C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hoster.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\wuauclt.exe
03 - Toolbar: &WINSWEEP Toolbar - {E915E62E-41DA-40D0-8106-3438B4D24394} - C:\Program Files\WinSweep\SurfBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKLM\..\Run: [Windows Update Host] hoster.exe
O4 - HKCU\..\Run: [Windows Update Host] hoster.exe
O4 - HKLM\..\RunServices: [Windows Update Host] hoster.exe
------------------------------------------------------------------------------------
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
NT AUTHORITY\SYSTEM-->winlogon.exe has initiatet the rest
2 Beiträge • Seite 1 von 1
NT AUTHORITY\SYSTEM-->winlogon.exe has initiatet the rest
von Nikita am 19.01.2005, 05:22
Zuletzt geändert von Nikita am 22.01.2005, 18:00, insgesamt 5-mal geändert.
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Nikita am 19.01.2005, 05:37
[181.1] Inbound DCE BIND to potentially vulnerable RPC DCOM interface attempt detected
Worm/Rbot.VE
C:\Windows\System32\TFTP1848
C:\Windows\System32\TFTP940
C:\Windows\System32\TFTP1176
C:\Windows\System32\TFTP556
NT AUTHORITY\SYSTEM-->winlogon.exe has initiatet the restart
Remote procedur Call --> reboot
Detalhes
Produto: Windows Operating System
ID: 10010
Origem: DCOM
Versão: 5.0
Componente: System Event Log
Nome simbólico: EVENT_RPCSS_SERVER_START_TIMEOUT
Mensagem: The server %1 did not register with DCOM within the required timeout.
Explicação
The Component Object Model (COM) infrastructure tried to start the named server; however, the server did not reply within the required timeout period. There might be a deadlock, or the program might not have responded to the server initialization code within the timeout period of two minutes.
Acção do utilizador
If the problem continues to occur, contact the program vendor.
To determine the program vendor
Using Regedit, navigate to the following registry value
HKCR\Clsid\clsid value\localserver32
The clsid value is the information displayed in the message.
In the right pane, double-click Default. The Edit String dialog box is displayed. Leave this dialog box open.
Click Start, and then click My Computer.
Using the information displayed in the Value data box of the Edit String dialog box, navigate to the program.
Right-click the program name, and then click Properties.
The Properties dialog box for the program is displayed.
To determine who the vendor is for this program, refer to the Version tab.
Versão: 5.2
Nome simbólico: EVENT_RPCSS_SERVER_START_TIMEOUT
Mensagem: The server %1 did not register with DCOM within the required timeout.
Explicação
The Component Object Model (COM) infrastructure tried to start the named server; however, the server did not reply within the required timeout period. There might be a deadlock, or the program might not have responded to the server initialization code within the timeout period of two minutes.
Acção do utilizador
If the problem continues to occur, contact the program vendor.
To determine the program vendor
Using Regedit, navigate to the following registry value
HKCR\Clsid\clsid value\localserver32
The clsid value is the information displayed in the message.
In the right pane, double-click Default. The Edit String dialog box is displayed. Leave this dialog box open.
Click Start, and then click My Computer.
Using the information displayed in the Value data box of the Edit String dialog box, navigate to the program.
Right-click the program name, and then click Properties.
The Properties dialog box for the program is displayed.
To determine who the vendor is for this program, refer to the Version tab.
Artigos relacionados da base de dados de conhecimento
Poderá encontrar informações adicionais sobre este tópico nos seguintes artigos da base de dados de conhecimento da Microsoft:
• Windows Messenger Does Not Start
If you try to start Windows Messenger by using an account that does not have administrator permissions on the local computer, any of the following symptoms may occur: Windows Messenger does not start.The following event appears in Event Viewer:...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Detalhes
Produto: Windows Operating System
ID: 7031
Origem: Service Control Manager
Versão: 5.2
Nome simbólico: EVENT_SERVICE_CRASH
Mensagem: The %1 service terminated unexpectedly. It has done this %2 time(s). The following corrective action will be taken in %3 milliseconds: %5.
Detalhes
Produto: Windows Operating System
ID: 7031
Origem: Service Control Manager
Versão: 5.2
Nome simbólico: EVENT_SERVICE_CRASH
Mensagem: The %1 service terminated unexpectedly. It has done this %2 time(s). The following corrective action will be taken in %3 milliseconds: %5.
Explicação
The specified service could not continue. This service is configured to report the number of failures and, after a specific number of failures are reported, the Service Control Manager will perform the recovery action configured for the specified service.
Acção do utilizador
To determine why the specified service failed, do the following:
Display the WIN32_EXIT_CODE error that SCM encountered. To display the error, at the command prompt, type
sc query service name
The information displayed can help you identify possible causes for the error.
I dont know whats going on the computer automatically
shutsdown
-----------------------------------------------------------------------------
Firewall:
Applikation wurde, seit dem letzten Öffnen, geändert, Prozess ID: 1808
Dateiname: C:\WINDOWS\system32\hoster.exe
Die Änderung wurde durch den User erlaubt.
---- Module geändert: 1 ----
C:\WINDOWS\system32\odbc32.dll
---- Neue Module: 0 ----
odbc32.dll
MICROSOFT DATA ACCESS ODBC DRIVER MANAGER
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 213.206.158.0 - 213.206.159.255
netname: SPRINTLINK
descr: Sprintlink UK
country: GB
admin-c: SIA15-RIPE
tech-c: SIA15-RIPE
status: ASSIGNED PA
mnt-by: SPRINTLINK-MNT
changed: lynnc@sprint.net 20020719
source: RIPE
role: Sprintlink IP Administrator
address: 12502 Sunrise Valley Drive
e-mail: ip-request@sprint.net
admin-c: LC582-RIPE
admin-c: HF759-RIPE
tech-c: YC130-RIPE
nic-hdl: SIA15-RIPE
mnt-by: SPRINTLINK-MNT
changed: lynn.r.colavita@mail.sprint.com 20040806
source: RIPE
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 0.0.0.0 - 255.255.255.255
netname: IANA-BLK
descr: The whole IPv4 address space
country: EU # Country is really world wide
org: ORG-IANA1-RIPE
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
status: ALLOCATED UNSPECIFIED
remarks: The country is really worldwide.
remarks: This address space is assigned at various other places in
remarks: the world and might therefore not be in the RIPE database.
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
Worm/Rbot.VE
C:\Windows\System32\TFTP1848
C:\Windows\System32\TFTP940
C:\Windows\System32\TFTP1176
C:\Windows\System32\TFTP556
NT AUTHORITY\SYSTEM-->winlogon.exe has initiatet the restart
Remote procedur Call --> reboot
Detalhes
Produto: Windows Operating System
ID: 10010
Origem: DCOM
Versão: 5.0
Componente: System Event Log
Nome simbólico: EVENT_RPCSS_SERVER_START_TIMEOUT
Mensagem: The server %1 did not register with DCOM within the required timeout.
Explicação
The Component Object Model (COM) infrastructure tried to start the named server; however, the server did not reply within the required timeout period. There might be a deadlock, or the program might not have responded to the server initialization code within the timeout period of two minutes.
Acção do utilizador
If the problem continues to occur, contact the program vendor.
To determine the program vendor
Using Regedit, navigate to the following registry value
HKCR\Clsid\clsid value\localserver32
The clsid value is the information displayed in the message.
In the right pane, double-click Default. The Edit String dialog box is displayed. Leave this dialog box open.
Click Start, and then click My Computer.
Using the information displayed in the Value data box of the Edit String dialog box, navigate to the program.
Right-click the program name, and then click Properties.
The Properties dialog box for the program is displayed.
To determine who the vendor is for this program, refer to the Version tab.
Versão: 5.2
Nome simbólico: EVENT_RPCSS_SERVER_START_TIMEOUT
Mensagem: The server %1 did not register with DCOM within the required timeout.
Explicação
The Component Object Model (COM) infrastructure tried to start the named server; however, the server did not reply within the required timeout period. There might be a deadlock, or the program might not have responded to the server initialization code within the timeout period of two minutes.
Acção do utilizador
If the problem continues to occur, contact the program vendor.
To determine the program vendor
Using Regedit, navigate to the following registry value
HKCR\Clsid\clsid value\localserver32
The clsid value is the information displayed in the message.
In the right pane, double-click Default. The Edit String dialog box is displayed. Leave this dialog box open.
Click Start, and then click My Computer.
Using the information displayed in the Value data box of the Edit String dialog box, navigate to the program.
Right-click the program name, and then click Properties.
The Properties dialog box for the program is displayed.
To determine who the vendor is for this program, refer to the Version tab.
Artigos relacionados da base de dados de conhecimento
Poderá encontrar informações adicionais sobre este tópico nos seguintes artigos da base de dados de conhecimento da Microsoft:
• Windows Messenger Does Not Start
If you try to start Windows Messenger by using an account that does not have administrator permissions on the local computer, any of the following symptoms may occur: Windows Messenger does not start.The following event appears in Event Viewer:...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Detalhes
Produto: Windows Operating System
ID: 7031
Origem: Service Control Manager
Versão: 5.2
Nome simbólico: EVENT_SERVICE_CRASH
Mensagem: The %1 service terminated unexpectedly. It has done this %2 time(s). The following corrective action will be taken in %3 milliseconds: %5.
Detalhes
Produto: Windows Operating System
ID: 7031
Origem: Service Control Manager
Versão: 5.2
Nome simbólico: EVENT_SERVICE_CRASH
Mensagem: The %1 service terminated unexpectedly. It has done this %2 time(s). The following corrective action will be taken in %3 milliseconds: %5.
Explicação
The specified service could not continue. This service is configured to report the number of failures and, after a specific number of failures are reported, the Service Control Manager will perform the recovery action configured for the specified service.
Acção do utilizador
To determine why the specified service failed, do the following:
Display the WIN32_EXIT_CODE error that SCM encountered. To display the error, at the command prompt, type
sc query service name
The information displayed can help you identify possible causes for the error.
I dont know whats going on the computer automatically
shutsdown
-----------------------------------------------------------------------------
Firewall:
Applikation wurde, seit dem letzten Öffnen, geändert, Prozess ID: 1808
Dateiname: C:\WINDOWS\system32\hoster.exe
Die Änderung wurde durch den User erlaubt.
---- Module geändert: 1 ----
C:\WINDOWS\system32\odbc32.dll
---- Neue Module: 0 ----
odbc32.dll
MICROSOFT DATA ACCESS ODBC DRIVER MANAGER
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 213.206.158.0 - 213.206.159.255
netname: SPRINTLINK
descr: Sprintlink UK
country: GB
admin-c: SIA15-RIPE
tech-c: SIA15-RIPE
status: ASSIGNED PA
mnt-by: SPRINTLINK-MNT
changed: lynnc@sprint.net 20020719
source: RIPE
role: Sprintlink IP Administrator
address: 12502 Sunrise Valley Drive
e-mail: ip-request@sprint.net
admin-c: LC582-RIPE
admin-c: HF759-RIPE
tech-c: YC130-RIPE
nic-hdl: SIA15-RIPE
mnt-by: SPRINTLINK-MNT
changed: lynn.r.colavita@mail.sprint.com 20040806
source: RIPE
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
inetnum: 0.0.0.0 - 255.255.255.255
netname: IANA-BLK
descr: The whole IPv4 address space
country: EU # Country is really world wide
org: ORG-IANA1-RIPE
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
status: ALLOCATED UNSPECIFIED
remarks: The country is really worldwide.
remarks: This address space is assigned at various other places in
remarks: the world and might therefore not be in the RIPE database.
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
2 Beiträge • Seite 1 von 1
Ähnliche Themen
| System installation Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
200mhz System Aufrüsten? Forum: Hardware-Hilfe Autor: That Guy Antworten: |
system shutdown Forum: Online- und PC-Sicherheit Autor: Anonymous Antworten: |
c:\windows\system32\config\system fehlerhaft oder beschädigt Forum: Hardware-Hilfe Autor: Svenman_1 Antworten: |
Invalid system disk.Replace the disk, and then press any key Forum: Software-Hilfe Autor: Anonymous Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste