685 5664	ACPI - ok
19:04:19.0716 5664	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:04:19.0794 5664	AcpiPmi - ok
19:04:19.0904 5664	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:04:19.0919 5664	adp94xx - ok
19:04:19.0950 5664	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:04:19.0966 5664	adpahci - ok
19:04:19.0997 5664	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:04:20.0013 5664	adpu320 - ok
19:04:20.0153 5664	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
19:04:20.0216 5664	AFD - ok
19:04:20.0325 5664	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:04:20.0340 5664	agp440 - ok
19:04:20.0387 5664	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:04:20.0403 5664	aliide - ok
19:04:20.0528 5664	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:04:20.0543 5664	amdide - ok
19:04:20.0574 5664	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:04:20.0621 5664	AmdK8 - ok
19:04:20.0824 5664	amdkmdag        (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
19:04:20.0964 5664	amdkmdag - ok
19:04:21.0027 5664	amdkmdap        (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
19:04:21.0058 5664	amdkmdap - ok
19:04:21.0152 5664	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:04:21.0183 5664	AmdPPM - ok
19:04:21.0292 5664	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:04:21.0292 5664	amdsata - ok
19:04:21.0370 5664	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:04:21.0370 5664	amdsbs - ok
19:04:21.0401 5664	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:04:21.0417 5664	amdxata - ok
19:04:21.0510 5664	AmUStor         (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
19:04:21.0557 5664	AmUStor - ok
19:04:21.0682 5664	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:04:21.0776 5664	AppID - ok
19:04:21.0885 5664	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:04:21.0900 5664	arc - ok
19:04:21.0947 5664	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:04:21.0963 5664	arcsas - ok
19:04:22.0041 5664	ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:04:22.0088 5664	ASMMAP64 - ok
19:04:22.0197 5664	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:04:22.0322 5664	AsyncMac - ok
19:04:22.0431 5664	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:04:22.0446 5664	atapi - ok
19:04:22.0493 5664	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
19:04:22.0571 5664	athr - ok
19:04:22.0696 5664	AtiHdmiService  (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
19:04:22.0712 5664	AtiHdmiService - ok
19:04:22.0868 5664	atikmdag        (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atikmdag.sys
19:04:22.0961 5664	atikmdag - ok
19:04:23.0070 5664	atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
19:04:23.0086 5664	atksgt - ok
19:04:23.0195 5664	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:04:23.0242 5664	b06bdrv - ok
19:04:23.0351 5664	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:04:23.0382 5664	b57nd60a - ok
19:04:23.0492 5664	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:04:23.0538 5664	Beep - ok
19:04:23.0663 5664	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:04:23.0710 5664	blbdrive - ok
19:04:23.0819 5664	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:04:23.0866 5664	bowser - ok
19:04:23.0991 5664	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:04:24.0006 5664	BrFiltLo - ok
19:04:24.0069 5664	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:04:24.0100 5664	BrFiltUp - ok
19:04:24.0225 5664	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:04:24.0287 5664	Brserid - ok
19:04:24.0396 5664	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:04:24.0443 5664	BrSerWdm - ok
19:04:24.0552 5664	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:04:24.0584 5664	BrUsbMdm - ok
19:04:24.0630 5664	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:04:24.0646 5664	BrUsbSer - ok
19:04:24.0708 5664	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:04:24.0724 5664	BTHMODEM - ok
19:04:24.0818 5664	catchme - ok
19:04:24.0896 5664	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:04:24.0942 5664	cdfs - ok
19:04:24.0989 5664	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:04:25.0020 5664	cdrom - ok
19:04:25.0161 5664	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:04:25.0192 5664	circlass - ok
19:04:25.0254 5664	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:04:25.0270 5664	CLFS - ok
19:04:25.0426 5664	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:04:25.0457 5664	CmBatt - ok
19:04:25.0504 5664	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:04:25.0504 5664	cmdide - ok
19:04:25.0551 5664	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
19:04:25.0582 5664	CNG - ok
19:04:25.0707 5664	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:04:25.0722 5664	Compbatt - ok
19:04:25.0785 5664	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:04:25.0816 5664	CompositeBus - ok
19:04:25.0956 5664	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:04:25.0956 5664	crcdisk - ok
19:04:26.0097 5664	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:04:26.0144 5664	DfsC - ok
19:04:26.0237 5664	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:04:26.0300 5664	discache - ok
19:04:26.0424 5664	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:04:26.0440 5664	Disk - ok
19:04:26.0502 5664	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:04:26.0534 5664	drmkaud - ok
19:04:26.0643 5664	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:04:26.0674 5664	DXGKrnl - ok
19:04:26.0768 5664	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:04:26.0830 5664	ebdrv - ok
19:04:26.0970 5664	ElbyCDIO        (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
19:04:26.0986 5664	ElbyCDIO - ok
19:04:27.0064 5664	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:04:27.0095 5664	elxstor - ok
19:04:27.0111 5664	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:04:27.0142 5664	ErrDev - ok
19:04:27.0251 5664	ETD             (06c94be9d9e1e6411429433a64a76936) C:\Windows\system32\DRIVERS\ETD.sys
19:04:27.0298 5664	ETD - ok
19:04:27.0407 5664	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:04:27.0454 5664	exfat - ok
19:04:27.0532 5664	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:04:27.0579 5664	fastfat - ok
19:04:27.0688 5664	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:04:27.0719 5664	fdc - ok
19:04:27.0844 5664	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:04:27.0860 5664	FileInfo - ok
19:04:27.0891 5664	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:04:27.0938 5664	Filetrace - ok
19:04:28.0062 5664	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:04:28.0094 5664	flpydisk - ok
19:04:28.0203 5664	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:04:28.0203 5664	FltMgr - ok
19:04:28.0265 5664	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:04:28.0281 5664	FsDepends - ok
19:04:28.0390 5664	fssfltr         (2bf3b36b96d015af666b6aa63ae2e38f) C:\Windows\system32\DRIVERS\fssfltr.sys
19:04:28.0406 5664	fssfltr - ok
19:04:28.0437 5664	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:04:28.0452 5664	Fs_Rec - ok
19:04:28.0546 5664	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:04:28.0562 5664	fvevol - ok
19:04:28.0640 5664	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:04:28.0655 5664	gagp30kx - ok
19:04:28.0702 5664	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:04:28.0749 5664	hcw85cir - ok
19:04:28.0874 5664	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:04:28.0920 5664	HdAudAddService - ok
19:04:29.0045 5664	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:04:29.0092 5664	HDAudBus - ok
19:04:29.0201 5664	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:04:29.0217 5664	HECIx64 - ok
19:04:29.0264 5664	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:04:29.0295 5664	HidBatt - ok
19:04:29.0388 5664	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:04:29.0420 5664	HidBth - ok
19:04:29.0529 5664	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:04:29.0576 5664	HidIr - ok
19:04:29.0685 5664	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:04:29.0732 5664	HidUsb - ok
19:04:29.0856 5664	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:04:29.0856 5664	HpSAMD - ok
19:04:29.0934 5664	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:04:29.0997 5664	HTTP - ok
19:04:30.0106 5664	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:04:30.0106 5664	hwpolicy - ok
19:04:30.0168 5664	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:04:30.0184 5664	i8042prt - ok
19:04:30.0278 5664	iaStor          (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
19:04:30.0293 5664	iaStor - ok
19:04:30.0387 5664	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:04:30.0402 5664	iaStorV - ok
19:04:30.0449 5664	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:04:30.0449 5664	iirsp - ok
19:04:30.0480 5664	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:04:30.0496 5664	intelide - ok
19:04:30.0605 5664	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:04:30.0636 5664	intelppm - ok
19:04:30.0714 5664	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:04:30.0777 5664	IpFilterDriver - ok
19:04:30.0886 5664	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:04:30.0917 5664	IPMIDRV - ok
19:04:30.0964 5664	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:04:31.0011 5664	IPNAT - ok
19:04:31.0120 5664	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:04:31.0151 5664	IRENUM - ok
19:04:31.0260 5664	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:04:31.0260 5664	isapnp - ok
19:04:31.0323 5664	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:04:31.0323 5664	iScsiPrt - ok
19:04:31.0432 5664	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:04:31.0448 5664	kbdclass - ok
19:04:31.0494 5664	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:04:31.0541 5664	kbdhid - ok
19:04:31.0650 5664	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:04:31.0666 5664	kbfiltr - ok
19:04:31.0713 5664	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
19:04:31.0713 5664	KSecDD - ok
19:04:31.0791 5664	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
19:04:31.0791 5664	KSecPkg - ok
19:04:31.0900 5664	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:04:31.0947 5664	ksthunk - ok
19:04:32.0087 5664	L1C             (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
19:04:32.0134 5664	L1C - ok
19:04:32.0259 5664	lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
19:04:32.0274 5664	lirsgt - ok
19:04:32.0337 5664	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:04:32.0384 5664	lltdio - ok
19:04:32.0493 5664	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:04:32.0508 5664	LSI_FC - ok
19:04:32.0540 5664	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:04:32.0540 5664	LSI_SAS - ok
19:04:32.0664 5664	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:04:32.0664 5664	LSI_SAS2 - ok
19:04:32.0727 5664	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:04:32.0742 5664	LSI_SCSI - ok
19:04:32.0852 5664	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:04:32.0898 5664	luafv - ok
19:04:33.0023 5664	massfilter      (b5e86524918ef32b32d1032e0c8e92a3) C:\Windows\system32\DRIVERS\massfilter.sys
19:04:33.0070 5664	massfilter - ok
19:04:33.0148 5664	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:04:33.0148 5664	megasas - ok
19:04:33.0226 5664	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:04:33.0242 5664	MegaSR - ok
19:04:33.0320 5664	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:04:33.0382 5664	Modem - ok
19:04:33.0491 5664	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:04:33.0538 5664	monitor - ok
19:04:33.0663 5664	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:04:33.0678 5664	mouclass - ok
19:04:33.0803 5664	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:04:33.0834 5664	mouhid - ok
19:04:33.0944 5664	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:04:33.0944 5664	mountmgr - ok
19:04:34.0006 5664	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:04:34.0022 5664	mpio - ok
19:04:34.0100 5664	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:04:34.0162 5664	mpsdrv - ok
19:04:34.0209 5664	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:04:34.0240 5664	MRxDAV - ok
19:04:34.0334 5664	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:04:34.0365 5664	mrxsmb - ok
19:04:34.0458 5664	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:04:34.0490 5664	mrxsmb10 - ok
19:04:34.0568 5664	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:04:34.0583 5664	mrxsmb20 - ok
19:04:34.0661 5664	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:04:34.0677 5664	msahci - ok
19:04:34.0692 5664	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:04:34.0708 5664	msdsm - ok
19:04:34.0739 5664	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:04:34.0786 5664	Msfs - ok
19:04:34.0911 5664	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:04:34.0958 5664	mshidkmdf - ok
19:04:34.0989 5664	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:04:35.0004 5664	msisadrv - ok
19:04:35.0114 5664	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:04:35.0176 5664	MSKSSRV - ok
19:04:35.0285 5664	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:04:35.0332 5664	MSPCLOCK - ok
19:04:35.0410 5664	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:04:35.0457 5664	MSPQM - ok
19:04:35.0519 5664	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:04:35.0535 5664	MsRPC - ok
19:04:35.0582 5664	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:04:35.0582 5664	mssmbios - ok
19:04:35.0675 5664	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:04:35.0738 5664	MSTEE - ok
19:04:35.0784 5664	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:04:35.0800 5664	MTConfig - ok
19:04:35.0925 5664	MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
19:04:35.0940 5664	MTsensor - ok
19:04:36.0003 5664	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:04:36.0018 5664	Mup - ok
19:04:36.0143 5664	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:04:36.0174 5664	NativeWifiP - ok
19:04:36.0315 5664	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:04:36.0330 5664	NDIS - ok
19:04:36.0393 5664	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:04:36.0440 5664	NdisCap - ok
19:04:36.0549 5664	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:04:36.0596 5664	NdisTapi - ok
19:04:36.0720 5664	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:04:36.0783 5664	Ndisuio - ok
19:04:36.0798 5664	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:04:36.0861 5664	NdisWan - ok
19:04:36.0939 5664	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:04:36.0986 5664	NDProxy - ok
19:04:37.0048 5664	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:04:37.0110 5664	NetBIOS - ok
19:04:37.0142 5664	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:04:37.0204 5664	NetBT - ok
19:04:37.0329 5664	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:04:37.0344 5664	nfrd960 - ok
19:04:37.0407 5664	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:04:37.0469 5664	Npfs - ok
19:04:37.0532 5664	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:04:37.0578 5664	nsiproxy - ok
19:04:37.0656 5664	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:04:37.0688 5664	Ntfs - ok
19:04:37.0719 5664	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:04:37.0781 5664	Null - ok
19:04:37.0890 5664	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:04:37.0906 5664	nvraid - ok
19:04:37.0968 5664	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:04:37.0984 5664	nvstor - ok
19:04:38.0015 5664	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:04:38.0031 5664	nv_agp - ok
19:04:38.0046 5664	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:04:38.0078 5664	ohci1394 - ok
19:04:38.0202 5664	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:04:38.0218 5664	Parport - ok
19:04:38.0265 5664	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:04:38.0280 5664	partmgr - ok
19:04:38.0312 5664	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:04:38.0327 5664	pci - ok
19:04:38.0358 5664	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:04:38.0374 5664	pciide - ok
19:04:38.0405 5664	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:04:38.0421 5664	pcmcia - ok
19:04:38.0468 5664	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:04:38.0468 5664	pcw - ok
19:04:38.0577 5664	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:04:38.0639 5664	PEAUTH - ok
19:04:38.0780 5664	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:04:38.0842 5664	PptpMiniport - ok
19:04:38.0920 5664	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:04:38.0951 5664	Processor - ok
19:04:39.0029 5664	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:04:39.0076 5664	Psched - ok
19:04:39.0279 5664	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:04:39.0310 5664	ql2300 - ok
19:04:39.0404 5664	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:04:39.0419 5664	ql40xx - ok
19:04:39.0450 5664	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:04:39.0482 5664	QWAVEdrv - ok
19:04:39.0575 5664	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:04:39.0638 5664	RasAcd - ok
19:04:39.0684 5664	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:04:39.0716 5664	RasAgileVpn - ok
19:04:39.0762 5664	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:04:39.0809 5664	Rasl2tp - ok
19:04:39.0903 5664	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:04:39.0965 5664	RasPppoe - ok
19:04:40.0059 5664	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:04:40.0121 5664	RasSstp - ok
19:04:40.0152 5664	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:04:40.0215 5664	rdbss - ok
19:04:40.0277 5664	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:04:40.0308 5664	rdpbus - ok
19:04:40.0371 5664	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:04:40.0418 5664	RDPCDD - ok
19:04:40.0480 5664	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:04:40.0527 5664	RDPENCDD - ok
19:04:40.0542 5664	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:04:40.0605 5664	RDPREFMP - ok
19:04:40.0620 5664	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:04:40.0683 5664	RDPWD - ok
19:04:40.0792 5664	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:04:40.0808 5664	rdyboost - ok
19:04:40.0870 5664	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:04:40.0917 5664	rspndr - ok
19:04:41.0042 5664	SAVOnAccess     (6bdc2de3baa4373d44dec9d56ceaf2b1) C:\Windows\system32\DRIVERS\savonaccess.sys
19:04:41.0057 5664	SAVOnAccess - ok
19:04:41.0104 5664	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:04:41.0104 5664	sbp2port - ok
19:04:41.0166 5664	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:04:41.0229 5664	scfilter - ok
19:04:41.0307 5664	sdcfilter       (7e450d5b46ff8fe82dab822d3b48e3b3) C:\Windows\system32\DRIVERS\sdcfilter.sys
19:04:41.0322 5664	sdcfilter - ok
19:04:41.0416 5664	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:04:41.0478 5664	secdrv - ok
19:04:41.0572 5664	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:04:41.0603 5664	Serenum - ok
19:04:41.0650 5664	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:04:41.0666 5664	Serial - ok
19:04:41.0744 5664	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:04:41.0775 5664	sermouse - ok
19:04:41.0853 5664	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:04:41.0868 5664	sffdisk - ok
19:04:41.0900 5664	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:04:41.0915 5664	sffp_mmc - ok
19:04:41.0931 5664	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:04:41.0962 5664	sffp_sd - ok
19:04:42.0056 5664	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:04:42.0087 5664	sfloppy - ok
19:04:42.0180 5664	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
19:04:42.0212 5664	SiSGbeLH - ok
19:04:42.0274 5664	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:04:42.0290 5664	SiSRaid2 - ok
19:04:42.0321 5664	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:04:42.0321 5664	SiSRaid4 - ok
19:04:42.0352 5664	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:04:42.0399 5664	Smb - ok
19:04:42.0586 5664	SNP2UVC         (f06a6de8438f7446bff9e61f31356521) C:\Windows\system32\DRIVERS\snp2uvc.sys
19:04:42.0633 5664	SNP2UVC - ok
19:04:42.0773 5664	SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
19:04:42.0789 5664	SophosBootDriver - ok
19:04:42.0836 5664	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:04:42.0836 5664	spldr - ok
19:04:42.0882 5664	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:04:42.0929 5664	srv - ok
19:04:43.0023 5664	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:04:43.0054 5664	srv2 - ok
19:04:43.0132 5664	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:04:43.0163 5664	srvnet - ok
19:04:43.0288 5664	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:04:43.0288 5664	stexstor - ok
19:04:43.0382 5664	STHDA           (ddb811b13d827081e7c1ddff302ab334) C:\Windows\system32\DRIVERS\stwrt64.sys
19:04:43.0428 5664	STHDA - ok
19:04:43.0538 5664	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:04:43.0538 5664	swenum - ok
19:04:43.0725 5664	Tcpip           (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
19:04:43.0772 5664	Tcpip - ok
19:04:43.0850 5664	TCPIP6          (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
19:04:43.0896 5664	TCPIP6 - ok
19:04:43.0943 5664	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:04:43.0990 5664	tcpipreg - ok
19:04:44.0006 5664	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:04:44.0052 5664	TDPIPE - ok
19:04:44.0146 5664	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:04:44.0193 5664	TDTCP - ok
19:04:44.0240 5664	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:04:44.0286 5664	tdx - ok
19:04:44.0349 5664	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:04:44.0349 5664	TermDD - ok
19:04:44.0442 5664	tmpreflt        (803ee35df92815ea5d41cee7410c8cc1) C:\Windows\system32\DRIVERS\tmpreflt.sys
19:04:44.0458 5664	tmpreflt - ok
19:04:44.0505 5664	tmtdi           (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
19:04:44.0520 5664	tmtdi - ok
19:04:44.0567 5664	tmxpflt         (9bd32132a3470cefb3cbea5fa492bd6f) C:\Windows\system32\DRIVERS\tmxpflt.sys
19:04:44.0583 5664	tmxpflt - ok
19:04:44.0630 5664	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:04:44.0676 5664	tssecsrv - ok
19:04:44.0786 5664	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:04:44.0832 5664	tunnel - ok
19:04:44.0848 5664	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:04:44.0864 5664	uagp35 - ok
19:04:44.0895 5664	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:04:44.0942 5664	udfs - ok
19:04:45.0020 5664	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:04:45.0035 5664	uliagpkx - ok
19:04:45.0082 5664	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:04:45.0113 5664	umbus - ok
19:04:45.0207 5664	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:04:45.0222 5664	UmPass - ok
19:04:45.0269 5664	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:04:45.0300 5664	usbccgp - ok
19:04:45.0410 5664	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:04:45.0425 5664	usbcir - ok
19:04:45.0456 5664	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
19:04:45.0488 5664	usbehci - ok
19:04:45.0597 5664	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:04:45.0628 5664	usbhub - ok
19:04:45.0644 5664	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:04:45.0675 5664	usbohci - ok
19:04:45.0768 5664	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:04:45.0784 5664	usbprint - ok
19:04:45.0831 5664	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:04:45.0878 5664	USBSTOR - ok
19:04:45.0924 5664	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:04:45.0956 5664	usbuhci - ok
19:04:46.0034 5664	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:04:46.0080 5664	usbvideo - ok
19:04:46.0174 5664	VClone          (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
19:04:46.0205 5664	VClone - ok
19:04:46.0252 5664	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:04:46.0252 5664	vdrvroot - ok
19:04:46.0283 5664	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:04:46.0299 5664	vga - ok
19:04:46.0330 5664	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:04:46.0377 5664	VgaSave - ok
19:04:46.0486 5664	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:04:46.0502 5664	vhdmp - ok
19:04:46.0517 5664	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:04:46.0533 5664	viaide - ok
19:04:46.0595 5664	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:04:46.0611 5664	volmgr - ok
19:04:46.0658 5664	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:04:46.0673 5664	volmgrx - ok
19:04:46.0704 5664	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:04:46.0720 5664	volsnap - ok
19:04:46.0798 5664	vsapint         (b01ce1f5a44126892240d179a6dbd43f) C:\Windows\system32\DRIVERS\vsapint.sys
19:04:46.0829 5664	vsapint - ok
19:04:46.0907 5664	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:04:46.0923 5664	vsmraid - ok
19:04:46.0938 5664	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:04:46.0970 5664	vwifibus - ok
19:04:47.0001 5664	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:04:47.0032 5664	vwififlt - ok
19:04:47.0110 5664	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:04:47.0126 5664	vwifimp - ok
19:04:47.0157 5664	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:04:47.0188 5664	WacomPen - ok
19:04:47.0282 5664	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:04:47.0344 5664	WANARP - ok
19:04:47.0360 5664	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:04:47.0391 5664	Wanarpv6 - ok
19:04:47.0438 5664	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:04:47.0453 5664	Wd - ok
19:04:47.0484 5664	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:04:47.0500 5664	Wdf01000 - ok
19:04:47.0594 5664	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:04:47.0640 5664	WfpLwf - ok
19:04:47.0687 5664	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:04:47.0703 5664	WimFltr - ok
19:04:47.0765 5664	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:04:47.0781 5664	WIMMount - ok
19:04:47.0890 5664	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:04:47.0921 5664	WinUsb - ok
19:04:48.0062 5664	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:04:48.0093 5664	WmiAcpi - ok
19:04:48.0202 5664	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:04:48.0249 5664	ws2ifsl - ok
19:04:48.0296 5664	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:04:48.0358 5664	WudfPf - ok
19:04:48.0436 5664	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:04:48.0483 5664	WUDFRd - ok
19:04:48.0592 5664	ZTEusbmdm6k     (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:04:48.0623 5664	ZTEusbmdm6k - ok
19:04:48.0701 5664	ZTEusbnet       (01cbeea25aa78c0f0272654048d61f34) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
19:04:48.0748 5664	ZTEusbnet - ok
19:04:48.0873 5664	ZTEusbnmea      (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:04:48.0904 5664	ZTEusbnmea - ok
19:04:49.0044 5664	ZTEusbser6k     (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:04:49.0044 5664	ZTEusbser6k - ok
19:04:49.0091 5664	ZTEusbvoice     (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
19:04:49.0107 5664	ZTEusbvoice - ok
19:04:49.0169 5664	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:04:49.0356 5664	\Device\Harddisk0\DR0 - ok
19:04:49.0356 5664	Boot (0x1200)   (303b1827aedd9742dda2d16eea7e24d4) \Device\Harddisk0\DR0\Partition0
19:04:49.0356 5664	\Device\Harddisk0\DR0\Partition0 - ok
19:04:49.0388 5664	Boot (0x1200)   (dbdf7cc53dd1675b2cb6cd679edb3bc3) \Device\Harddisk0\DR0\Partition1
19:04:49.0388 5664	\Device\Harddisk0\DR0\Partition1 - ok
19:04:49.0388 5664	============================================================
19:04:49.0388 5664	Scan finished
19:04:49.0388 5664	============================================================
19:04:49.0403 5748	Detected object count: 0
19:04:49.0403 5748	Actual detected object count: 0

Alt 05.11.2011, 19:17   #15
markusg
/// Malware-holic
 
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Standard

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428



das ist aber nich talles oder :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428
alternate, bho, bildschirm, c:\windows\system32\rundll32.exe, defender, disabletaskmgr, error, excel, explorer, failed, failed to save all the components for the file \\system32, firefox, flash player, format, helper, home, install.exe, logfile, monitor, mozilla thunderbird, nicht angezeigt, opera, plug-in, programme, recover, registry, rundll, scan, shell32.dll, shortcut, software, starten, system, trojaner, usb, vodafone, webcheck, windows, windows - delayed write failed



Ähnliche Themen: Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428


  1. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 21.03.2012 (13)
  2. Windows 7 Failed to save all the components for the file \\System32\\0000xxxx
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (3)
  3. Windows 7 Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (5)
  4. Failed to save all the components for the file \\System32 usw...
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (15)
  5. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 12.02.2012 (1)
  6. Failed to save all the components for the file \\System32\\ [...]
    Log-Analyse und Auswertung - 01.02.2012 (6)
  7. windows 7 gecrasht - "Windows - Delayed Write Failed" "Failed to save all the components..."
    Plagegeister aller Art und deren Bekämpfung - 26.01.2012 (12)
  8. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 16.01.2012 (26)
  9. failed to save all the components for the file system32
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (2)
  10. WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 25.11.2011 (7)
  11. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - St
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (16)
  12. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (101)
  13. Windows 7 Failed to save all the components for the file System32\\00...
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (3)
  14. Windows - Delayed Write Failed - Failed to save...
    Log-Analyse und Auswertung - 10.11.2011 (7)
  15. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 09.11.2011 (25)
  16. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (10)
  17. Windows - Delayed Write Failed. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 07.11.2011 (12)

Zum Thema Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 - Schönen guten Tag. Ich habe seit vorhin diesen hier im Forum bereits vorhandenen Trojaner auf meinem Rechner. Bildschirm ist schwarz, alle Dateien wurden versteckt, Startmenü ist leer und das Fehlermeldungsfenster - Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428...
Archiv
Du betrachtest: Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.