| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows UpdateWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.02.2015, 15:22
| #1 |
 |  Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Hallo Trojanerboard Team, letztes Jahr hatte ich Probleme mit dem Start von Windows auf meinem Desktop-PC. Die Profile wurden nicht geladen. Erst nach mehrere Versuche klappte es. Für mich sah das nach Virus aus und ich setzte mein System zurück (mir Recovery CD). Mindestens seitdem funktioniert mein Windows Update nicht mehr (Manuel auch nicht). Nochmal zurücksetzen hat nicht geholfen. Ich habe ziemlich alles ausprobiert, was im Netz zu finden war. Erfolglos! Die Fehlermeldung lautet genau: Code 8008005 Unbekannte Fehler bei Windows Update Sonst ist alles normal mit meinem PC. Keine Meldungen von Viren und Malware. NUR wenn ich mich unter meinem Administrator Profil anmelde (sonst nicht), kommt beim Start eine DLL-Fehlemeldung. Screenshot davon habe ich gepostet (.pdf). sfc \scannow - hat auch nicht geholfen. http://www.trojaner-board.de/91139-s...x80080005.html Wenn mir jemand helfen kann, bevor ich das System Neuaufsetzen muss, wäre ich sehr dankbar VG |
|
04.02.2015, 17:48
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
04.02.2015, 22:22
| #3 |
| | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Ok danke!
__________________Die Fehlermeldung beim Starten des Administratorsprofils lautet: "RunDLL Problem beim Starten von C:\Users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll Das angegebene Modul wurde nicht gefunden. " defogger Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:23 on 04/02/2015 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Admin (administrator) on SILENT on 04-02-2015 14:33:31
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: User & Admin)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
() C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE
() C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
() C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
(Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [BitComet] => C:\Program Files\BitComet\BitComet.exe /tray
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [BackgroundContainerV2] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Avast-Browser-Cleanup] => C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe [1531528 2015-01-10] (AVAST Software)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe -update plugin
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [uTorrent] => "C:\Windows\TEMP\avast_ash\uTorrent (current user)\uTorrent.exe" /MINIMIZED <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {53C81C2F-5834-42F2-8CAB-E09DC929E098} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=en_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=a22b8286-29db-4ccd-b6ec-18f216374e2b&apn_sauid=02D49FA5-8766-431C-9B5F-A48F2098793E
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-09]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23]
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc [2012-08-18]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-08-06]
CHR HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-08-06]
StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-23] (Avast Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-17] (Macrovision Europe Ltd.) [File not signed]
R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]
R2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] ()
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-23] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin) [File not signed]
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [586752 2010-10-22] (AVM GmbH)
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-04] (Windows (R) 2000 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-08] (Duplex Secure Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-23] (Avast Software)
R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [179200 2012-05-30] (VIA Technologies, Inc.) [File not signed]
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [217600 2012-05-30] (VIA Technologies, Inc.) [File not signed]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-11-15] (Kaspersky Lab)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 14:34 - 2015-02-04 14:34 - 00380416 _____ () C:\Users\Admin\Desktop\Gmer-19357.exe
2015-02-04 14:33 - 2015-02-04 14:33 - 00021191 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-04 14:33 - 2015-02-04 14:33 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-33-27.087-aswFe.exe-5324.log
2015-02-04 14:33 - 2015-02-04 14:33 - 00000197 _____ () C:\Windows\system32\2015-02-04-13-33-21.032-AvastVBoxSVC.exe-3988.log
2015-02-04 14:33 - 2015-02-04 14:33 - 00000000 ____D () C:\FRST
2015-02-04 14:32 - 2015-02-04 14:32 - 01122304 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-02-04 14:23 - 2015-02-04 14:23 - 00000582 _____ () C:\Users\Admin\Desktop\defogger_disable.log
2015-02-04 14:23 - 2015-02-04 14:23 - 00000020 _____ () C:\Users\Admin\defogger_reenable
2015-02-04 14:22 - 2015-02-04 14:22 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2015-02-04 14:10 - 2015-02-04 14:10 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner
2015-02-04 13:56 - 2015-02-04 13:56 - 02194432 _____ () C:\Users\Admin\Desktop\adwcleaner_4.109.exe
2015-02-04 13:52 - 2015-02-04 13:52 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2015-01-31 17:32 - 2015-01-31 17:32 - 00000206 _____ () C:\Users\User\Desktop\Untitled.URL
2015-01-30 20:36 - 2015-01-30 20:36 - 02460763 _____ () C:\Users\User\Desktop\sammeldownload_20150130_203618.zip
2015-01-29 07:16 - 2015-01-31 08:38 - 4028379289 _____ () C:\Users\User\Downloads\Fury.2014.720p.BRRip.x264.AC3-EVO.mkv
2015-01-28 19:47 - 2015-01-28 20:13 - 472306888 _____ () C:\Users\User\Downloads\20.000.Days.on.Earth.2014.LiMiTED.BDRiP.X264-TASTE.mkv
2015-01-27 07:58 - 2015-01-27 07:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-21 10:18 - 2015-01-21 10:18 - 00000000 ____D () C:\Users\User\Desktop\Zeugnis
2015-01-17 21:39 - 2015-01-17 21:42 - 00000000 ____D () C:\Users\TEMP.Silent.002
2015-01-13 11:58 - 2015-01-13 11:58 - 00000717 _____ () C:\Users\User\Desktop\DOKTORARBEIT - Verknüpfung.lnk
2015-01-12 07:22 - 2015-01-12 07:22 - 00001829 _____ () C:\Users\User\Downloads\Son.Of.A.Gun.2014.HDRiP.XVID.AC3-MAJESTIC - Verknüpfung.lnk
2015-01-11 20:57 - 2015-01-11 20:57 - 00916668 _____ () C:\Users\User\Desktop\lic-10.01.rar
2015-01-11 20:57 - 2015-01-11 20:57 - 00000000 ____D () C:\Users\User\Desktop\lic-10.01
2015-01-10 19:58 - 2015-01-10 19:58 - 00057387 _____ () C:\Users\User\Downloads\Son.Of.A.Gun.2014.HDRiP.XVID.AC3-MAJESTIC.srt
2015-01-10 15:09 - 2015-01-10 15:09 - 00311481 _____ () C:\Users\User\Downloads\Sing mit mir - Kinderlieder - YouTube.htm
2015-01-09 01:14 - 2015-01-09 01:14 - 00000000 ____D () C:\Program Files\ESET
2015-01-09 01:12 - 2015-01-09 01:13 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2015-01-09 00:46 - 2015-01-09 00:46 - 00001203 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-09 00:44 - 2015-01-09 00:46 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-09 00:44 - 2015-01-09 00:44 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-09 00:36 - 2015-01-09 00:36 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Admin\Downloads\FreeStudio(1).exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 14:34 - 2014-03-18 18:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 14:32 - 2014-05-08 20:54 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job
2015-02-04 14:32 - 2011-12-20 23:22 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job
2015-02-04 14:30 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 14:30 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 14:28 - 2013-07-07 16:59 - 00302240 _____ () C:\Windows\setupact.log
2015-02-04 14:28 - 2011-01-27 09:18 - 01355152 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 14:25 - 2012-08-15 21:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-02-04 14:25 - 2011-02-13 20:48 - 00000211 _____ () C:\service.log
2015-02-04 14:25 - 2011-02-13 20:47 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-02-04 14:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 14:23 - 2011-04-22 10:02 - 00000000 ____D () C:\Users\Admin
2015-02-04 14:08 - 2013-12-30 15:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\EndNote
2015-02-04 14:00 - 2015-01-04 18:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-04 13:57 - 2015-01-04 18:35 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-02-04 13:52 - 2012-08-07 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-04 13:52 - 2011-01-27 21:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-02-04 13:46 - 2015-01-04 18:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 13:36 - 2009-07-14 08:49 - 00000000 ____D () C:\Windows\CSC
2015-02-01 19:00 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-01 18:55 - 2011-01-27 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-01 13:46 - 2011-01-27 00:34 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 08:29 - 2011-02-14 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\EndNote
2015-01-31 07:28 - 2009-07-14 05:53 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-30 20:01 - 2011-03-26 22:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-01-28 16:34 - 2012-05-14 06:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 09:34 - 2012-08-11 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 09:34 - 2011-12-04 16:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 08:15 - 2012-04-19 05:59 - 10121728 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-01-22 19:09 - 2011-01-30 17:34 - 00004096 _____ () C:\Users\Public\Documents\000016E5.LCS
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-15 20:44 - 2012-04-14 07:29 - 04097536 ___SH () C:\Users\User\Downloads\Thumbs.db
2015-01-15 15:32 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\Documents\DVDVideoSoft
2015-01-11 17:29 - 2012-09-30 06:45 - 00000000 ____D () C:\Users\User\Documents\MATLAB
2015-01-09 12:16 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-01-09 00:46 - 2013-02-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-08 23:58 - 2013-07-08 06:51 - 00157928 _____ () C:\Windows\PFRO.log
==================== Files in the root of some directories =======
2012-12-30 17:50 - 2012-12-30 17:50 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2011-01-27 18:58 - 2011-01-27 18:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-11-15 19:45 - 2012-11-18 12:12 - 0009365 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\BitAD12.tmp.exe
C:\Users\Admin\AppData\Local\Temp\FreeStudio.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Admin\AppData\Local\Temp\tmp910A.exe
C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\tmp41EF.exe
C:\Users\User\AppData\Local\Temp\tmpD197.exe
C:\Users\User\AppData\Local\Temp\utt5F59.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2011-10-23 13:19
==================== End Of Log ============================
--- --- --- --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by Admin at 2015-02-04 14:34:34
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS Ver.2.01 (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.01 - GIGABYTE)
µTorrent (HKU\.DEFAULT\...\uTorrent) (Version: 3.4.2.36615 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Acronis*Disk*Director*11*Home (HKLM\...\{06E34C00-0446-4176-81C8-A5DAFE53CA36}) (Version: 11.0.2121 - Acronis)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Standard (HKLM\...\{49DC7D87-B9F9-4782-9386-B7F13BC75E48}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Als HTML speichern (Version: 1.0.0.0 - Visio Corporation) Hidden
Anmerkungen (Version: 1.0.0.0 - Visio Corporation) Hidden
Anzeige von CAD-Zeichnungen (Version: 1.0.0.0 - Visio Corporation) Hidden
ArcGIS Desktop (HKLM\...\ArcGIS Desktop) (Version: 9.3.1770 - Environmental Systems Research Institute, Inc.)
ArcGIS Desktop (Version: 9.3.1770 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS License Manager (HKLM\...\ArcGIS License Manager) (Version: - )
ATI AVIVO Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{CDEE9257-8FEB-7BAF-B28F-C4737036D674}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin)
Beispiele für den Konverter für CAD-Zeichnungen (Version: 1.0.0.0 - Visio Corporation) Hidden
Benutzerdefinierte Muster (Version: 1.0.0.0 - Visio Corporation) Hidden
Beschriftungen und Verbinder (Version: 1.0.0.0 - Visio Corporation) Hidden
Blockdiagramm (Version: 1.0.0.0 - Visio Corporation) Hidden
CameraHelperMsi (Version: 13.50.854.0 - Logitech) Hidden
ccc-core-static (Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Clipart und Symbole (Version: 1.0.0.0 - Visio Corporation) Hidden
DAO (Version: 1.0.0.0 - Visio Corporation) Hidden
Datenbankassistent (Version: 1.0.0.0 - Visio Corporation) Hidden
Datenfeld-Berichts-Assistent (Version: 1.0.0.0 - Visio Corporation) Hidden
Datenfeld-Editor (Version: 1.0.0.0 - Visio Corporation) Hidden
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM\...\dreamboxEDIT) (Version: - )
EndNote X2 (HKLM\...\{002B1E90-3241-4D45-8831-E89020F8E7E6}) (Version: 12.0.0.3252 - Thomson ResearchSoft)
Energy Saver Advance B10.0309.1 (HKLM\...\{7ED169D4-5053-4166-93DF-53B12AE6C539}) (Version: 1.10.0000 - GIGABYTE)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Flußdiagramme (Version: 1.0.0.0 - Visio Corporation) Hidden
Formulare und Diagramme (Version: 1.0.0.0 - Visio Corporation) Hidden
Free AVI Video Converter version 5.0.24.430 (HKLM\...\Free AVI Video Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.)
Free Studio version 6.4.1.1215 (HKLM\...\Free Studio_is1) (Version: 6.4.1.1215 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.16.1028 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1028 - DVDVideoSoft Ltd.)
G DATA Logox4 Speechengine (HKLM\...\lgx4.lgx.server) (Version: - G DATA Software AG)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.)
Grafikfilter (Version: 1.0.0.0 - Visio Corporation) Hidden
GSview 4.9 (HKLM\...\GSview 4.9) (Version: - )
Help for Visio 2000 (HTML Help) (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Anmerkungen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Beschriftungen und Verbindern (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Blockdiagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Clipart und Symbolen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Developing Visio Solutions (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Flußdiagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Formularen und Diagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Gebäudeinstallationen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Landkarten (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Netzwerkdiagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Organigrammen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Programmdateien (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Projektplänen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Rahmen und Hintergründen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zu Raumplänen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zum Facilities-Management (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zum Konverter für CAD-Zeichnungen (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zum Maschinenbau (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zur Elektrotechnik (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zur Gebäude- und Landschaftsarchitektur (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zur Pneumatik/Hydraulik (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe zur Verfahrenstechnik (Version: 1.0.0.0 - Visio Corporation) Hidden
Hilfe_Technical (Version: 1.0.0.0 - Visio Corporation) Hidden
HP Scanjet N8400 Document ISIS/TWAIN (HKLM\...\HP Scanjet N8400 Document ISIS/TWAIN) (Version: - )
ISI ResearchSoft - Export Helper (HKLM\...\ISI ResearchSoft - Export Helper) (Version: - )
IsoBuster 2.5 (HKLM\...\IsoBuster_is1) (Version: 2.5 - Smart Projects)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024F0}) (Version: 6.0.240 - Oracle)
Java(TM) SE Development Kit 6 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160250}) (Version: 1.6.0.250 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Landkarten (Version: 1.0.0.0 - Visio Corporation) Hidden
Lernwerkstatt 8 (HKLM\...\InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}) (Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH)
Lernwerkstatt 8 (Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH) Hidden
LightScribe System Software 1.12.29.2 (HKLM\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - hxxp://www.lightscribe.com)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Lösungen (Version: 1.0.0.0 - Visio Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MATLAB R2008a (HKLM\...\MatlabR2008a) (Version: 7.6 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MosChip PCI Multi-IO Controller (HKLM\...\ASIX Electronics Corporation) (Version: - )
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MV2Player (remove only) (HKLM\...\MV2Player) (Version: - )
Nero 7 Essentials (HKLM\...\{714ACFF3-B8A3-4AD6-937B-13C833D71033}) (Version: 7.03.1054 - Nero AG)
Netzwerkdiagramme (Version: 1.0.0.0 - Visio Corporation) Hidden
Organigramme (Version: 1.0.0.0 - Visio Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
Platform (Version: 1.38 - VIA Technologies, Inc.) Hidden
Programmdateien (Version: 06.00.0000 - Visio Corporation) Hidden
Programmdateien für Technical (Version: 1.0.0.0 - Visio Corporation) Hidden
Projektpläne (Version: 1.0.0.0 - Visio Corporation) Hidden
Python 2.5 numpy-1.0.3 (HKLM\...\Python 2.5 numpy-1.0.3) (Version: - )
Python 2.5.1 (HKLM\...\Python 2.5.1) (Version: - )
Rahmen und Hintergründe (Version: 1.0.0.0 - Visio Corporation) Hidden
Raumplan (Version: 1.0.0.0 - Visio Corporation) Hidden
Rechtschreibung (Version: 1.0.0.0 - Visio Corporation) Hidden
Seitenlayout-Assistent (Version: 1.0.0.0 - Visio Corporation) Hidden
Sentinel Protection Installer 7.2.2 (HKLM\...\{6DC0632A-A838-4B34-AC19-0FA18E1C533C}) (Version: 7.2.2 - SafeNet, Inc.)
Shape-Explorer (Version: 1.0.0.0 - Visio Corporation) Hidden
Shape-Explorer-Hilfe (Version: 1.0.0.0 - Visio Corporation) Hidden
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Technische Grundlage (Version: 1.0.0.0 - Visio Corporation) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VBA (2816b) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden
Versionshinweise (Version: 1.0.0.0 - Visio Corporation) Hidden
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.38 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visio (Version: 1.0.0.0 - Visio Corporation) Hidden
Visio 2000 (DE) (HKLM\...\{49D23765-6C69-11d3-A508-00C04F44A9DA}) (Version: 6.0.0.1 - Visio Corporation)
Visio Core Files (Version: 06.00.0000 - Visio Corporation) Hidden
Visio Technical Core Files (Version: 06.00.0000 - Visio Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 Codec Pack 3.1.0 (HKLM\...\Windows 7 - Codec Pack) (Version: - Windows 7 Codec Pack)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
WinEdt (HKLM\...\WinEdt_is1) (Version: - WinEdt Team)
WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version: - )
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{B45E6B9B-8498-49A5-BDD7-2A049553DF05}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WMV9/VC-1 Video Playback (Version: 1.0.51125.2159 - ATI Technologies Inc.) Hidden
ZoneAlarm Antivirus (Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden
Zusatzprogramme (Version: 1.0.0.0 - Visio Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Admin\AppData\Local\Conduit\Community Alerts\Alert.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D2068CA-98B7-46D2-90F4-EEC86AB36C29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20 => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {0F8C498D-146D-4D1B-A80C-9B2F52760891} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cd91fd4699c637 => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {17D04C56-59F8-418C-BD72-1FE3CBAF3995} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {2DAC72C0-DA6C-4FF7-9226-123CD5C054DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {2DED3E61-EB82-4B4B-960A-8DB9595408A1} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {3A0343E9-1088-4058-8A97-7EC2CC39BFFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {4137C5EF-5C16-4135-AC1B-393D77ECFCB9} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {49B488D5-ED25-49CD-83BC-82123A14F710} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cef5bf5acd6d4b => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {5BFF9A07-C862-4DC0-B62B-6B99F4D64321} - System32\Tasks\{EA81775A-869C-4984-84FC-520C0597BC25} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {5CE1EB40-A527-47A7-8FC3-C68BEA0FC98D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {6177550B-0D66-4814-B8F3-262275873F33} - System32\Tasks\{52FEB432-4D96-44A6-B294-86F0028199AA} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {639E1E83-D257-4AFE-AF0D-DFDD66C3B90C} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {862EC62B-EEB1-462C-B840-DEA8712F93F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Silent-User Silent => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {92A68DEC-BFF9-4E52-B133-C7CA4BFA0C21} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AB70FD0A-04CF-4BA5-9633-439BF8ED035A} - System32\Tasks\{2FEF53D1-AE31-42E0-9855-1460C2351322} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.120&LastError=404
Task: {C11775A4-DF12-4B4A-BD80-710F594FEADF} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {C75190C9-BD95-4518-ACFA-AE08595EE25C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C9524F47-9034-4F1E-83C9-51C224901618} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {D562A9F1-EB34-4614-967F-CCED43B07B21} - System32\Tasks\{B6192244-1970-4355-A564-BFEA7AC4B45F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {EBC62328-373D-4F54-9A0C-3AE5D10034A9} - System32\Tasks\{9008979A-65BA-4E20-A15C-F8BC4EEC357C} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=404&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {F396D518-C0A9-48E1-B4C4-DACC215E0130} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software)
Task: {F7463A04-3EAB-47F6-A998-76E8231C52D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2015-02-04 13:37 - 2015-02-04 13:37 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020400\algo.dll
2010-09-27 11:03 - 2010-09-27 11:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00054544 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00015360 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00016384 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00019968 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00011264 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00102400 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2011-10-27 17:59 - 2008-08-02 09:57 - 01757184 _____ () C:\Program Files\ESRI\License\arcgis9x\ARCGIS.exe
2011-02-13 20:48 - 2009-12-02 19:40 - 00068136 _____ () C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
2011-02-13 20:48 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00726288 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2010-09-02 08:25 - 2010-09-02 08:25 - 00030208 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00025600 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00541968 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2010-09-29 18:30 - 2010-09-29 18:30 - 02139400 _____ () C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
2014-11-23 15:58 - 2014-11-23 15:58 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2011-04-10 16:40 - 2006-09-16 21:19 - 00126976 _____ () C:\Program Files\WinRAR\rarext.dll
2011-10-07 10:41 - 2011-10-07 10:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-04-10 00:04 - 2009-04-10 00:04 - 02141008 _____ () C:\Program Files\Logitech\Vid HD\QtCore4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 07704400 _____ () C:\Program Files\Logitech\Vid HD\QtGui4.dll
2009-04-22 22:53 - 2009-04-22 22:53 - 00969040 _____ () C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00475472 _____ () C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00363856 _____ () C:\Program Files\Logitech\Vid HD\QtXml4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00200016 _____ () C:\Program Files\Logitech\Vid HD\QtSql4.dll
2010-10-29 21:01 - 2010-10-29 21:01 - 00027472 _____ () C:\Program Files\Logitech\Vid HD\SDL.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 11311952 _____ () C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00291664 _____ () C:\Program Files\Logitech\Vid HD\phonon4.dll
2010-10-29 21:02 - 2010-10-29 21:02 - 00751616 _____ () C:\Program Files\Logitech\Vid HD\vpxmd.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00029008 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00035152 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00138064 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2012-01-18 07:43 - 2012-01-18 07:43 - 00183320 _____ () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll
2010-11-25 21:46 - 2010-11-25 21:46 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-01-27 07:58 - 2015-01-27 07:58 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 00028712 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxSharedClipboard.DLL
2014-11-23 15:58 - 2014-11-23 15:58 - 00042616 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDragAndDropSvc.DLL
2014-11-23 15:58 - 2014-11-23 15:58 - 00040056 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxGuestControlSvc.DLL
2014-11-23 15:58 - 2014-11-23 15:58 - 01129784 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM64.DLL
2014-11-23 15:58 - 2014-11-23 15:58 - 01274448 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDD.DLL
2014-11-23 15:58 - 2014-11-23 15:58 - 00198152 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDD2.dll
2014-11-23 15:58 - 2014-11-23 15:58 - 00037984 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxSharedFolders.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\User\Downloads\Baby-Besuch.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Admin (S-1-5-21-1086903118-4148874774-2401624160-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1086903118-4148874774-2401624160-500 - Administrator - Disabled)
Guest (S-1-5-21-1086903118-4148874774-2401624160-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1086903118-4148874774-2401624160-1002 - Limited - Enabled)
User (S-1-5-21-1086903118-4148874774-2401624160-1001 - Limited - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) #2
Description: Realtek RTL8168C(P)/8111C(P)-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Realtek RTL8168C(P)/8111C(P)-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Description: Realtek RTL8168C(P)/8111C(P)-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2015 01:52:58 PM) (Source: MsiInstaller) (EventID: 11605) (User: Silent)
Description: Product: LWS Pictures And Video -- Disk full: There is not enough disk space on the volume 'C:' to continue the install with recovery enabled. 13.436 KB are required, but only 6.400 KB are available. Click Ignore to continue the install without saving recovery information, click Retry to check for available space again, or click Cancel to quit the installation.
Error: (02/04/2015 01:46:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
Error: (02/01/2015 10:28:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/01/2015 10:28:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/01/2015 10:28:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/01/2015 10:27:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/01/2015 07:42:31 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
Error: (01/31/2015 00:36:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/31/2015 00:36:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/31/2015 00:36:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (02/04/2015 02:26:06 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.
Error: (02/04/2015 02:26:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005
Error: (02/04/2015 02:26:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (02/04/2015 02:25:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%1450
Error: (02/04/2015 01:39:40 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren.
Error: (02/04/2015 01:39:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%1450
Error: (02/04/2015 01:37:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.
Error: (02/04/2015 01:37:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005
Error: (02/04/2015 01:37:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (02/04/2015 01:36:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%1450
Microsoft Office Sessions:
=========================
Error: (01/14/2015 10:03:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/12/2015 07:25:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/25/2014 09:23:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/09/2014 06:42:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/03/2014 09:45:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/01/2014 09:40:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/27/2014 09:03:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/08/2014 07:35:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/07/2014 08:53:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/29/2014 07:11:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 42%
Total physical RAM: 3582.3 MB
Available physical RAM: 2065.41 MB
Total Pagefile: 23024.58 MB
Available Pagefile: 20757.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.92 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:69.99 GB) (Free:9.25 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (bie786) (CDROM) (Total:2.23 GB) (Free:0 GB) CDFS
Drive j: () (Fixed) (Total:228 GB) (Free:3.96 GB) NTFS
Drive w: (S******) (Fixed) (Total:400 GB) (Free:77.72 GB) NTFS
Drive x: (M******) (Fixed) (Total:1137.66 GB) (Free:66.04 GB) NTFS
Drive z: (Z******) (Fixed) (Total:325.23 GB) (Free:282.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F2BCDD92)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=228 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 624F7BFE)
Partition: GPT Partition Type.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
==================== End Of Log ============================
Code:
ATTFilter GMER Logfile: |
|
05.02.2015, 10:19
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.02.2015, 11:01
| #5 |
| | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Voilà ! Code:
ATTFilter Combofix Logfile: |
|
05.02.2015, 13:11
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update |
|
05.02.2015, 14:15
| #7 |
| | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Hi, die Malwarebztes hatte ich schon und benutze es ab und zu. Die RunDLL.Meldung ist weg nachdem Combofix. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.02.2015 Suchlauf-Zeit: 13:37:02 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.05.05 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x86 Dateisystem: NTFS Benutzer: Admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 518923 Verstrichene Zeit: 10 Min, 17 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.109 - Report created 05/02/2015 at 13:49:25
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 7 Ultimate (32 bits)
# Username : Admin - SILENT
# Running from : C:\Users\Admin\Desktop\adwcleaner_4.109.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o82t1tj2.default\invalidprefs.js
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o82t1tj2.default\user.js
Folder Found : C:\Program Files\Tbccint
Folder Found : C:\Program Files\Toolbar Cleaner
Folder Found : C:\Program Files\vGrabber-software
Folder Found : C:\ProgramData\DownloadManager
Folder Found : C:\Users\Admin\AppData\Local\Conduit
Folder Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Folder Found : C:\Users\Admin\AppData\Local\PackageAware
Folder Found : C:\Users\Admin\AppData\Local\Rich Media Player
Folder Found : C:\Users\Admin\AppData\LocalLow\Check Point Software Technologies LTD
Folder Found : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Admin\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found : C:\Users\Admin\AppData\Roaming\dvdvideosoftiehelpers
Folder Found : C:\Users\Admin\AppData\Roaming\ExpressFiles
Folder Found : C:\Users\Admin\AppData\Roaming\goforfiles
Folder Found : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Folder Found : C:\Users\User\AppData\Local\PackageAware
Folder Found : C:\Users\User\AppData\LocalLow\adawaretb
Folder Found : C:\Users\User\AppData\LocalLow\Check Point Software Technologies LTD
Folder Found : C:\Users\User\AppData\LocalLow\Conduit
Folder Found : C:\Users\User\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found : C:\Users\User\AppData\Roaming\ExpressFiles
Folder Found : C:\Users\User\AppData\Roaming\goforfiles
Folder Found : C:\Users\User\AppData\Roaming\Uniblue
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Scheduled Tasks ] *****
Task Found : Express FilesUpdate
Task Found : GoforFilesUpdate
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{53C81C2F-5834-42F2-8CAB-E09DC929E098}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\Tbccint_HKLM
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\ExpressFiles
Key Found : HKLM\SOFTWARE\GoforFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\SOFTWARE\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Uniblue
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16869
-\\ Mozilla Firefox v35.0.1 (x86 de)
[rnb4l7cw.default] - Line Found : user_pref("CT2851647.isPerformedSmartBarTransition", "true");
[rnb4l7cw.default] - Line Found : user_pref("CT2851647.smartbar.CTID", "CT2851647");
[rnb4l7cw.default] - Line Found : user_pref("CT2851647.smartbar.Uninstall", "0");
[rnb4l7cw.default] - Line Found : user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE ");
[rnb4l7cw.default] - Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&&q=");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.lastB", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&&q=");
[rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.tlbrsrchurl", "hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN20702554821441-1001&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=6a5edad3000000000000b[...]
[rnb4l7cw.default] - Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[rnb4l7cw.default] - Line Found : user_pref("smartbar.machineId", "INUZWR/BGID3PA0N7+YDIVNE5LWLL2WOOUDP+MBS5/8A/G+AHQVKFM9ZC0PG91OMAMVNCZM1JXUHMZKVCJ3KDW");
-\\ Google Chrome v
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.facemoods.com/?a=irst&f=4&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://de.yhs4.search.yahoo.com/yhs/errorhandler;_ylt=A7x9UnSPssJSuz8A6UK04IlQ?p={searchTerms}&fr2=sb-top&hspart=visicom&hsimp=yhse-lavasoft&type=lavasoft__adaware__0_9__yhse__antiphishing_dn__rp&rd=r1
*************************
AdwCleaner[R0].txt - [9679 octets] - [05/02/2015 13:49:25]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9739 octets] ##########
[/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x86
Ran by Admin on 05.02.2015 at 13:58:22,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2851647
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2851647
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_spywareblaster_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_spywareblaster_RASMANCS
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\interface\{ac71b60e-94c9-4ede-ba46-e146747bb67e}"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{53C81C2F-5834-42F2-8CAB-E09DC929E098}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
~~~ Files
Successfully deleted: [File] "C:\Windows\System32\Tasks\goforfilesupdate"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\downloadmanager"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Admin\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "C:\Users\Admin\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Users\Admin\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Program Files\toolbar cleaner"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rnb4l7cw.default\smartbar
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rnb4l7cw.default\prefs.js
user_pref("CT2851647.1000234.TWC_TMP_city", "BERLIN");
user_pref("CT2851647.1000234.TWC_TMP_country", "DE");
user_pref("CT2851647.1000234.TWC_locId", "GMXX0007");
user_pref("CT2851647.1000234.TWC_location", "Berlin, Deutschland");
user_pref("CT2851647.1000234.TWC_region", "DE");
user_pref("CT2851647.1000234.TWC_temp_dis", "c");
user_pref("CT2851647.1000234.TWC_wind_dis", "kmh");
user_pref("CT2851647.CBOpenMAMSettings", "0");
user_pref("CT2851647.FirstTime", "true");
user_pref("CT2851647.FirstTimeFF3", "true");
user_pref("CT2851647.LoginRevertSettingsEnabled", true);
user_pref("CT2851647.RestartDialogFirstTime", "false");
user_pref("CT2851647.RestartDialogShouldDisplay", "false");
user_pref("CT2851647.RevertSettingsEnabled", true);
user_pref("CT2851647.UserID", "UN08223856081246883");
user_pref("CT2851647.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2851647.autoDisableScopes", -1);
user_pref("CT2851647.cbcountry_001", "DE");
user_pref("CT2851647.cbfirsttime.enc", "U2F0IEF1ZyAxOCAyMDEyIDE5OjEwOjM4IEdNVCswMjAw");
user_pref("CT2851647.countryCode", "DE");
user_pref("CT2851647.defaultSearch", "FALSE");
user_pref("CT2851647.enableAlerts", "always");
user_pref("CT2851647.enableFix404ByUser", "FALSE");
user_pref("CT2851647.enableSearchFromAddressBar", "FALSE");
user_pref("CT2851647.firstTimeDialogOpened", "true");
user_pref("CT2851647.fixPageNotFoundError", "true");
user_pref("CT2851647.fixPageNotFoundErrorByUser", "true");
user_pref("CT2851647.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2851647.fixUrls", true);
user_pref("CT2851647.fullUserID", "UN08223856081246883.UP.2136");
user_pref("CT2851647.homepageuserchanged", true);
user_pref("CT2851647.installId", "fftD807.tmp.exe");
user_pref("CT2851647.installType", "XPE");
user_pref("CT2851647.isCheckedStartAsHidden", true);
user_pref("CT2851647.isFirstTimeToolbarLoading", "false");
user_pref("CT2851647.isNewTabEnabled", true);
user_pref("CT2851647.isPerformedSmartBarTransition", "true");
user_pref("CT2851647.lastVersion", "10.35.0.503");
user_pref("CT2851647.migrateAppsAndComponents", true);
user_pref("CT2851647.openThankYouPage", "true");
user_pref("CT2851647.openUninstallPage", "FALSE");
user_pref("CT2851647.performedDomainChangesMigration", "true");
user_pref("CT2851647.scriptSource", "hxxp://127.0.0.1:10000/gui/");
user_pref("CT2851647.search.searchAppId", "129351532245275780");
user_pref("CT2851647.search.searchCount", "0");
user_pref("CT2851647.searchInNewTabEnabledByUser", "true");
user_pref("CT2851647.searchInNewTabEnabledInHidden", "true");
user_pref("CT2851647.searchSuggestEnabledByUser", "false");
user_pref("CT2851647.serviceLayer_services_Configuration_lastUpdate", "1416753100930");
user_pref("CT2851647.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1360423452690");
user_pref("CT2851647.serviceLayer_services_appTracking_lastUpdate", "1360423333832");
user_pref("CT2851647.serviceLayer_services_appsMetadata_lastUpdate", "1360616294201");
user_pref("CT2851647.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1360423333382");
user_pref("CT2851647.serviceLayer_services_login_10.10.20.14_lastUpdate", "1356886149326");
user_pref("CT2851647.serviceLayer_services_login_10.13.40.15_lastUpdate", "1360423333559");
user_pref("CT2851647.serviceLayer_services_login_10.14.42.7_lastUpdate", "1387015741893");
user_pref("CT2851647.serviceLayer_services_login_10.22.3.518_lastUpdate", "1388411826896");
user_pref("CT2851647.serviceLayer_services_login_10.23.0.822_lastUpdate", "1400745526687");
user_pref("CT2851647.serviceLayer_services_login_10.31.0.526_lastUpdate", "1401446087072");
user_pref("CT2851647.serviceLayer_services_login_10.31.2.501_lastUpdate", "1416753100715");
user_pref("CT2851647.serviceLayer_services_login_10.35.0.503_lastUpdate", "1416755256193");
user_pref("CT2851647.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1360423333163");
user_pref("CT2851647.serviceLayer_services_searchAPI_lastUpdate", "1416753100880");
user_pref("CT2851647.serviceLayer_services_serviceMap_lastUpdate", "1416753100774");
user_pref("CT2851647.serviceLayer_services_toolbarContextMenu_lastUpdate", "1360423333305");
user_pref("CT2851647.serviceLayer_services_toolbarSettings_lastUpdate", "1416753100203");
user_pref("CT2851647.serviceLayer_services_translation_lastUpdate", "1416753100403");
user_pref("CT2851647.settingsINI", true);
user_pref("CT2851647.shouldFirstTimeDialog", "false");
user_pref("CT2851647.showToolbarPermission", "false");
user_pref("CT2851647.smartbar.CTID", "CT2851647");
user_pref("CT2851647.smartbar.Uninstall", "0");
user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE ");
user_pref("CT2851647.toolbarBornServerTime", "18-8-2012");
user_pref("CT2851647.toolbarCurrentServerTime", "23-11-2014");
user_pref("CT2851647.toolbarLoginClientTime", "Sat Dec 14 2013 11:35:53 GMT+0100");
user_pref("CT2851647.upgradeFromClearSBVersion", true);
user_pref("CT2851647.url_history0001", "hxxp://www.zalando.de/taschen-accessoires-taschen-damen/:::clickhandler:::1353844820448,,,hxxp://www.zalando.de/taschen-accessoires-tas
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&&
user_pref("extensions.zonealarm.lastB", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&");
user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&ts
user_pref("extensions.zonealarm.tlbrsrchurl", "hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN20702554821441-1001&toolbarId=base&affiliateId=1025&Lan={dfltLng}&u
user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("smartbar.machineId", "INUZWR/BGID3PA0N7+YDIVNE5LWLL2WOOUDP+MBS5/8A/G+AHQVKFM9ZC0PG91OMAMVNCZM1JXUHMZKVCJ3KDW");
user_pref("valueApps.CT2851647.mam_gk_currentVersion", "312E31332E302E3137");
user_pref("valueApps.CT2851647.mam_gk_currentVersion.storedInFile", false);
user_pref("valueApps.CT2851647.mam_gk_migrated_from_ls", "31");
user_pref("valueApps.CT2851647.mam_gk_migrated_from_ls.storedInFile", false);
user_pref("valueApps.CT2851647.mam_gk_userBornDate", "4E2F41");
user_pref("valueApps.CT2851647.mam_gk_userBornDate.storedInFile", false);
user_pref("valueApps.storage.mam_gk_userId", "35363335333135642D653266662D343135302D396165372D326436613736303765646331");
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rnb4l7cw.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.02.2015 at 14:00:17,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by Admin (administrator) on SILENT on 05-02-2015 14:12:51
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: User & Admin)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
() C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Logitech, Inc.) C:\Users\Admin\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Admin\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-09]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23]
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc [2012-08-18]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found]
CHR HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-23] (Avast Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-17] (Macrovision Europe Ltd.) [File not signed]
R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]
S2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] ()
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-23] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin) [File not signed]
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [586752 2010-10-22] (AVM GmbH)
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-05] (Windows (R) 2000 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-08] (Duplex Secure Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-23] (Avast Software)
R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [179200 2012-05-30] (VIA Technologies, Inc.) [File not signed]
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [217600 2012-05-30] (VIA Technologies, Inc.) [File not signed]
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-11-15] (Kaspersky Lab)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 14:12 - 2015-02-05 14:12 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2015-02-05 14:00 - 2015-02-05 14:00 - 00011823 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-02-05 13:56 - 2015-02-05 13:56 - 01388274 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2015-02-05 13:49 - 2015-02-05 13:55 - 00000000 ____D () C:\AdwCleaner
2015-02-05 13:49 - 2015-02-05 13:51 - 00009819 _____ () C:\Users\Admin\Desktop\AdwCleaner[R0].txt
2015-02-05 13:48 - 2015-02-05 13:48 - 00001186 _____ () C:\Users\Admin\Desktop\mbam.txt
2015-02-05 10:51 - 2015-02-05 10:51 - 00014422 _____ () C:\ComboFix.txt
2015-02-05 10:28 - 2015-02-05 10:51 - 00000000 ____D () C:\Qoobox
2015-02-05 10:28 - 2015-02-05 10:50 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 10:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 10:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 10:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 10:26 - 2015-02-05 10:26 - 05611380 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2015-02-05 06:48 - 2015-02-05 06:48 - 00000197 _____ () C:\Windows\system32\2015-02-05-05-48-14.009-AvastVBoxSVC.exe-3008.log
2015-02-04 22:29 - 2015-02-04 22:56 - 00000000 ____D () C:\Users\TEMP.Silent.004
2015-02-04 16:22 - 2015-02-04 22:09 - 00000000 ____D () C:\Users\TEMP.Silent.003
2015-02-04 14:52 - 2015-02-04 14:52 - 00012861 _____ () C:\Users\Admin\Desktop\Gmer.log
2015-02-04 14:38 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-38-58.084-aswFe.exe-2724.log
2015-02-04 14:34 - 2015-02-04 14:58 - 00040197 _____ () C:\Users\Admin\Desktop\Addition.txt
2015-02-04 14:34 - 2015-02-04 14:34 - 00380416 _____ () C:\Users\Admin\Desktop\Gmer-19357.exe
2015-02-04 14:33 - 2015-02-05 14:12 - 00018551 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-04 14:33 - 2015-02-05 14:12 - 00000000 ____D () C:\FRST
2015-02-04 14:33 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-33-27.087-aswFe.exe-5324.log
2015-02-04 14:33 - 2015-02-04 14:33 - 00000197 _____ () C:\Windows\system32\2015-02-04-13-33-21.032-AvastVBoxSVC.exe-3988.log
2015-02-04 14:32 - 2015-02-05 14:12 - 01123328 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-02-04 14:23 - 2015-02-04 14:23 - 00000582 _____ () C:\Users\Admin\Desktop\defogger_disable.log
2015-02-04 14:23 - 2015-02-04 14:23 - 00000020 _____ () C:\Users\Admin\defogger_reenable
2015-02-04 14:22 - 2015-02-04 14:22 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2015-02-04 14:10 - 2015-02-04 14:10 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner
2015-02-04 13:56 - 2015-02-04 13:56 - 02194432 _____ () C:\Users\Admin\Desktop\adwcleaner_4.109.exe
2015-02-04 13:52 - 2015-02-04 13:52 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2015-01-27 07:58 - 2015-01-27 07:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-17 21:39 - 2015-01-17 21:42 - 00000000 ____D () C:\Users\TEMP.Silent.002
2015-01-13 11:58 - 2015-01-13 11:58 - 00000717 _____ () C:\Users\User\Desktop\DOKTORARBEIT - Verknüpfung.lnk
2015-01-09 01:14 - 2015-01-09 01:14 - 00000000 ____D () C:\Program Files\ESET
2015-01-09 01:12 - 2015-01-09 01:13 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2015-01-09 00:46 - 2015-01-09 00:46 - 00001203 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-09 00:44 - 2015-01-09 00:46 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-09 00:44 - 2015-01-09 00:44 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-09 00:36 - 2015-01-09 00:36 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Admin\Downloads\FreeStudio(1).exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 13:39 - 2011-01-27 09:18 - 01394166 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 13:37 - 2015-01-04 18:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 13:34 - 2014-03-18 18:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 13:33 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 13:33 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 13:32 - 2011-12-20 23:22 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job
2015-02-05 13:29 - 2011-02-13 20:48 - 00000211 _____ () C:\service.log
2015-02-05 13:28 - 2013-07-07 16:59 - 00303752 _____ () C:\Windows\setupact.log
2015-02-05 13:28 - 2012-08-15 21:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-02-05 13:28 - 2011-02-13 20:47 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-02-05 13:28 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 12:53 - 2011-03-26 22:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-02-05 11:31 - 2011-01-27 00:34 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-05 10:47 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 10:46 - 2013-07-08 06:51 - 00158474 _____ () C:\Windows\PFRO.log
2015-02-05 10:39 - 2015-01-04 18:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-04 22:24 - 2012-04-19 05:59 - 10121728 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-04 22:08 - 2011-01-27 21:22 - 00000000 ____D () C:\ProgramData\Logitech
2015-02-04 22:07 - 2011-01-27 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-04 16:00 - 2012-04-14 07:29 - 04125696 ___SH () C:\Users\User\Downloads\Thumbs.db
2015-02-04 15:59 - 2011-05-30 18:34 - 00185344 ___SH () C:\Users\User\Thumbs.db
2015-02-04 14:32 - 2014-05-08 20:54 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job
2015-02-04 14:23 - 2011-04-22 10:02 - 00000000 ____D () C:\Users\Admin
2015-02-04 14:08 - 2013-12-30 15:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\EndNote
2015-02-04 13:57 - 2015-01-04 18:35 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-02-04 13:52 - 2012-08-07 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-04 13:52 - 2011-01-27 21:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-02-04 13:36 - 2009-07-14 08:49 - 00000000 ____D () C:\Windows\CSC
2015-02-01 19:00 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-31 08:29 - 2011-02-14 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\EndNote
2015-01-31 07:28 - 2009-07-14 05:53 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-28 16:34 - 2012-05-14 06:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 09:34 - 2012-08-11 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 09:34 - 2011-12-04 16:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-22 19:09 - 2011-01-30 17:34 - 00004096 _____ () C:\Users\Public\Documents\000016E5.LCS
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-15 15:32 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\Documents\DVDVideoSoft
2015-01-11 17:29 - 2012-09-30 06:45 - 00000000 ____D () C:\Users\User\Documents\MATLAB
2015-01-09 12:16 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-01-09 00:46 - 2013-02-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
==================== Files in the root of some directories =======
2012-12-30 17:50 - 2012-12-30 17:50 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2011-01-27 18:58 - 2011-01-27 18:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-11-15 19:45 - 2012-11-18 12:12 - 0009365 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2011-10-23 13:19
==================== End Of Log ============================
--- --- --- --- --- --- |
|
05.02.2015, 15:00
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows UpdateESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.02.2015, 23:28
| #9 |
| | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update ESET hat Sachen gefunden. Wurden diese bei den gewählten Einstellungen gelöscht? Windows Update geht nach wie vor nicht!!!!!  Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=89ceb5887ed0f5488be2624916e1def7
# engine=22323
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-05 06:01:23
# local_time=2015-02-05 07:01:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 735856 7788494 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 711975 174790474 0 0
# scanned=850512
# found=22
# cleaned=0
# scan_time=13233
sh=F5EE1489F5BD5427F1EA65441E5DCCA924E31336 ft=1 fh=eae9470eeeee5c10 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll"
sh=0AE6F44A6D15BF13DF19BE1EC38D021D6960BE55 ft=1 fh=69709f074978429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\KbrokvVK\dat\rwvMMna.dll"
sh=72179DBF2A4CEBFDD86C2CF4F93F132901EF58AE ft=1 fh=248b5c7f1207a7c2 vn="Win32/JoyDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\AppData\Roaming\rmi\offer_downloader.exe"
sh=CB93BAD66A2CF65E904BE0DEEBFA9F6280DC9438 ft=1 fh=8a6e1371ef6c32ff vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=0E09656165324C583CA0B8436FF33ACEB4C5AFE6 ft=1 fh=b7026f1f27c2fa03 vn="Win32/JoyDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe"
sh=0AE6F44A6D15BF13DF19BE1EC38D021D6960BE55 ft=1 fh=69709f074978429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll"
sh=5D8336F26518B2369F8980E0423535C0070327E5 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip"
sh=FF28E21E32CAD198B64852130ACA1C19A05067DC ft=1 fh=cd51d5272c5878fb vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll"
sh=32D60DAEFF549FDAD23B2F9D5D311708B130C322 ft=1 fh=1b9f47df6137f750 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll"
sh=13140FCCCBAA29328B0A85FA4025587A41592E86 ft=1 fh=35424f93784fbad1 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe"
sh=A6E6CA8CEE1D4714B47C4DC569AF8EB32AED3FC0 ft=1 fh=879b9ffe556ed83c vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe"
sh=AF2859B7659FC1B492BA982FC340D8C68C6F25BA ft=1 fh=b93f72d73566c42b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll"
sh=395BF6FD62990AE6A4ACDC49D71880938D9459A2 ft=1 fh=6c8501d774790c5f vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe"
sh=C6A703254761706EEF729C20EC9F0CA922A212C5 ft=0 fh=0000000000000000 vn="Variante von MSIL/RiskWare.TBKeylogger.A Anwendung" ac=I fn="W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi"
sh=40160FD00021E404D942C3CD038B8427F8A6A46F ft=1 fh=f4431d4f501bfec8 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe"
sh=F31EDC46C709BCFEDA3C36B7394167553923F5C3 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip"
sh=07DEB2D82D3738C4915DEC4BFE232826FFD84910 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar"
Code:
ATTFilter Results of screen317's Security Check version 0.99.95
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Java 7 Update 71
Java(TM) 6 Update 24
Java(TM) SE Development Kit 6 Update 25
Java DB 10.6.2.1
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by Admin (administrator) on SILENT on 05-02-2015 23:00:00
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: User & Admin)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
() C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
() C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
(Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-09]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23]
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc [2012-08-18]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found]
CHR HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-23] (Avast Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-17] (Macrovision Europe Ltd.) [File not signed]
R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]
R2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] ()
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-23] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin) [File not signed]
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [586752 2010-10-22] (AVM GmbH)
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-05] (Windows (R) 2000 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-08] (Duplex Secure Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-23] (Avast Software)
R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [179200 2012-05-30] (VIA Technologies, Inc.) [File not signed]
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [217600 2012-05-30] (VIA Technologies, Inc.) [File not signed]
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-11-15] (Kaspersky Lab)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 23:00 - 2015-02-05 23:00 - 00018948 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-05 22:58 - 2015-02-05 22:59 - 00000000 ____D () C:\Users\Admin\Desktop\Trojaner
2015-02-05 22:58 - 2015-02-05 22:58 - 00001128 _____ () C:\Users\Admin\Desktop\checkup.txt
2015-02-05 22:42 - 2015-02-05 22:42 - 00852573 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2015-02-05 19:09 - 2015-02-05 19:09 - 00000197 _____ () C:\Windows\system32\2015-02-05-18-09-59.049-AvastVBoxSVC.exe-3408.log
2015-02-05 15:05 - 2015-02-05 15:05 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe
2015-02-05 14:12 - 2015-02-05 14:12 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2015-02-05 13:56 - 2015-02-05 13:56 - 01388274 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2015-02-05 13:49 - 2015-02-05 13:55 - 00000000 ____D () C:\AdwCleaner
2015-02-05 10:51 - 2015-02-05 10:51 - 00014422 _____ () C:\ComboFix.txt
2015-02-05 10:28 - 2015-02-05 10:51 - 00000000 ____D () C:\Qoobox
2015-02-05 10:28 - 2015-02-05 10:50 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 10:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 10:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 10:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 10:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 10:26 - 2015-02-05 10:26 - 05611380 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2015-02-05 06:48 - 2015-02-05 06:48 - 00000197 _____ () C:\Windows\system32\2015-02-05-05-48-14.009-AvastVBoxSVC.exe-3008.log
2015-02-04 22:29 - 2015-02-04 22:56 - 00000000 ____D () C:\Users\TEMP.Silent.004
2015-02-04 16:22 - 2015-02-04 22:09 - 00000000 ____D () C:\Users\TEMP.Silent.003
2015-02-04 14:38 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-38-58.084-aswFe.exe-2724.log
2015-02-04 14:33 - 2015-02-05 23:00 - 00000000 ____D () C:\FRST
2015-02-04 14:33 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-33-27.087-aswFe.exe-5324.log
2015-02-04 14:33 - 2015-02-04 14:33 - 00000197 _____ () C:\Windows\system32\2015-02-04-13-33-21.032-AvastVBoxSVC.exe-3988.log
2015-02-04 14:32 - 2015-02-05 14:12 - 01123328 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-02-04 14:23 - 2015-02-04 14:23 - 00000020 _____ () C:\Users\Admin\defogger_reenable
2015-02-04 14:22 - 2015-02-04 14:22 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2015-02-04 14:10 - 2015-02-04 14:10 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner
2015-02-04 13:56 - 2015-02-04 13:56 - 02194432 _____ () C:\Users\Admin\Desktop\adwcleaner_4.109.exe
2015-02-04 13:52 - 2015-02-04 13:52 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2015-01-27 07:58 - 2015-01-27 07:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-17 21:39 - 2015-01-17 21:42 - 00000000 ____D () C:\Users\TEMP.Silent.002
2015-01-13 11:58 - 2015-01-13 11:58 - 00000717 _____ () C:\Users\User\Desktop\DOKTORARBEIT - Verknüpfung.lnk
2015-01-09 01:12 - 2015-01-09 01:13 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2015-01-09 00:46 - 2015-01-09 00:46 - 00001203 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-09 00:44 - 2015-01-09 00:46 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-09 00:44 - 2015-01-09 00:44 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-09 00:36 - 2015-01-09 00:36 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Admin\Downloads\FreeStudio(1).exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 22:57 - 2013-07-07 16:59 - 00304872 _____ () C:\Windows\setupact.log
2015-02-05 22:42 - 2011-01-27 09:18 - 01414633 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 22:34 - 2014-03-18 18:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 22:32 - 2011-12-20 23:22 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job
2015-02-05 22:30 - 2011-01-27 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-05 21:33 - 2011-02-14 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\EndNote
2015-02-05 19:13 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 19:13 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 19:07 - 2012-08-15 21:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-02-05 19:07 - 2011-02-13 20:48 - 00000211 _____ () C:\service.log
2015-02-05 19:07 - 2011-02-13 20:47 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-02-05 19:07 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 19:01 - 2013-12-30 15:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\EndNote
2015-02-05 16:34 - 2012-08-11 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 16:34 - 2011-12-04 16:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 14:32 - 2014-05-08 20:54 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job
2015-02-05 13:37 - 2015-01-04 18:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 12:53 - 2011-03-26 22:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-02-05 11:31 - 2011-01-27 00:34 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-05 10:47 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 10:46 - 2013-07-08 06:51 - 00158474 _____ () C:\Windows\PFRO.log
2015-02-05 10:39 - 2015-01-04 18:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-04 22:24 - 2012-04-19 05:59 - 10121728 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-04 22:08 - 2011-01-27 21:22 - 00000000 ____D () C:\ProgramData\Logitech
2015-02-04 16:00 - 2012-04-14 07:29 - 04125696 ___SH () C:\Users\User\Downloads\Thumbs.db
2015-02-04 15:59 - 2011-05-30 18:34 - 00185344 ___SH () C:\Users\User\Thumbs.db
2015-02-04 14:23 - 2011-04-22 10:02 - 00000000 ____D () C:\Users\Admin
2015-02-04 13:57 - 2015-01-04 18:35 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-02-04 13:52 - 2012-08-07 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-04 13:52 - 2011-01-27 21:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-02-04 13:36 - 2009-07-14 08:49 - 00000000 ____D () C:\Windows\CSC
2015-02-01 19:00 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-31 07:28 - 2009-07-14 05:53 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-28 16:34 - 2012-05-14 06:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-22 19:09 - 2011-01-30 17:34 - 00004096 _____ () C:\Users\Public\Documents\000016E5.LCS
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-15 15:32 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\Documents\DVDVideoSoft
2015-01-11 17:29 - 2012-09-30 06:45 - 00000000 ____D () C:\Users\User\Documents\MATLAB
2015-01-09 12:16 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-01-09 00:46 - 2013-02-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
==================== Files in the root of some directories =======
2012-12-30 17:50 - 2012-12-30 17:50 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
2011-01-27 18:58 - 2011-01-27 18:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-11-15 19:45 - 2012-11-18 12:12 - 0009365 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2011-10-23 13:19
==================== End Of Log ============================
--- --- --- --- --- --- Kann e sein, dass es am fehlenden SirvicePAck liegt _!!!!  |
|
06.02.2015, 10:35
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Ich würde ja mal mit dem keygen und Crack Scheiss aufhören..... Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\KbrokvVK
C:\Users\Admin\AppData\Roaming\rmi
C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe
C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip
C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll
C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll
C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe
W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe
W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll
W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe
W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi
W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe
W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip
W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Servicepack 1 als Offline Installer laden, installieren. Wenn das klappt die 265 FolgeUPdates laden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.02.2015, 13:25
| #11 |
| | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Grundsätzlich habe ich lange aufgehört. Aber anscheined gibt es noch alte Sünden... W:\DELL... könnte ich komplet löschen, da es alte Kopie eines Laptop ist, das nicht mehr existiert. Ich hätte nicht gedacht, dass das ein Problem sein kann. Gestern Abend vor deiner Antwort habe ich noch mal mit der Windows CD probiert und diesmal sah gut aus. Nur es war wenig Speicherplatz auf C. Ich konnte nicht genug bereinigen und deswegen dachte ich mir schnell mal die Partion vergrößern. Leider gab es Meldung über Fehlerhafte sektoren und die Vergrößerung wurde nicht zu Ende gemacht. Jetzt zeigt mit die Datenträgerverwaltug, dass C: 95GB groß ist und und im Expolrerfenster nur 70GB (alter Zustand). Fehlerüberprüfung sagt alles ok. Ich habe mir den Tool Seatools heruntergeladen uund er sagt auch alles ok. C: lässt sich aber nicht wieder verkleinern (wegen Fehler). Ist ComboFIX passend dafür? Wegen Update bin ich jetzt opimistisch. Nur was ist besser ertsmal Updaten oder Partion in Ordnung bringen? Herzlichen Dank für deine Hilfe und ich mache am WE weiter Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-02-2015 01
Ran by Admin at 2015-02-06 12:52:44 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: User & Admin)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\ProgramData\KbrokvVK
C:\Users\Admin\AppData\Roaming\rmi
C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe
C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip
C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll
C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll
C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe
W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe
W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll
W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe
W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi
W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe
W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip
W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar
Emptytemp:
*****************
C:\ProgramData\KbrokvVK => Moved successfully.
C:\Users\Admin\AppData\Roaming\rmi => Moved successfully.
C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe => Moved successfully.
"C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe" => File/Directory not found.
"C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll" => File/Directory not found.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip => Moved successfully.
C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll => Moved successfully.
C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll => Moved successfully.
C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll => Moved successfully.
W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll => Moved successfully.
W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe => Moved successfully.
W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi => Moved successfully.
W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe => Moved successfully.
W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip => Moved successfully.
W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar => Moved successfully.
EmptyTemp: => Removed 688.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog 12:53:25 ====
|
|
06.02.2015, 19:19
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Wenn fehlerhafte Sektoren angezeogt werden sollte man die mal reparieren, bzw mal die Platte prüfen. Fehler im Dateisystem beheben - so geht's - Anleitungen Zustand der Festplatte herausfinden - so gehts - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.02.2015, 23:29
| #13 |
| | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Das hatte ich schon vorher zwei mal ausprobiert - "Datenträger-Überprüfung – aus laufendem Betrieb" Jetzt habe ich es über die Eingabeaufforderung. Die Fehler werden nicht korregiert. CrystalDisk sagt "Aktuell schwebende Sektoren". Soweit ich mich reingelesen habe, wenn Chkdsk nicht hilft, bleibt nur neufromatieren als Alternative. Ist das richtig?  Ich tendiere schon zum Neuaufsetzen. VG Code:
ATTFilter 7952628 KB auf dem Datenträger verfügbar
4096 Bytes in jeder Zuordnungseinheit
18347519 Zuordnungseinheiten auf dem Datenträger insgesamt
1988157 Zuordnungseinheiten auf dem Datenträger verfügbar
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Chkdsk" />
<EventID Qualifiers="0">26212</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-02-06T01:31:32.000000000Z" />
<EventRecordID>97988</EventRecordID>
<Channel>Application</Channel>
<Computer>Silent</Computer>
<Security />
</System>
<EventData>
<Data>
Dateisystem auf \\?\Volume{8e613d86-29ed-11e0-b338-806e6f6e6963} wird überprüft.
Der Typ des Dateisystems ist NTFS.
WARNUNG! Der Parameter F wurde nicht angegeben.
CHKDSK wird im schreibgeschützten Modus ausgeführt.
CHKDSK überprüft Dateien (Phase 1 von 3)...
575488 Datensätze verarbeitet.
Dateiüberprüfung beendet.
316 große Datensätze verarbeitet.
0 ungültige Datensätze verarbeitet.
2 E/A-Datensätze verarbeitet.
59 Analysedatensätze verarbeitet.
CHKDSK überprüft Indizes (Phase 2 von 3)...
669174 Indexeinträge verarbeitet.
Indexüberprüfung beendet.
0 nicht indizierte Dateien überprüft.
0 nicht indizierte Dateien wiederhergestellt.
CHKDSK überprüft Sicherheitsbeschreibungen (Phase 3 von 3)...
575488 SDs/SIDs verarbeitet.
1502 nicht verwendete Indexeinträge aus Index $SII der Datei 0x9 werden aufgeräumt.
1502 nicht verwendete Indexeinträge aus Index $SDH der Datei 0x9 werden aufgeräumt.
1502 nicht verwendete Sicherheitsbeschreibungen werden aufgeräumt.
Überprüfung der Sicherheitsbeschreibungen beendet.
46844 Datendateien verarbeitet.
CHKDSK überprüft USN-Journal...
35412880 USN-Bytes verarbeitet.
Die Überprüfung von USN-Journal ist abgeschlossen.
Das Dateisystem wurde überprüft. Es wurden keine Probleme festgestellt.
73390076 KB Speicherplatz auf dem Datenträger insgesamt
64548204 KB in 399901 Dateien
174376 KB in 46845 Indizes
4 KB in fehlerhaften Sektoren
714864 KB vom System benutzt
65536 KB von der Protokolldatei belegt
7952628 KB auf dem Datenträger verfügbar
4096 Bytes in jeder Zuordnungseinheit
18347519 Zuordnungseinheiten auf dem Datenträger insgesamt
1988157 Zuordnungseinheiten auf dem Datenträger verfügbar
</Data>
<Binary>00C8080024D106004C6D0B0000000000BC0200003B0000000000000000000000</Binary>
</EventData>
</Event>
Code:
ATTFilter ----------------------------------------------------------------------------
CrystalDiskInfo 6.3.0 (C) 2008-2015 hiyohiyo
Crystal Dew World : hxxp://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 7 Ultimate [6.1 Build 7600] (x86)
Date : 2015/02/06 22:40:22
-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH10 Family 2 port Serial ATA Storage Controller 2 - 3A26 [ATA]
- ATA Channel 0 (0)
+ ATA Channel 1 (1)
- ST2000DL004 HD204UI ATA Device
+ Standard-Zweikanal-PCI-IDE-Controller [ATA]
+ ATA Channel 0 (0)
- SAMSUNG HD322GJ ATA Device
+ ATA Channel 1 (1)
- HL-DT-ST DVD-RAM GH22LS30 ATA Device
+ Intel(R) ICH10 Family 4 port Serial ATA Storage Controller 1 - 3A20 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Virtual CloneDrive [SCSI]
- ELBY CLONEDRIVE SCSI CdRom Device
-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD322GJ : 320,0 GB [0/2/0, pd1]
(2) ST2000DL004 HD204UI : 2000,3 GB [1/5/0, pd1] - st
----------------------------------------------------------------------------
(1) SAMSUNG HD322GJ
----------------------------------------------------------------------------
Model : SAMSUNG HD322GJ
Firmware : 1AR10001
Serial Number : S2BJJ90Z918796
Disk Size : 320,0 GB (8,4/137,4/320,0/320,0)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 625140335
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : ---- | SATA/300
Power On Hours : 16541 Std.
Power On Count : 4787 mal
Temperature : 34 C (93 F)
Health Status : Vorsicht
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 0000000001E9 Lesefehlerrate
02 _55 _55 __0 000000000AB8 Datendurchsatz-Leistung
03 _84 _75 _25 000000001373 Mittl. Anlaufzeit
04 _96 _96 __0 0000000012FF Start/Stopp-Zyklen d. Spindel
05 252 252 _10 000000000000 Anz. wiederzugewiesener Sektoren
07 252 252 _51 000000000000 Anz. Suchfehler
08 252 252 _15 000000000000 Güte der Suchoperationen
09 100 100 __0 00000000409D Betriebsstunden
0A 252 252 _51 000000000000 Anz. misslungener Spindelanläufe
0B 252 252 __0 000000000000 Anz. notwendiger Rekalibrierungen
0C _96 _96 __0 0000000012B3 Anz. Geräte-Einschaltvorgänge
BF _91 _91 __0 000000018066 G-Sensor-Fehlerrate
C0 252 252 __0 000000000000 Ausschaltungsabbrüche
C2 _64 _59 __0 0029000B0022 Temperatur
C3 100 100 __0 000000000000 Hardware-ECC wiederhergestellt
C4 252 252 __0 000000000000 Wiederzuweisungsereignisse
C5 100 100 __0 000000000001 Aktuell schwebende Sektoren
C6 252 252 __0 000000000000 Nicht korrigierbare Sektoren
C7 200 200 __0 000000000000 UltraDMA-CRC-Fehler
C8 100 100 __0 000000000936 Schreibfehlerrate
DF 252 252 __0 000000000000 Laden/Entladen-Wiederholungen
E1 100 100 __0 000000001317 Laden/Entladen-Zyklen
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 424A 4A39 305A 3931 3837 3936 2020 2020 2020
020: 0000 8000 0004 3141 5231 3030 3031 5341 4D53 554E
030: 4720 4844 3332 3247 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 207F 0018
090: 0018 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: E26F 2542 0000 0000 0000 0000 4000 0000 5002 4E92
110: 0350 AC93 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 C7A5
-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 E9 01 00 00 00 00 00 02 26
010: 00 37 37 B8 0A 00 00 00 00 00 03 23 00 54 4B 73
020: 13 00 00 00 00 00 04 32 00 60 60 FF 12 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 9D 40 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 60 60 B3
080: 12 00 00 00 00 00 BF 22 00 5B 5B 66 80 01 00 00
090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
0A0: 00 40 3B 22 00 0B 00 29 00 00 C3 3A 00 64 64 00
0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
0C0: 00 00 C5 32 00 64 64 01 00 00 00 00 00 00 C6 30
0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 C8 C8 00
0E0: 00 00 00 00 00 00 C8 2A 00 64 64 36 09 00 00 00
0F0: 00 00 DF 32 00 FC FC 00 00 00 00 00 00 00 E1 32
100: 00 64 64 17 13 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 B8 0B 00 5B
170: 03 00 01 00 02 32 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9F
-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B
----------------------------------------------------------------------------
(2) ST2000DL004 HD204UI
----------------------------------------------------------------------------
Model : ST2000DL004 HD204UI
Firmware : 1AQ10001
Serial Number : S2H7J90C507820
Disk Size : 2000,3 GB (8,4/137,4/2000,3/2000,3)
Buffer Size : 32767 KB
Queue Depth : 32
# of Sectors : 3907029168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : ---- | SATA/300
Power On Hours : 9877 Std.
Power On Count : 2609 mal
Temperature : 34 C (93 F)
Health Status : Gut
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000000 Lesefehlerrate
02 252 252 __0 000000000000 Datendurchsatz-Leistung
03 _67 _66 _25 000000002716 Mittl. Anlaufzeit
04 _84 _84 __0 000000004238 Start/Stopp-Zyklen d. Spindel
05 252 252 _10 000000000000 Anz. wiederzugewiesener Sektoren
07 252 252 _51 000000000000 Anz. Suchfehler
08 252 252 _15 000000000000 Güte der Suchoperationen
09 100 100 __0 000000002695 Betriebsstunden
0A 252 252 _51 000000000000 Anz. misslungener Spindelanläufe
0B 252 252 __0 000000000000 Anz. notwendiger Rekalibrierungen
0C _98 _98 __0 000000000A31 Anz. Geräte-Einschaltvorgänge
B5 100 100 __0 000000C21A4E Herstellerspezifisch
BF 100 100 __0 000000000022 G-Sensor-Fehlerrate
C0 252 252 __0 000000000000 Ausschaltungsabbrüche
C2 _64 _59 __0 0029000F0022 Temperatur
C3 100 100 __0 000000000000 Hardware-ECC wiederhergestellt
C4 252 252 __0 000000000000 Wiederzuweisungsereignisse
C5 252 252 __0 000000000000 Aktuell schwebende Sektoren
C6 252 252 __0 000000000000 Nicht korrigierbare Sektoren
C7 200 200 __0 000000000000 UltraDMA-CRC-Fehler
C8 100 100 __0 000000000000 Schreibfehlerrate
DF 252 252 __0 000000000000 Laden/Entladen-Wiederholungen
E1 _99 _99 __0 000000004240 Laden/Entladen-Zyklen
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 4837 4A39 3043 3530 3738 3230 2020 2020 2020
020: 0000 FFFF 0004 3141 5131 3030 3031 5354 3230 3030
030: 444C 3030 3420 4844 3230 3455 4920 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 207F 00A2
090: 00A2 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 88B0 E8E0 0000 0000 0000 0000 4000 0000 5000 4CF2
110: 0779 37AE 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 09A5
-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 00 00 00 00 00 00 00 02 26
010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 43 42 16
020: 27 00 00 00 00 00 04 32 00 54 54 38 42 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 95 26 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 62 62 31
080: 0A 00 00 00 00 00 B5 22 00 64 64 4E 1A C2 00 00
090: 00 00 BF 22 00 64 64 22 00 00 00 00 00 00 C0 22
0A0: 00 FC FC 00 00 00 00 00 00 00 C2 02 00 40 3B 22
0B0: 00 0F 00 29 00 00 C3 3A 00 64 64 00 00 00 00 00
0C0: 00 00 C4 32 00 FC FC 00 00 00 00 00 00 00 C5 32
0D0: 00 FC FC 00 00 00 00 00 00 00 C6 30 00 FC FC 00
0E0: 00 00 00 00 00 00 C7 36 00 C8 C8 00 00 00 00 00
0F0: 00 00 C8 2A 00 64 64 00 00 00 00 00 00 00 DF 32
100: 00 FC FC 00 00 00 00 00 00 00 E1 32 00 63 63 40
110: 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 FC 4E 00 5B
170: 03 00 01 00 02 FF 00 51 01 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75
-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 B5 00 00 00 00 00 00 00 00 00
090: 00 00 BF 00 00 00 00 00 00 00 00 00 00 00 C0 00
0A0: 00 00 00 00 00 00 00 00 00 00 C2 00 00 00 00 00
0B0: 00 00 00 00 00 00 C3 00 00 00 00 00 00 00 00 00
0C0: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0D0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0E0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0F0: 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 DF 00
100: 00 00 00 00 00 00 00 00 00 00 E1 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 86
|
|
07.02.2015, 12:45
| #14 | |
| /// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows UpdateZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.02.2015, 20:41
| #15 |
| | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Ja, ich habe auch daran gedacht.  Eine SSD werde ich der alten Kiste gönnen. Aber erstmal muss ich mir eine Gute aussuchen Ich bedanke mich vielmals.  Und wenn du willst kannst du das Thema abschließen. |
|
| Themen zu Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update |
| 8008005, administrator, code, fehler, fehlermeldung, funktioniert, gepostet, manuel, meldungen, nicht mehr, probleme, recovery, recovery cd, scan, screenshot, start, start von windows, system, trojanerboard, unbekannte, update, viren, virus, windows, windows 7, windows update, zurücksetzen |
Linear-Darstellung
