|
Log-Analyse und Auswertung: WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.11.2011, 23:07 | #1 |
| WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ hallo zusammen, ich habe etwa das gleiche problem wie in folgendem thread beschrieben: http://www.trojaner-board.de/104868-...-system32.html allerdings benutze ich win xp und nicht windows 7; und ich bin mir nicht sicher ob ich combifix.exe so verwenden kann wie in o.g. thread beschrieben (die warnung im forum schreckt schliesslich ab ) den virus hab ich mir übrigens auf der suche nach einem livestream für das heutige championsleague spiel eingefangen (danke ans Pay-TV an der stelle...) ausserdem konnte ich zuerst den PC gar nicht mehr booten, da mein bootsystem stoppte und vor einem boot virus warnte und sagte ich soll "www.antivirus.org" besuchen - ist das auch bestandteil des viruses? jedenfalls hab ich im bios menü das scannen nach bootviren deaktiviert und komme so zum glück wenigstens wieder in windows rein. derzeit läuft win xp im abgesicherten modus und alle dateien waren verschwunden. wie im anderen thread beschrieben habe ich unhide.exe verwendet und mitlerweile zeigt er soweit ich es beurteilen kann wieder alle ordnerinhalte an. ich poste mal das OTL log und hoffe auf weitere hilfestellung. vielen Dank |
22.11.2011, 23:10 | #2 |
| WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 22.11.2011 22:50:01 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,53 Mb Total Physical Memory | 613,45 Mb Available Physical Memory | 59,93% Memory free 2,41 Gb Paging File | 2,16 Gb Available in Paging File | 89,83% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,52 Gb Total Space | 2,09 Gb Free Space | 10,73% Space Free | Partition Type: FAT32 Drive G: | 73,23 Gb Total Space | 15,42 Gb Free Space | 21,06% Space Free | Partition Type: NTFS Drive H: | 93,53 Gb Total Space | 7,12 Gb Free Space | 7,62% Space Free | Partition Type: NTFS Drive X: | 232,88 Gb Total Space | 121,57 Gb Free Space | 52,20% Space Free | Partition Type: NTFS Computer Name: MARC-BZZZZZ | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Programme\Winamp5\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp5\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Programme\Winamp5\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6 "{1C27C64B-D5CF-4881-A310-0BD2A0D21927}" = ElsterFormular 2005/2006 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{31C50740-FC5A-4C6C-B91B-E3B5DFADC824}" = Logitech QuickCam "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{3DD0716A-1F20-238B-FE6E-CDB53317961B}" = NEW_YEARS_DAE "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{5533F5C4-6825-42A8-8FBC-40E044DBD042}" = Game Scanner "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0 "{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m "{7B63B2922B174135AFC0E1377DD81EC2}" = "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component "{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007 "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0 "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{F02CF4B0-05EC-4938-A8D2-F739AF3B4363}" = Microsoft IntelliType Pro 5.5 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio "Adobe After Effects 7.0" = Adobe After Effects 7.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0 "cdngo_is1" = CD'n'Go! Suite 2.00 "com.adobe.example.FileDownload-01.818C15B818A2CA70841A72A58590C09C55C569D2.1" = NEW_YEARS_DAE "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender "eMule" = eMule "Exact Audio Copy" = Exact Audio Copy 0.95b4 "FileZilla Client" = FileZilla Client 3.0.11 "GENEUIDE" = USB Storage Driver "Google Updater" = Google Updater "Grusskartendesigner für Microsoft Windows" = Grusskartendesigner für Microsoft Windows "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "hp psc 700 series 1151589619" = hp psc 700 series "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0 "MFVirtualDrives_is1" = MFVirtualDrives 1.1.0 "mIRC" = mIRC "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US) "Nero - Burning Rom" = Nero - Burning Rom "NVIDIA Drivers" = NVIDIA Drivers "PDF Combine_is1" = PDF Combine "pdfFactory" = pdfFactory "PunkBusterSvc" = PunkBuster Services "QcDrv" = Logitech® Camera-Treiber "Qtracker" = Qtracker "RA3" = Rocket Arena 3 1.76 (remove only) "Security Task Manager" = Security Task Manager 1.6f "Shop for HP Supplies" = Shop for HP Supplies "SopCast" = SopCast 3.2.8 "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20 "Still Life" = Still Life "SUPER ©" = SUPER © Version 2008.bld.32 (July 8, 2008) "Veetle TV" = Veetle TV "VLC media player" = VideoLAN VLC media player 0.8.0 "vShare.tv plugin" = vShare.tv plugin 1.3 "Winamp" = Winamp (remove only) "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 2 "WinRAR archiver" = WinRAR Archivierer "xp-AntiSpy" = xp-AntiSpy 3.96-1 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10.10.2011 06:57:38 | Computer Name = MARC-BZZZZZ | Source = AVWUpSrv | ID = 0 Description = Error - 17.10.2011 12:55:58 | Computer Name = MARC-BZZZZZ | Source = AVWUpSrv | ID = 0 Description = Error - 24.10.2011 13:20:26 | Computer Name = MARC-BZZZZZ | Source = AVWUpSrv | ID = 0 Description = Error - 01.11.2011 11:02:08 | Computer Name = MARC-BZZZZZ | Source = AVWUpSrv | ID = 0 Description = Error - 03.11.2011 19:26:30 | Computer Name = MARC-BZZZZZ | Source = AVWUpSrv | ID = 0 Description = Error - 08.11.2011 14:40:33 | Computer Name = MARC-BZZZZZ | Source = AVWUpSrv | ID = 0 Description = Error - 15.11.2011 14:45:25 | Computer Name = MARC-BZZZZZ | Source = AVWUpSrv | ID = 0 Description = Error - 22.11.2011 15:21:38 | Computer Name = MARC-BZZZZZ | Source = AVWUpSrv | ID = 0 Description = Error - 22.11.2011 16:30:48 | Computer Name = MARC-BZZZZZ | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 6.0.2900.2180, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 22.11.2011 17:12:37 | Computer Name = MARC-BZZZZZ | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%5 Error - 22.11.2011 17:12:37 | Computer Name = MARC-BZZZZZ | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Fips intelppm Error - 22.11.2011 17:12:37 | Computer Name = MARC-BZZZZZ | Source = Service Control Manager | ID = 7034 Description = Dienst "DNS-Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 22.11.2011 17:14:45 | Computer Name = MARC-BZZZZZ | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 22.11.2011 17:14:45 | Computer Name = MARC-BZZZZZ | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 22.11.2011 17:16:16 | Computer Name = MARC-BZZZZZ | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460 Error - 22.11.2011 17:16:19 | Computer Name = MARC-BZZZZZ | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "ntmssvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {D61A27C6-8F53-11D0-BFA0-00A024151983} Error - 22.11.2011 17:27:56 | Computer Name = MARC-BZZZZZ | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 22.11.2011 17:35:49 | Computer Name = MARC-BZZZZZ | Source = DCOM | ID = 10010 Description = Der Server "{0002DF01-0000-0000-C000-000000000046}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 22.11.2011 17:46:56 | Computer Name = MARC-BZZZZZ | Source = DCOM | ID = 10010 Description = Der Server "{0002DF01-0000-0000-C000-000000000046}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > |
22.11.2011, 23:11 | #3 |
| WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 22.11.2011 22:50:01 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,53 Mb Total Physical Memory | 613,45 Mb Available Physical Memory | 59,93% Memory free 2,41 Gb Paging File | 2,16 Gb Available in Paging File | 89,83% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,52 Gb Total Space | 2,09 Gb Free Space | 10,73% Space Free | Partition Type: FAT32 Drive G: | 73,23 Gb Total Space | 15,42 Gb Free Space | 21,06% Space Free | Partition Type: NTFS Drive H: | 93,53 Gb Total Space | 7,12 Gb Free Space | 7,62% Space Free | Partition Type: NTFS Drive X: | 232,88 Gb Total Space | 121,57 Gb Free Space | 52,20% Space Free | Partition Type: NTFS Computer Name: MARC-BZZZZZ | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\Programme\WinRAR\rarext.dll () ========== Win32 Services (SafeList) ========== SRV - (btcfg64) btcfg64(btcfg64) -- File not found SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- c:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (AVWUpSrv) -- C:\Programme\AVPersonal\AVWUPSRV.EXE (H+BEDV Datentechnik GmbH, Germany) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys () DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.) DRV - (imagesrv) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys (Ahead Software AG) DRV - (imagedrv) -- C:\WINDOWS\System32\Drivers\imagedrv.sys (Ahead Software AG) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (ALCXWDM) Service for Avance AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Avance Logic, Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Programme_2\itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.01 00:22:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 20:29:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 20:29:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2006.06.27 14:15:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2006.06.27 14:15:30 | 000,000,000 | ---D | M] [2011.11.22 22:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2008.01.20 22:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\r6npsmm4.default\extensions [2006.06.27 14:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.21 21:44:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.11.11 18:40:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Programme\mozilla firefox\plugins\npvsharetvplg.dll [2011.05.10 00:33:28 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.11.11 18:40:08 | 000,002,040 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2008.02.21 21:38:32 | 000,226,721 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Alma Public Directory O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 Index of / O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 132??? O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 7952 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CMHxHbrYhPJ.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMHxHbrYhPJ.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\QuickCam10\QuickCam10.exe () O4 - HKLM..\Run: [Microsoft web update] webmsn.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp5\winampa.exe () O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.) O4 - HKCU..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot File not found O4 - HKCU..\RunOnce: [NeroHomeFirstStart] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroScoutOptions.exe (Nero AG) O4 - HKLM..\RunServices: [Microsoft web update] webmsn.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AD54710-264C-4779-AF40-A9FD17C88DFD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.06.26 21:31:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.22 22:35:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Identities [2011.11.22 22:35:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities [2011.11.22 22:20:02 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien [2011.11.22 22:20:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads [2011.11.22 22:11:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe [2011.11.16 22:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Qtracker [2011.11.16 22:24:44 | 000,000,000 | ---D | C] -- C:\Programme\Qtracker [2011.11.14 20:13:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\id Software [2011.11.14 20:13:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software [2011.11.04 00:32:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard [2011.10.28 20:19:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.22 22:11:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.11.22 22:03:06 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.11.22 21:04:36 | 000,434,944 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMHxHbrYhPJ.exe [2011.11.22 21:00:02 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.11.22 20:38:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.11.22 20:16:36 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.11.22 20:16:30 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.11.15 23:21:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.11.11 18:47:12 | 000,227,294 | ---- | M] () -- C:\WINDOWS\hpoins41.dat [2011.10.31 15:20:44 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.22 21:07:35 | 000,434,944 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMHxHbrYhPJ.exe [2010.05.19 19:47:24 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat.temp [2010.04.01 00:14:56 | 000,227,294 | ---- | C] () -- C:\WINDOWS\hpoins41.dat [2010.04.01 00:14:56 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat [2010.02.17 21:45:56 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.05.05 21:44:26 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2008.07.28 00:47:57 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe [2008.07.28 00:47:57 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe [2008.07.28 00:47:57 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe [2008.07.28 00:47:57 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe [2008.07.28 00:47:57 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.02.21 21:31:10 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe [2008.02.21 21:31:10 | 000,002,550 | ---- | C] () -- C:\WINDOWS\unins000.dat [2008.01.06 21:59:27 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\deluidrv.exe [2008.01.06 21:59:27 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\delentry.exe [2008.01.06 21:59:27 | 000,000,445 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini [2007.10.22 22:09:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2007.10.22 20:37:53 | 000,048,205 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2007.07.09 22:15:06 | 000,139,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.07.09 22:14:59 | 000,214,720 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2007.07.09 22:14:34 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2006.12.22 12:32:48 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2006.12.22 12:30:42 | 001,683,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys [2006.12.10 23:41:51 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [2006.12.10 23:41:51 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [2006.10.04 09:04:26 | 000,003,208 | ---- | C] () -- C:\WINDOWS\tm.ini [2006.09.15 14:03:40 | 000,001,362 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2006.08.06 22:47:18 | 000,000,088 | ---- | C] () -- C:\WINDOWS\CDPlayer.INI [2006.07.11 18:35:04 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2006.07.07 18:44:47 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2006.07.07 18:44:47 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2006.07.07 18:44:47 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2006.07.07 18:44:47 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2006.07.07 18:44:47 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2006.06.30 02:02:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.06.30 00:37:53 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe [2006.06.29 15:59:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI [2006.06.28 22:16:39 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2006.06.28 16:14:24 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.06.28 11:41:55 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2006.06.27 15:34:47 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2006.06.27 15:24:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sucker.exe [2006.06.27 14:37:36 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006.06.27 14:15:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.06.27 14:15:34 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe [2006.06.27 14:15:29 | 000,003,134 | ---- | C] () -- C:\WINDOWS\mozver.dat [2006.06.27 14:14:43 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.06.27 13:53:53 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2006.06.27 13:53:41 | 000,003,798 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006.06.27 13:53:40 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006.06.26 21:34:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.06.26 21:29:32 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.06.26 21:26:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.06.26 21:25:27 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.06.01 17:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.06.01 17:22:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.06.01 17:22:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.06.01 17:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.06.01 17:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.06.01 17:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.06.01 17:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.06.01 17:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.06.01 17:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.06.01 17:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006.06.01 17:22:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2002.08.29 01:54:14 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2001.08.31 22:15:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.31 22:15:44 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.08.18 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001.08.18 19:00:00 | 000,316,594 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2001.08.18 19:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001.08.18 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001.08.18 19:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2001.08.18 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001.08.18 19:00:00 | 000,048,156 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2001.08.18 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001.08.18 19:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001.08.18 19:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2001.08.18 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001.08.18 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL < End of report > |
23.11.2011, 19:04 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
24.11.2011, 20:19 | #5 |
| WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 8234 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 6.0.2900.2180 24.11.2011 20:16:29 mbam-log-2011-11-24 (20-16-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|H:\|X:\|) Durchsuchte Objekte: 382323 Laufzeit: 29 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 25 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CMHxHbrYhPJ.exe (Trojan.FakeAlert) -> Value: CMHxHbrYhPJ.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft web update (Trojan.Agent.MSGen) -> Value: Microsoft web update -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (Search) Good: (Google) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\dokumente und einstellungen\all users\anwendungsdaten\cmhxhbryhpj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programme\mozilla firefox\removewga12.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully. h:\videoprogramme\sorenson squeeze compression suite 4.0.301.11\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. x:\programme\temp download\mirc612.exe (Backdoor.Bot) -> Quarantined and deleted successfully. x:\programme\temp download\tempdownload\setupclonecd.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. x:\programme\temp download\tempdownload\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully. x:\programme\tools\brennprogramme\daemon tools\setupdtsb.exe (Adware.WhenU) -> Quarantined and deleted successfully. x:\programme\tools\internet stuff\ICQ\lingoware\lingoware\Referals\ezula.exe (Adware.Ezula) -> Quarantined and deleted successfully. x:\programme\tools\internet stuff\ICQ\lingoware\lingoware\Referals\Hotbar.exe (Adware.Hotbar) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte c-disk\local disk (g)\program files\webhancer\Programs\REGWEBH.DLL (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte c-disk\local disk (g)\program files\webhancer\Programs\WBHSHARE.DLL (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte c-disk\local disk (g)\program files\webhancer\Programs\WHAGENT.EXE (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte c-disk\local disk (g)\program files\webhancer\Programs\whiedc.dll (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte c-disk\local disk (g)\program files\webhancer\Programs\WHIEHLPR.DLL (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte c-disk\local disk (g)\program files\webhancer\Programs\WHIESHM.DLL (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte c-disk\local disk (g)\unzipped\flashfxp 1.3.763\damn_flashfxp13770kmkr.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte c-disk\local disk (g)\unzipped\flashfxp 1.3.763\damn_flashfxp13770ptch.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte d-disk\ibmhd (h)\sicherung fuer formatierung\program files\webhancer\Programs\REGWEBH.DLL (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte d-disk\ibmhd (h)\sicherung fuer formatierung\program files\webhancer\Programs\WBHSHARE.DLL (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte d-disk\ibmhd (h)\sicherung fuer formatierung\program files\webhancer\Programs\WHAGENT.EXE (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte d-disk\ibmhd (h)\sicherung fuer formatierung\program files\webhancer\Programs\whiedc.dll (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte d-disk\ibmhd (h)\sicherung fuer formatierung\program files\webhancer\Programs\WHIEHLPR.DLL (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte d-disk\ibmhd (h)\sicherung fuer formatierung\program files\webhancer\Programs\WHIESHM.DLL (PUP.WebHancer) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte d-disk\ibmhd (h)\sicherung fuer formatierung\programme\Go!Zilla\advert.dll (Adware.Aureate) -> Quarantined and deleted successfully. x:\Spiele\backup von altem pc\alte d-disk\ibmhd (h)\sicherung fuer formatierung\sicherung\Save\TMP\cdkeygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. |
24.11.2011, 20:21 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\Zitat:
Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________ --> WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ |
24.11.2011, 23:58 | #7 |
| WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ bitte meinen thread hier löschen. er hat so für niemanden mehr einen nutzen. (ich finde keinen "editieren" oder "löschen" button) |
25.11.2011, 10:37 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ Hier wird nichts gelöscht. Wenn werden nur persönliche Infos unkenntlich gemacht.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ |
abgesicherten, bios, bios menü, booten, dateien, deaktiviert, failed, failed to save all the components for the file \\system32, file, folge, forum, hallo zusammen, log, nicht mehr, nicht sicher, problem, scan, scannen, suche, system, system32, viren, virus, warnung, win, win xp, windows, windows - delayed write failed, windows 7, windows detected hard disk problem |