Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
failed save system 32, hilfe :(

failed save system 32, hilfe :(


Plagegeister aller Art und deren Bekämpfung: failed save system 32, hilfe :(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 26.01.2012, 22:04   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.02.2012, 16:59   #17
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Code:
ATTFilter
ComboFix 12-01-28.01 - mary 05.02.2012  16:43:37.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3996.2601 [GMT 1:00]
ausgeführt von:: c:\users\mary\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\users\mary\AppData\Local\TempDIR
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-05 bis 2012-02-05  ))))))))))))))))))))))))))))))
.
.
2012-02-05 15:46 . 2012-02-05 15:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-05 15:39 . 2012-02-05 15:39	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DBADC3F-F897-403D-B8F6-CE9710C2BD2B}\offreg.dll
2012-02-03 10:35 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DBADC3F-F897-403D-B8F6-CE9710C2BD2B}\mpengine.dll
2012-02-02 23:13 . 2012-02-05 10:28	--------	d-----w-	c:\users\mary\AppData\Roaming\Acud
2012-02-02 23:13 . 2012-02-04 23:00	--------	d-----w-	c:\users\mary\AppData\Roaming\Evacgin
2012-01-31 08:25 . 2012-01-31 08:25	--------	d-----w-	c:\windows\system32\drivers\NISx64\1207000.00D
2012-01-30 15:56 . 2012-01-30 15:56	--------	d-----w-	c:\users\mary\AppData\Roaming\AVS4YOU
2012-01-30 15:55 . 2011-09-16 15:05	11137024	----a-w-	c:\windows\SysWow64\libmfxsw32.dll
2012-01-30 15:55 . 2012-01-30 15:56	--------	d-----w-	c:\program files (x86)\Common Files\AVSMedia
2012-01-30 15:54 . 2012-01-30 15:56	--------	d-----w-	c:\program files (x86)\AVS4YOU
2012-01-30 15:54 . 2012-01-30 15:56	--------	d-----w-	c:\programdata\AVS4YOU
2012-01-30 15:54 . 2011-08-22 15:33	1700352	----a-w-	c:\windows\SysWow64\GdiPlus.dll
2012-01-30 15:54 . 2011-08-22 15:32	24576	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-01-29 21:07 . 2012-01-29 21:07	--------	d-----w-	c:\users\mary\AppData\Roaming\AnvSoft
2012-01-29 21:06 . 2012-01-29 21:06	--------	d-----w-	c:\program files (x86)\AnvSoft
2012-01-27 07:17 . 2012-01-27 07:17	--------	d-----w-	c:\program files (x86)\GanttProject
2012-01-26 14:01 . 2012-01-26 14:01	--------	d-----w-	C:\_OTL
2012-01-25 16:03 . 2012-01-25 21:55	--------	d-----w-	c:\programdata\Skype
2012-01-25 16:02 . 2012-01-25 16:02	980616	----a-w-	c:\users\Public\SkypeSetup.exe
2012-01-25 15:24 . 2012-01-25 15:24	--------	d-----w-	c:\users\mary\AppData\Roaming\Malwarebytes
2012-01-25 15:23 . 2012-01-25 15:23	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-25 15:23 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-25 15:23 . 2012-01-25 15:24	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-25 15:23 . 2012-01-25 15:23	10847608	----a-w-	c:\users\Public\mbam-setup-1.60.0.1800.exe
2012-01-24 23:50 . 2012-01-24 23:50	--------	d-----w-	c:\program files (x86)\ESET
2012-01-24 00:42 . 2012-01-24 00:42	--------	d-----w-	c:\users\mary\AppData\Roaming\Avira
2012-01-24 00:36 . 2011-12-15 14:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-01-24 00:36 . 2011-12-15 13:59	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-01-24 00:36 . 2011-12-15 13:59	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-24 00:36 . 2012-01-24 00:36	--------	d-----w-	c:\programdata\Avira
2012-01-24 00:36 . 2012-01-24 00:36	--------	d-----w-	c:\program files (x86)\Avira
2012-01-24 00:32 . 2012-01-24 00:32	--------	d-----w-	c:\windows\system32\Macromed
2012-01-23 21:55 . 2012-01-23 21:55	--------	d-----w-	c:\users\mary\AppData\Local\ElevatedDiagnostics
2012-01-23 20:28 . 2012-01-23 20:47	584192	----a-w-	c:\users\Public\OTL.exe
2012-01-23 19:22 . 2012-01-23 19:22	1110476	----a-w-	c:\users\Public\7z920.exe
2012-01-23 19:00 . 2012-01-23 20:46	50477	----a-w-	c:\users\Public\Defogger.exe
2012-01-11 16:04 . 2011-10-26 05:22	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 16:04 . 2011-10-26 04:28	1328640	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 16:04 . 2011-10-26 04:28	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 16:04 . 2011-10-26 05:22	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 16:04 . 2011-11-17 07:14	1739160	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 16:04 . 2011-11-17 05:41	1292592	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 16:04 . 2011-11-19 15:07	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 16:04 . 2011-11-19 14:06	67072	----a-w-	c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2011-05-15 11:46	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-24 00:32 . 2011-06-21 14:21	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00 . 2011-12-17 15:53	3141632	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-10 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-10 347008]
"GameXN"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-10 347008]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-05-03 1110360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mary\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2010-08-09 945200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2010-06-27 463408]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-12 92216]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 SW2SVC;SecureW2 Service;c:\program files (x86)\SecureW2\sw2_service.exe [2011-02-05 119688]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-13 132656]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-30 1028096]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 19:06	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-05 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-04-30 14:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-25 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-25 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-25 410136]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-06-10 24783624]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-29 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
IE: Free YouTube to MP3 Converter - c:\users\mary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
FF - ProfilePath - c:\users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\
FF - prefs.js: browser.search.defaulturl - 
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: All-Glass Firefox mod, based on Glasser: allglassv2@ambroos.neowin.net - %profile%\extensions\allglassv2@ambroos.neowin.net
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-05  16:49:12
ComboFix-quarantined-files.txt  2012-02-05 15:49
.
Vor Suchlauf: 15 Verzeichnis(se), 428.577.931.264 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 429.074.915.328 Bytes frei
.
- - End Of File - - A2B6B4101F2F12975296E8F9D1FEBF35
__________________
Alt 05.02.2012, 20:11   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Zitat:
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
Ist das noch beides installiert?
Umgehend bitte Norton deinstallieren!
__________________
__________________
Alt 05.02.2012, 23:33   #19
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


hi
ich hab jetzt nordton komplett deinstalliert soll avira auch deinstlliert werden?
gruß

Alt 05.02.2012, 23:52   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Nein, der kann und sollte bleiben, CF lief nur im eingeschränkten Modus.

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und führ es nochmal aus nach o.g. Anleitung

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.02.2012, 17:39   #21
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Code:
ATTFilter
ComboFix 12-02-06.02 - mary 06.02.2012  17:24:13.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3996.2722 [GMT 1:00]
ausgeführt von:: c:\users\mary\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mary\4.0
c:\users\Public\7z920.exe
c:\users\Public\Defogger.exe
c:\users\Public\mbam-setup-1.60.0.1800.exe
c:\users\Public\OTL.exe
c:\users\Public\SkypeSetup.exe
c:\windows\isRS-000.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-06 bis 2012-02-06  ))))))))))))))))))))))))))))))
.
.
2012-02-06 16:30 . 2012-02-06 16:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-03 10:35 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DBADC3F-F897-403D-B8F6-CE9710C2BD2B}\mpengine.dll
2012-02-02 23:13 . 2012-02-05 10:28	--------	d-----w-	c:\users\mary\AppData\Roaming\Acud
2012-02-02 23:13 . 2012-02-04 23:00	--------	d-----w-	c:\users\mary\AppData\Roaming\Evacgin
2012-01-30 15:56 . 2012-01-30 15:56	--------	d-----w-	c:\users\mary\AppData\Roaming\AVS4YOU
2012-01-30 15:55 . 2011-09-16 15:05	11137024	----a-w-	c:\windows\SysWow64\libmfxsw32.dll
2012-01-30 15:55 . 2012-01-30 15:56	--------	d-----w-	c:\program files (x86)\Common Files\AVSMedia
2012-01-30 15:54 . 2012-01-30 15:56	--------	d-----w-	c:\program files (x86)\AVS4YOU
2012-01-30 15:54 . 2012-01-30 15:56	--------	d-----w-	c:\programdata\AVS4YOU
2012-01-30 15:54 . 2011-08-22 15:33	1700352	----a-w-	c:\windows\SysWow64\GdiPlus.dll
2012-01-30 15:54 . 2011-08-22 15:32	24576	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-01-29 21:07 . 2012-01-29 21:07	--------	d-----w-	c:\users\mary\AppData\Roaming\AnvSoft
2012-01-29 21:06 . 2012-01-29 21:06	--------	d-----w-	c:\program files (x86)\AnvSoft
2012-01-27 07:17 . 2012-01-27 07:17	--------	d-----w-	c:\program files (x86)\GanttProject
2012-01-26 14:01 . 2012-01-26 14:01	--------	d-----w-	C:\_OTL
2012-01-25 16:03 . 2012-01-25 21:55	--------	d-----w-	c:\programdata\Skype
2012-01-25 15:24 . 2012-01-25 15:24	--------	d-----w-	c:\users\mary\AppData\Roaming\Malwarebytes
2012-01-25 15:23 . 2012-01-25 15:23	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-25 15:23 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-25 15:23 . 2012-02-06 16:19	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-24 23:50 . 2012-01-24 23:50	--------	d-----w-	c:\program files (x86)\ESET
2012-01-24 00:42 . 2012-01-24 00:42	--------	d-----w-	c:\users\mary\AppData\Roaming\Avira
2012-01-24 00:36 . 2011-12-15 14:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-01-24 00:36 . 2011-12-15 13:59	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-01-24 00:36 . 2011-12-15 13:59	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-24 00:36 . 2012-01-24 00:36	--------	d-----w-	c:\programdata\Avira
2012-01-24 00:36 . 2012-01-24 00:36	--------	d-----w-	c:\program files (x86)\Avira
2012-01-24 00:32 . 2012-01-24 00:32	--------	d-----w-	c:\windows\system32\Macromed
2012-01-23 21:55 . 2012-01-23 21:55	--------	d-----w-	c:\users\mary\AppData\Local\ElevatedDiagnostics
2012-01-11 16:04 . 2011-10-26 05:22	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 16:04 . 2011-10-26 04:28	1328640	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 16:04 . 2011-10-26 04:28	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 16:04 . 2011-10-26 05:22	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 16:04 . 2011-11-17 07:14	1739160	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 16:04 . 2011-11-17 05:41	1292592	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 16:04 . 2011-11-19 15:07	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 16:04 . 2011-11-19 14:06	67072	----a-w-	c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2011-05-15 11:46	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-24 00:32 . 2011-06-21 14:21	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00 . 2011-12-17 15:53	3141632	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-02-05_15.46.49   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-10 03:44 . 2012-02-05 22:32	41672              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-06 16:21	51018              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-02-05 15:37	51018              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-29 11:02 . 2012-02-06 16:21	14424              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4095103540-1321131750-1468116599-1000_UserData.bin
- 2011-04-29 11:00 . 2012-02-05 15:35	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-29 11:00 . 2012-02-06 16:20	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-26 14:07 . 2012-02-06 16:20	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-26 14:07 . 2012-02-05 15:35	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-05 15:35	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-06 16:20	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-29 12:43 . 2012-02-05 15:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-29 12:43 . 2012-02-06 16:11	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-29 12:43 . 2012-02-05 15:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-29 12:43 . 2012-02-06 16:11	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-05 15:35 . 2012-02-05 15:35	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-06 16:19 . 2012-02-06 16:19	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-05 15:35 . 2012-02-05 15:35	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-06 16:19 . 2012-02-06 16:19	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-29 12:32 . 2012-02-06 16:08	278560              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-02-05 22:15	616008              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-05 11:27	616008              c:\windows\system32\perfh009.dat
- 2010-12-10 03:42 . 2012-02-05 11:27	654166              c:\windows\system32\perfh007.dat
+ 2010-12-10 03:42 . 2012-02-05 22:15	654166              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-02-05 22:15	106388              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-05 11:27	106388              c:\windows\system32\perfc009.dat
- 2010-12-10 03:42 . 2012-02-05 11:27	130006              c:\windows\system32\perfc007.dat
+ 2010-12-10 03:42 . 2012-02-05 22:15	130006              c:\windows\system32\perfc007.dat
- 2009-07-14 05:12 . 2012-02-05 10:27	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-02-06 16:20	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-02-05 15:34	277812              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-06 16:18	277812              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-02-05 15:46	10485760              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-06 11:00	10485760              c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mary\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-12 92216]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 SW2SVC;SecureW2 Service;c:\program files (x86)\SecureW2\sw2_service.exe [2011-02-05 119688]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-30 1028096]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 19:06	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-06 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-04-30 14:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-25 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-25 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-25 410136]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-06-10 24783624]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-29 487424]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
IE: Free YouTube to MP3 Converter - c:\users\mary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\
FF - prefs.js: browser.search.defaulturl - 
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: All-Glass Firefox mod, based on Glasser: allglassv2@ambroos.neowin.net - %profile%\extensions\allglassv2@ambroos.neowin.net
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: general.useragent.extra.brc - 
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-06  17:34:01
ComboFix-quarantined-files.txt  2012-02-06 16:34
ComboFix2.txt  2012-02-05 15:49
.
Vor Suchlauf: 17 Verzeichnis(se), 429.561.921.536 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 429.323.137.024 Bytes frei
.
- - End Of File - - A87BF88FBF57980864FBEF46395659ED

Alt 06.02.2012, 19:54   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Folder::
c:\users\mary\AppData\Roaming\Acud
c:\users\mary\AppData\Roaming\Evacgin
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.02.2012, 13:40   #23
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Code:
ATTFilter
ComboFix 12-02-06.02 - mary 07.02.2012  13:03:05.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3996.2561 [GMT 1:00]
ausgeführt von:: c:\users\mary\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\mary\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mary\AppData\Roaming\Acud
c:\users\mary\AppData\Roaming\Evacgin
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-07 bis 2012-02-07  ))))))))))))))))))))))))))))))
.
.
2012-02-07 12:14 . 2012-02-07 12:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-07 11:47 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5600C531-2A70-42FD-97D4-89CA90A81963}\mpengine.dll
2012-01-30 15:56 . 2012-01-30 15:56	--------	d-----w-	c:\users\mary\AppData\Roaming\AVS4YOU
2012-01-30 15:55 . 2011-09-16 15:05	11137024	----a-w-	c:\windows\SysWow64\libmfxsw32.dll
2012-01-30 15:55 . 2012-01-30 15:56	--------	d-----w-	c:\program files (x86)\Common Files\AVSMedia
2012-01-30 15:54 . 2012-01-30 15:56	--------	d-----w-	c:\program files (x86)\AVS4YOU
2012-01-30 15:54 . 2012-01-30 15:56	--------	d-----w-	c:\programdata\AVS4YOU
2012-01-30 15:54 . 2011-08-22 15:33	1700352	----a-w-	c:\windows\SysWow64\GdiPlus.dll
2012-01-30 15:54 . 2011-08-22 15:32	24576	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-01-29 21:07 . 2012-01-29 21:07	--------	d-----w-	c:\users\mary\AppData\Roaming\AnvSoft
2012-01-29 21:06 . 2012-01-29 21:06	--------	d-----w-	c:\program files (x86)\AnvSoft
2012-01-27 07:17 . 2012-01-27 07:17	--------	d-----w-	c:\program files (x86)\GanttProject
2012-01-26 14:01 . 2012-01-26 14:01	--------	d-----w-	C:\_OTL
2012-01-25 16:03 . 2012-01-25 21:55	--------	d-----w-	c:\programdata\Skype
2012-01-25 15:24 . 2012-01-25 15:24	--------	d-----w-	c:\users\mary\AppData\Roaming\Malwarebytes
2012-01-25 15:23 . 2012-01-25 15:23	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-25 15:23 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-25 15:23 . 2012-02-06 16:19	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-24 23:50 . 2012-01-24 23:50	--------	d-----w-	c:\program files (x86)\ESET
2012-01-24 00:42 . 2012-01-24 00:42	--------	d-----w-	c:\users\mary\AppData\Roaming\Avira
2012-01-24 00:36 . 2011-12-15 14:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-01-24 00:36 . 2011-12-15 13:59	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-01-24 00:36 . 2011-12-15 13:59	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-24 00:36 . 2012-01-24 00:36	--------	d-----w-	c:\programdata\Avira
2012-01-24 00:36 . 2012-01-24 00:36	--------	d-----w-	c:\program files (x86)\Avira
2012-01-24 00:32 . 2012-01-24 00:32	--------	d-----w-	c:\windows\system32\Macromed
2012-01-23 21:55 . 2012-01-23 21:55	--------	d-----w-	c:\users\mary\AppData\Local\ElevatedDiagnostics
2012-01-11 16:04 . 2011-10-26 05:22	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 16:04 . 2011-10-26 04:28	1328640	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 16:04 . 2011-10-26 04:28	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 16:04 . 2011-10-26 05:22	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 16:04 . 2011-11-17 07:14	1739160	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 16:04 . 2011-11-17 05:41	1292592	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 16:04 . 2011-11-19 15:07	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 16:04 . 2011-11-19 14:06	67072	----a-w-	c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2011-05-15 11:46	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-24 00:32 . 2011-06-21 14:21	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00 . 2011-12-17 15:53	3141632	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-02-05_15.46.49   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-10 03:44 . 2012-02-07 11:42	41752              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-07 11:42	51018              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-02-05 15:37	51018              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-29 11:02 . 2012-02-07 11:42	14472              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4095103540-1321131750-1468116599-1000_UserData.bin
- 2011-04-29 11:00 . 2012-02-05 15:35	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-29 11:00 . 2012-02-07 11:55	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-26 14:07 . 2012-02-07 11:55	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-26 14:07 . 2012-02-05 15:35	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-05 15:35	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-07 11:55	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-29 12:43 . 2012-02-05 15:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-29 12:43 . 2012-02-07 12:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-29 12:43 . 2012-02-05 15:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-29 12:43 . 2012-02-07 12:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-05 15:35 . 2012-02-05 15:35	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-07 11:40 . 2012-02-07 11:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-05 15:35 . 2012-02-05 15:35	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-07 11:40 . 2012-02-07 11:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-29 12:32 . 2012-02-06 16:08	278560              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-02-05 22:15	616008              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-05 11:27	616008              c:\windows\system32\perfh009.dat
- 2010-12-10 03:42 . 2012-02-05 11:27	654166              c:\windows\system32\perfh007.dat
+ 2010-12-10 03:42 . 2012-02-05 22:15	654166              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-02-05 22:15	106388              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-05 11:27	106388              c:\windows\system32\perfc009.dat
- 2010-12-10 03:42 . 2012-02-05 11:27	130006              c:\windows\system32\perfc007.dat
+ 2010-12-10 03:42 . 2012-02-05 22:15	130006              c:\windows\system32\perfc007.dat
- 2009-07-14 05:12 . 2012-02-05 10:27	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-02-07 11:55	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-02-05 15:34	277812              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-07 01:17	277812              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-02-05 15:46	10485760              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-07 11:57	10485760              c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mary\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-12 92216]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 SW2SVC;SecureW2 Service;c:\program files (x86)\SecureW2\sw2_service.exe [2011-02-05 119688]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-30 1028096]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 19:06	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-07 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-04-30 14:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-25 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-25 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-25 410136]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-06-10 24783624]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-29 487424]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
IE: Free YouTube to MP3 Converter - c:\users\mary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\
FF - prefs.js: browser.search.defaulturl - 
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: All-Glass Firefox mod, based on Glasser: allglassv2@ambroos.neowin.net - %profile%\extensions\allglassv2@ambroos.neowin.net
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: general.useragent.extra.brc - 
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-07  13:34:22
ComboFix-quarantined-files.txt  2012-02-07 12:34
ComboFix2.txt  2012-02-06 16:34
ComboFix3.txt  2012-02-05 15:49
.
Vor Suchlauf: 17 Verzeichnis(se), 430.290.890.752 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 430.237.245.440 Bytes frei
.
- - End Of File - - 350C20DA50CE67974B6B749955475A99

Alt 07.02.2012, 13:54   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.02.2012, 18:49   #25
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Code:
ATTFilter
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-07 18:34:18
-----------------------------
18:34:18.280    OS Version: Windows x64 6.1.7600 
18:34:18.280    Number of processors: 2 586 0x170A
18:34:18.281    ComputerName: MARY-HP  UserName: mary
18:34:22.171    Initialize success
18:36:28.063    AVAST engine defs: 12020701
18:36:30.713    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:36:30.717    Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
18:36:30.765    Disk 0 MBR read successfully
18:36:30.770    Disk 0 MBR scan
18:36:30.778    Disk 0 Windows 7 default MBR code
18:36:30.783    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 2048
18:36:30.804    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       459229 MB offset 616448
18:36:30.837    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15360 MB offset 941117440
18:36:30.864    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     2043 MB offset 972574720
18:36:30.875    Service scanning
18:36:32.058    Modules scanning
18:36:32.066    Disk 0 trace - called modules:
18:36:32.109    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
18:36:32.120    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cf6060]
18:36:32.129    3 CLASSPNP.SYS[fffff88001a6743f] -> nt!IofCallDriver -> [0xfffffa8004b5c830]
18:36:32.141    5 ACPI.sys[fffff88000f72781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b5f050]
18:36:33.484    AVAST engine scan C:\windows
18:36:36.685    AVAST engine scan C:\windows\system32
18:39:36.165    AVAST engine scan C:\windows\system32\drivers
18:39:51.365    AVAST engine scan C:\Users\mary
18:41:53.554    File: C:\Users\mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\764eae8b-7f48ee5a  **INFECTED** Win32:Kryptik-HCJ [Trj]
18:41:53.757    File: C:\Users\mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2e62dea-4cbe25a6  **INFECTED** Win32:Kryptik-HCJ [Trj]
18:41:54.020    File: C:\Users\mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\36f268f3-48c599b5  **INFECTED** Win32:Kryptik-HCJ [Trj]
18:43:48.719    AVAST engine scan C:\ProgramData
18:44:16.637    Scan finished successfully
18:44:48.909    Disk 0 MBR has been saved successfully to "C:\Users\mary\Desktop\MBR.dat"
18:44:48.917    The log file has been saved successfully to "C:\Users\mary\Desktop\aswMBR5.txt"

Alt 07.02.2012, 20:38   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.02.2012, 23:52   #27
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


hier sind die logs

Alt 08.02.2012, 11:24   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Warum jetzt akls ZIP? Die Logs sollten hier direkt in CODE-Tags gepostet werden
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.02.2012, 11:37   #29
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


weil das eine zu lang ist und ich sie direkt nicht posten kann

Alt 08.02.2012, 11:46   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu failed save system 32, hilfe :(
absolut, ahnung, bildschirm, check, compu, computer, computern, erklären, failed, fehlermeldung, fenster, manager, offen, schwarze, system, system 32, system check, tagen, task manager, windows, windows 7


« Windows System wurde aus Sicherheitsgründen Blockiert! | Generic Backdoor!dxf Trojaner in C:\Windows\assembly\GAC_MSIL\Desktop.ini »


Ähnliche Themen: failed save system 32, hilfe :(


  1. windows system 32 hardware fehler: failed to save all components - wie symbole wiederherstellen?
    Log-Analyse und Auswertung - 02.04.2012 (3)
  2. failed to save all components to file system 32 0000198f this file is corrupted unreadable
    Log-Analyse und Auswertung - 30.03.2012 (13)
  3. Failed to save all the components
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (10)
  4. Failed to save all the components for the file \\System 32\\0000174e
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (3)
  5. Failed to save...32
    Alles rund um Windows - 21.01.2012 (2)
  6. System Check - Failed to save all the components for the file ... Trojaner oder Hardwarefehler?
    Log-Analyse und Auswertung - 10.01.2012 (6)
  7. Failed to save all components for the system.....
    Alles rund um Windows - 03.01.2012 (2)
  8. WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 25.11.2011 (7)
  9. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428
    Log-Analyse und Auswertung - 15.11.2011 (35)
  10. Failed to save all the Components
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (9)
  11. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - St
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (16)
  12. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (101)
  13. failed to save all components to file system 32 0000198f this file is corrupted unreadable
    Log-Analyse und Auswertung - 11.11.2011 (24)
  14. Windows - Delayed Write Failed - Failed to save...
    Log-Analyse und Auswertung - 10.11.2011 (7)
  15. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 09.11.2011 (25)
  16. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (10)
  17. Windows - Delayed Write Failed. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 07.11.2011 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema failed save system 32, hilfe :( - Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix Lade dir ComboFix hier herunter auf deinen Desktop . Schliesse alle Programme, vor allem dein Antivirenprogramm - failed save system 32, hilfe :(...
Archiv
Du betrachtest: failed save system 32, hilfe :( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55